Sunday, February 14, 2010

10 Security Issues found in the Linux Kernel

10 security issues are important (see below for details) found in the Linux kernel packages by various hackers. Therefore, it is strongly recommended to update your system as soon as possible!
The following Linux kernel vulnerability found:

1. The ext4 filesystem HFS and fails to examine the various structures of the disk. Therefore, an attacker can trick a user to mount the filesystem that is designed specifically and can cause the affected system crash or get a root (system administrator). The problem was discovered by Amerigo Wang and Eric Sesterhenn and affect all the Ubuntu system.

2. FUSE (Filesystem in userspace) failed to examine the various requests. Because of this, a local attacker who has access to the accident could FUSE mount an affected system or gain root (system administrator). The problem only affects Ubuntu 6.06 LTS, LTS 8:04, 8.10 and 9.04 systems.

3. KVM fails to decode a variety of guest instructions. This can lead to DoS attacks and accidents of the affected system, by triggering the "damage" in the host. The problem only affects Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10.

4. Firewire OHCI driver failed to handle the various ioctls. Because of this, local attackers could get hit by accident root (system administrator) privileges. The problem only affects Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10 systems.

5. Linux kernel fails to handle O_ASYNC in locked files. Because of this, a local attacker can gain root (system administrator) privileges. Problems discovered by Tavis Ormandy and only affects Ubuntu 9.04 and 9.10 systems.

6. The e1000e and e1000 network drivers for the Eee PC failed to check the Ethernet frames' sizes. Because of this, a local attacker on the LAN can hit or get a root by sending a specially designed traffic. This problem was discovered by Neil hormones and Eugene Teo, and affects all Ubuntu systems.

7th. Random kernel memory contents can be shown through the "print-fatal-signals" reporting. This could lead to a loss of privacy. The problem only affects Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10 systems.

8. IPv6 fails to handle the jumbo frames. This can lead to DoS attacks. The problem was discovered by Olli Järva, and Tuomo Untinen, and only affects Ubuntu 9.04, and 9.10 systems.

9. Netfilter rules of bridge can be modified by ordinary users. This can cause DoS attacks, by the fault of network traffic. This problem was discovered by Florian Westphal and affects all Ubuntu systems.

10. Linux kernel memory can be leaked by various mremap operations. This can cause DoS attacks, by consuming all available memory. This problem was discovered by Al VIRO and affects all Ubuntu systems.

Read More