Two vulnerabilities, a security issue, and a weakness have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service) and bypass certain security restrictions, or by malicious people to disclose certain sensitive information.
1) A memory leak in "/security/keys/request_key_auth.c" can potentially be exploited by non-privileged users to cause a DoS.
2) A memory leak exists in "/fs/namei.c" when the CONFIG_AUDITSYSCALL option is enabled. This can potentially be exploited by local users to cause a DoS via an excessive number of system calls.
3) The orinoco wireless driver fails to pad data packets with zeroes when the length needs to be increased. This may cause uninitialized data to be sent, potentially exposing random pieces of the system memory.
4) The "/sys/module/drm/parameters/debug" file is created with world-writable permission in sysfs. This may be exploited by non-privileged users to turn on drm debugging.
Solution: The vulnerabilities, security issue, and weakness have been fixed in version 2.6.14-rc4 and stable version 184.108.40.206.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Linux Kernel Potential Denial of Service and Information Disclosure
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.