最新linux内核漏洞

opbsder

24. Linux Kernel ALSA snd-page-alloc Local Proc File Information Disclosure Vulnerability
BugTraq ID: 25807
Remote: No
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/25807
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain portions of kernel memory. Information harvested may aid in further attacks.

Versions of the Linux kernel prior to 2.6.22.8 are vulnerable.

25. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
BugTraq ID: 23104
Remote: No
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/23104
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to cause the kernel to crash, effectively denying service to legitimate users. Attackers may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.

This issue affects the Linux kernel 2.6 series.

26. Linux Kernel Bluetooth CAPI Packet Remote Buffer Overflow Vulnerability
BugTraq ID: 21604
Remote: Yes
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/21604
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability because the kernel fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

27 Linux Kernel Sbus PROM Driver Multiple Integer Overflow Vulnerabilities
BugTraq ID: 10632
Remote: No
Last Updated: 2008-02-25
Relevant URL: http://www.securityfocus.com/bid/10632
Summary:
The OpenPROM Linux kernel driver contains multiple integer-overflow vulnerabilities.

Two vulnerabilities reside in the OpenPROM driver; both involve overflowing an integer value. These values are used to allocate kernel memory and then to copy data into the kernel. Attackers could exploit this to overwrite large amounts of kernel memory.

Exploits could crash the system or possibly execute code in the context of the kernel.

NOTE: Some versions of the Linux kernel are vulnerable to both overflows; other versions are prone to only one. Kernel version 2.6.6 does not appear to be vulnerable.