Establishing Digital Trust: Don't Sacrifice Security for Convenience
The two issues may affect all Linux Kernel versions prior to the patched 220.127.116.11, which was released late last week. The 2.6.13 kernel was released just two weeks ago.
Neither of the vulnerabilities are reported to be remotely exploitable, but could be exploited by a local attack to trigger a Denial-of-Service attack or possibly disclose sensitive information.
CAN-2005-2492 is titled, ''raw_sendmsg DoS'' and could potentially lead to a memory read. According to the change log for 2.6.13, ''The result of the read is not returned directly but you may be able to divine some information about it, or use the read to cause a crash on some architectures by reading.''https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i CAN-2005-2490 is titled, ''32bit sendmsg() flaw'' which could allow for a local attacker to gain root privileges and execute arbitrary commands with those privileges.
Prior to the 2.6.13 release, the 2.6.12 release in June was in Junewas also plagued by a critical flaws that were fixed just days after the release.
This article was first published on internetnews.com.