Dos Nuevas Vulnerabilidades que afectan a Linux
Posted: 23/9/10 by komz in Etiquetas: exploit, Integer Overflow Vulnerability, linux, Vulnerabilidades 1- Linux Kernel Rose Protocol 'srose_ndigis' Heap Memory Corruption Vulnerability
Linux Kernel is prone to a heap-based memory-corruption vulnerability because it fails to properly verify signedness of user-supplied values.
Local attackers can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploits can result in a denial-of-service
2- Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
The Linux kernel is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied input.
Local attackers can exploit this issue to run arbitrary code with elevated privileges. Failed exploit attempts may crash the affected kernel, denying service to legitimate users
Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.
fuente: securityfocus.com