Linux Kernel Flaws Uncovered

Security researchers are warning of potentially serious vulnerabilities in the Linux kernel that could allow malicious hackers to gain full super-user privileges.

The vulnerability affects the 2.6.x branch prior to version 2.6.3 and the Linux kernel memory management code.

Experts note that the latest bug is unrelated to a previous vulnerability in the same internal kernel function code.

Users are urged to update to version 2.6.3 at the Linux Kernel Archives.

According to an advisory issued by Secunia, a boundary error in the “ncp_lookup()” function causes the privilege escalation flaw.

“This can be exploited to cause a stack overflow and may allow execution of arbitrary code with escalated privileges,” the Copenhagen-based research firm warned.

The bug could also cause denial-of-service attacks on the available system memory. Linux distributors SuSE, Red Hat have issued updates to correct the flaw.

Secunia also issued a separate advisory for another hole in the Linux kernel, which can be exploited by malicious, local users to cause denial-of-service issues. The vulnerability was found in the Vicam USB driver and could be exploited to violate security boundaries in the kernel. Linux versions prior to 2.4.25 are affected.

News Around the Web