Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
1) A NULL pointer dereference error when reading a DNS resolver key instantiated with an error indication can be exploited to crash the kernel.
2) The "__nfs4_proc_set_acl()" function in fs/nfs/nfs4proc.c incorrectly uses slab memory, which can be exploited to trigger a sanity check when trying to free the memory in subsequent functions via e.g. a setacl operation exceeding a page of data.
3) An error within the "br_multicast_add_group()" function in net/bridge/br_multicast.c can be exploited to corrupt a list, which can lead to e.g. a memory corruption by sending certain IGMP packets.
Successful exploitation of this vulnerability requires that the kernel is compiled with the "BRIDGE_IGMP_SNOOPING" option.
Solution: Update to version 2.6.38.
Provided and/or discovered by: Disclosed in a GIT commit.
Original Advisory: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=1362fa078dae16776cd439791c6605b224ea6171
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Linux Kernel Denial of Service Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.