---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Linux Kernel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA14585 VERIFY ADVISORY: http://secunia.com/advisories/14585/ CRITICAL: Moderately critical IMPACT: Unknown, DoS, System access WHERE: >From remote OPERATING SYSTEM: Linux Kernel 2.6.x http://secunia.com/product/2719/ DESCRIPTION: Some vulnerabilities have been reported in the Linux kernel. One has an unknown impact, and the others can be exploited to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) An error exists in ROSE due to missing verification of the ndigis argument of new routes. 2) Any user with permissions to access a SCSI tape device can send some commands, which may cause it to become unusable for other users. 3) Some unspecified errors have been reported in the ISO9660 filesystem handler including Rock Ridge and Juliet extensions. These can be exploited via a specially crafted filesystem to cause a DoS or potentially corrupt memory leading to execution of arbitrary code. SOLUTION: The vulnerabilities have been fixed in version 2.6.12-rc1. PROVIDED AND/OR DISCOVERED BY: 3) Michal Zalewski ORIGINAL ADVISORY: Kernel.org: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------