User: Password:
|
|
Subscribe / Log in / New account

rPath alert rPSA-2006-0130-1 (kernel)

From:  "Justin M. Forbes" <jmforbes@rpath.com>
To:  security-announce@lists.rpath.com, update-announce@lists.rpath.com
Subject:  rPSA-2006-0130-1 kernel
Date:  Mon, 17 Jul 2006 10:39:59 -0400
Cc:  full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net

rPath Security Advisory: 2006-0130-1 Published: 2006-07-17 Products: rPath Linux 1 Rating: Critical Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: kernel=/conary.rpath.com@rpl:devel//1/2.6.16.26-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... https://issues.rpath.com/browse/RPL-510 https://issues.rpath.com/browse/RPL-507 Description: In previous versions of the kernel package, a local root privilege escalation and a separate denial of service vulnerability are known to exist. The local root privilege escalation allows any local user to use the /proc/self/environ file to reliably subvert the root user. The local root privilege escalation has a known and publically available exploit in current active use. The denial of service applies if the ftdi_sio module that drives a usb-serial hardware device is loaded, in which case any user allowed to access the device can consume all the memory on the system by producing data faster than the device can consume it, either as an intentional attack or unintentionally, leading to a denial of service. A system reboot is required to resolve these vulnerabilities. rPath recommends that you update your systems immediately.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds