Modernizing Authentication — What It Takes to Transform Secure Access
The two issues may affect all Linux Kernel versions prior to the patched 184.108.40.206, which was released late last week. The 2.6.13 kernel was released just two weeks ago.
Neither of the vulnerabilities are reported to be remotely exploitable, but could be exploited by a local attack to trigger a Denial-of-Service attack or possibly disclose sensitive information.
CAN-2005-2492 is titled, ''raw_sendmsg DoS'' and could potentially lead to a memory read. According to the change log for 2.6.13, ''The result of the read is not returned directly but you may be able to divine some information about it, or use the read to cause a crash on some architectures by reading.''
Prior to the 2.6.13 release, the 2.6.12 release in June was in Junewas also plagued by a critical flaws that were fixed just days after the release.
This article was first published on internetnews.com.