Main Menu

VIP Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » Linux Kernel Multiple Privilege Escalation and Memory Corruption Vulnerabilities

 

Release Date: 02/05/2008 Severity: Less Critical Less Critical
SecWatch Advisory: SWID1021084 Cause: Boundary error
Solution Status: Vendor Patch Impact: Denial of service
Privilege escalation
Exploit Status: None Available Access Vector: From local system
 
Affected OS's: Linux Kernel 2.6.x
 
Original Advisory: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1
References: FrSIRT/ADV-2008-1406
CVE: CVE-2008-1375 CVE-2008-1675
Secunia: SA30044
Bugtraq ID: BID#29014

 

Summary:

A version of the UNIX operating system initially developed by Linus Torvalds in 1991.

 

Description:

Multiple vulnerabilities in the Linux kernel have been reported, which can be exploited by local users to trigger denial of service conditions or to potentially gain escalated privileges.

1) A race condition error exists in the "dnotify" subsystem between the "fcntl()" and "close()" calls, which can be exploited to crash the system or send signals to arbitrary processes and gain elevated (root) privileges.

2) Boundary errors exist when processing crafted "BDX_OP_WRITE" IOCTL calls in the "bdx_ioctl_priv()" function within the Tehuti Network Driver (drivers/net/tehuti.c), which can be exploited to corrupt kernel memory.

 

Affected:

Linux Kernel versions prior to 2.6.25.1.

 

Solution:

The vulnerabilities have been fixed in version 2.6.25.1.

 

Credits:

Reported by vendor.

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.

 

Related Vulnerabilities and Exploits

27 May 08: Linux Kernel Unspecified Vulnerability

15 May 08: Linux Kernel Multiple Remote Denial of Service Vulnerabilities

13 Jan 08: Linux Kernel <=2.6.21.1 IPv6 Jumbo Bug Remote D.. (ipv6_jumbo_crash.c)

19 Dec 07: Linux Kernel < 2.6.11.5 BLUETOOTH Stack Loc.. (backdoored-bluetooth.c)

19 Nov 07: Linux Kernel "wait_task_stopped()" and "tcp_write_queue_head()" R..

[more ...]