---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Linux Kernel Denial of Service and IPsec Policy Bypass SECUNIA ADVISORY ID: SA16494 VERIFY ADVISORY: http://secunia.com/advisories/16494/ CRITICAL: Less critical IMPACT: Security Bypass, DoS WHERE: Local system REVISION: 1.1 originally posted 2005-08-25 OPERATING SYSTEM: Linux Kernel 2.6.x http://secunia.com/product/2719/ DESCRIPTION: Two vulnerabilities have been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or bypass certain security restrictions. 1) The "setsockopt()" function is not restricted to privileged users with the "CAP_NET_ADMIN" capability. This can be exploited to bypass IPsec policies or set invalid policies to exploit other vulnerabilities or exhaust available kernel memory. 2) An error in the "syscall32_setup_pages()" function on 64-bit x86 platforms can be exploited to cause a memory leak by executing a malicious 32-bit application with specially crafted ELF headers. SOLUTION: 1) The vulnerability has been fixed in version 2.6.13-rc7. 2) The vulnerability has been fixed in version 2.6.13-rc4. PROVIDED AND/OR DISCOVERED BY: 1) Herbert Xu 2) Suresh Siddha CHANGELOG: 2005-08-25: Added information about additional vulnerability. ORIGINAL ADVISORY: Kernel.org: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.13-rc7 http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.13-rc4 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------