RealTime IT News

Linux Kernel Flaws Uncovered

Security researchers are warning of potentially serious vulnerabilities in the Linux kernel that could allow malicious hackers to gain full super-user privileges.

The vulnerability affects the 2.6.x branch prior to version 2.6.3 and the Linux kernel memory management code.

Experts note that the latest bug is unrelated to a previous vulnerability in the same internal kernel function code.

Users are urged to update to version 2.6.3 at the Linux Kernel Archives.

According to an advisory issued by Secunia, a boundary error in the "ncp_lookup()" function causes the privilege escalation flaw.

"This can be exploited to cause a stack overflow and may allow execution of arbitrary code with escalated privileges," the Copenhagen-based research firm warned.

The bug could also cause denial-of-service attacks on the available system memory. Linux distributors SuSE, Red Hat have issued updates to correct the flaw.

Secunia also issued a separate advisory for another hole in the Linux kernel, which can be exploited by malicious, local users to cause denial-of-service issues. The vulnerability was found in the Vicam USB driver and could be exploited to violate security boundaries in the kernel. Linux versions prior to 2.4.25 are affected.