l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2004 Jan 08 08:37

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] Linux kernel vulnerability
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Linux kernel vulnerability

Just an update on the kernel vulnerablility Bill brought up last night.
I couldn't remember the exact details, and wasn't sure how far back it
went. Looks like it dates back to Dec 99, and affects all 2.4.x and
2.6.x kernels (2.4.0 was released Jan 01) 2.2.x has been confirmed to
not be affected, but looking at the dates, I'd assume if you happen to
be running a late 2.3.x kernel (not likely, but you never know) you will
be vulnerable.

Here's the text from the DSA (Debian Security Announcement):
"Paul Starzetz discovered a flaw in bounds checking in mremap() in the
Linux kernel (present in version 2.4.x and 2.6.x) which may allow a
local attacker to gain root privileges."

Also, it seems to have been a busy 2 days for security bugs. There were
7 DSA's issued Monday, and another 4 on Tues. (compared to 6 total for
Nov., and 3 in Dec.). Here's just the brief synopsis of these, avaliable
at http://security.debian.org for those of you who are interested (and,
for those of you running other distros, none of these are debian
specific bugs)

[06 Jan 2004] DSA-416 fsp
    buffer overflow, directory traversal
[06 Jan 2004] DSA-415 zebra
    denial of service
[06 Jan 2004] DSA-414 jabber
    denial of service
[06 Jan 2004] DSA-413 linux-kernel-2.4.18
    missing boundary check
[05 Jan 2004] DSA-412 nd
    buffer overflows
[05 Jan 2004] DSA-411 mpg321
    format string vulnerability
[05 Jan 2004] DSA-410 libnids
    buffer overflow
[05 Jan 2004] DSA-409 bind
    denial of service
[05 Jan 2004] DSA-408 screen
    integer overflow
[05 Jan 2004] DSA-407 ethereal
    buffer overflows
[05 Jan 2004] DSA-406 lftp
    buffer overflow 
vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!