---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Linux Kernel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA14713 VERIFY ADVISORY: http://secunia.com/advisories/14713/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Linux Kernel 2.4.x http://secunia.com/product/763/ Linux Kernel 2.6.x http://secunia.com/product/2719/ DESCRIPTION: Multiple vulnerabilities have been reported in the Linux kernel, which can be exploited to disclose information, cause a DoS (Denial of Service), gain escalated privileges, or potentially compromise a vulnerable system. 1) Some unspecified errors have been reported in the ISO9660 filesystem handler including Rock Ridge and Juliet extensions. These can be exploited via a specially crafted filesystem to cause a DoS or potentially corrupt memory leading to execution of arbitrary code. 2) A signedness error in the "bluez_sock_create()" function when creating bluetooth sockets can potentially be exploited to gain root privileges on a vulnerable system. 3) An information leak exists in ext2 when creating new directories and may disclose kernel memory. 4) An error in load_elf_library can be exploited to cause a DoS. SOLUTION: Update to version 2.6.11.6. http://kernel.org/ The vulnerabilities have also been fixed in version 2.4.30-rc2. PROVIDED AND/OR DISCOVERED BY: 1) Michal Zalewski 2) Ilja van Sprundel 3) Mathieu Lafon 4) Yichen Xie ORIGINAL ADVISORY: Kernel.org: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6 http://kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.30.log ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------