Secunia

Multiple vulnerabilities have been reported in the Linux kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose sensitive information, or gain escalated privileges on a vulnerable system.

1) A signedness error in the "poolsize_strategy()" function of the random poolsize sysctl handler (drivers/char/random.c) can potentially be exploited to cause a buffer overflow when copying data from user space into kernel space.

Successful exploitation may crash the system or allow execution of arbitrary code with escalated privileges. However, exploitation requires UID 0, but not root capabilities.

The vulnerability is reported in the 2.4 and 2.6 kernel branches.

2) Boundary errors in various functions of the MOXA serial driver (drivers/char/moxa.c) can be exploited to cause buffer overflows when copying data from user space into a kernel space buffer.

Successful exploitation may allow execution of arbitrary code with escalated privileges.

The vulnerabilities are reported in the 2.2, 2.4, and 2.6 kernel branches.

3) An unprivileged process can reportedly bypass the RLIMIT_MEMLOCK soft resource limit and lock more memory than permitted via the "mlockall()" system call.

The vulnerability is reported in versions 2.6.9 and 2.6.10.

Solution
Vulnerability #2 is fixed in version 2.4.36.5 and 2.6.22.
Further details available in Customer Area

Provided and/or discovered by
1, 2) Brad Spengler
3) PaX Team

Changelog
Further details available in Customer Area

Original Advisory
http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.21-git10.log
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.5

Deep Links
Links available in Customer Area