HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - February 14, 2008

by Marianna Schmudlach / February 13, 2008 11:55 PM PST

FreeBSD update for ipsec

Secunia Advisory: SA28979
Release Date: 2008-02-14


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: FreeBSD 5.x

Description:
FreeBSD has issued an update for ipsec. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Update FreeBSD or apply patch.

Fixed versions:
2008-02-14 11:49:39 UTC (RELENG_5, 5.5-STABLE)
2008-02-14 11:50:28 UTC (RELENG_5_5, 5.5-RELEASE-p19)

Patch for FreeBSD 5.5:
http://security.FreeBSD.org/patches/SA-08:04/ipsec.patch
http://security.FreeBSD.org/patches/SA-08:04/ipsec.patch.asc

Original Advisory:
http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc

Other References:
SA28788:
http://secunia.com/advisories/28788/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - February 14, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - February 14, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fortinet FortiClient Privilege Escalation Vulnerability
by Marianna Schmudlach / February 13, 2008 11:56 PM PST

Secunia Advisory: SA28975
Release Date: 2008-02-14


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


Software: Fortinet FortiClient 3.x

Description:
Ruben Santamarta has reported a vulnerability in Fortinet FortiClient, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an error in the fortimon.sys filter driver and can be exploited to execute arbitrary code with kernel privileges via a specially crafted request to the device driver.

The vulnerability affects versions 3.0 MR5 Patch3 and prior.

Solution:
Update to version 3.0 MR5 Patch 4 or version 3.0 MR6.

Provided and/or discovered by:
Ruben Santamarta, Reverse Mode

Original Advisory:
Fortinet:
http://kc.forticare.com/default.asp?id=3618

Reverse Mode:
http://www.reversemode.com/index.php?...p;action=view&id=47&Itemid=15

Collapse -
Ubuntu update for kernel
by Marianna Schmudlach / February 13, 2008 11:58 PM PST

Secunia Advisory: SA28971
Release Date: 2008-02-14


Critical:
Less critical
Impact: Unknown
Security Bypass
Manipulation of data
Exposure of sensitive information
DoS

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06

Description:
Ubuntu has issued an update for the kernel. This fixes a security issue and some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and corrupt a file system, and by malicious people to cause a DoS.

Solution:
Apply updated packages.

Original Advisory:
https://lists.ubuntu.com/archives/ubu...ty-announce/2008-February/000665.html

Other References:
SA27664:
http://secunia.com/advisories/27664/

SA27842:
http://secunia.com/advisories/27842/

SA27908:
http://secunia.com/advisories/27908/

SA28485:
http://secunia.com/advisories/28485/

SA28654:
http://secunia.com/advisories/28654/

Collapse -
JSPWiki Multiple Vulnerabilities
by Marianna Schmudlach / February 13, 2008 11:59 PM PST

Secunia Advisory: SA28969
Release Date: 2008-02-14


Critical:
Moderately critical
Impact: Cross Site Scripting
Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


Software: JSPWiki 2.x

Description:
Moshe BA has discovered some vulnerabilities in JSPWiki, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose potentially sensitive information, and by malicious users to potentially compromise a vulnerable system.

1) Input passed to the "editor" parameter in Edit.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed to the "editor" parameter in Edit.jsp is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

NOTE: The vulnerability can potentially be exploited by a malicious user to execute arbitrary script code by uploading a malicious attachment.

The vulnerabilities are confirmed in version 2.4.104. Other versions prior to 2.6.1 may also be affected.

Solution:
Update to version 2.6.1.

Provided and/or discovered by:
Moshe BA, BugSec LTD.

Original Advisory:
http://www.bugsec.com/articles.php?Security=48&Web-Application-Firewall=0

Collapse -
HP-UX update for Apache
by Marianna Schmudlach / February 14, 2008 12:01 AM PST

Secunia Advisory: SA28965
Release Date: 2008-02-14


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


OS: HP-UX 11.x

Description:
HP-UX has issued an update for Apache. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

NOTE: The original advisory from the vendor was issued as a remote code execution vulnerability, which is believed to be incorrect based on the referenced CVE identifier.

Solution:
Apply patches or update to the latest version.

Original Advisory:
HPSBUX02313 SSRT080015:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01364714

Other References:
SA28081:
http://secunia.com/advisories/28081/

Collapse -
Fedora update for glib2
by Marianna Schmudlach / February 14, 2008 12:02 AM PST

Secunia Advisory: SA28960
Release Date: 2008-02-14


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 8

Description:
Fedora has released an update for glib2. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

Solution:
Apply updated packages via the yum utility ("yum update glib2").

Original Advisory:
https://www.redhat.com/archives/fedor...-announce/2008-February/msg00371.html

Other References:
SA28923:
http://secunia.com/advisories/28923/

Collapse -
Gentoo update for pulseaudio
by Marianna Schmudlach / February 14, 2008 12:03 AM PST

Secunia Advisory: SA28952
Release Date: 2008-02-14


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x


Description:
Gentoo has issued an update for pulseaudio. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the pulseaudio daemon failing to check whether it has successfully dropped its privileges via "setuid()". This can potentially be exploited to launch the daemon with root privileges, which may allow the user to perform certain actions as the root user.

Solution:
Update to "media-sound/pulseaudio-0.9.9" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200802-07.xml

Other References:
SA28623:
http://secunia.com/advisories/28623/

Collapse -
OpenCA Cross-Site Request Forgery Vulnerability
by Marianna Schmudlach / February 14, 2008 12:05 AM PST

Secunia Advisory: SA28951
Release Date: 2008-02-14


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: OpenCA 0.x

Description:
Alexander Klink has reported a vulnerability in OpenCA, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. issue arbitrary certificates by enticing an administrative user to visit a malicious web site.

The vulnerability is reported in version 0.9.2.5. Other versions may also be affected.

Solution:
Do not browse untrusted sites or follow untrusted links while being logged on to the application.

Provided and/or discovered by:
Alexander Klink, Cynops GmbH

Original Advisory:
https://www.cynops.de/advisories/CVE-2008-0556.txt

Collapse -
Avaya CMS Sun Solaris X Window System and X Server Vulnerabi
by Marianna Schmudlach / February 14, 2008 12:07 AM PST

Secunia Advisory: SA28941
Release Date: 2008-02-14


Critical:
Less critical
Impact: Privilege escalation
DoS

Where: Local system

Solution Status: Unpatched


OS: Avaya Call Management System (CMS)

Description:
Avaya has acknowledged some vulnerabilities in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to gain escalated privileges.

The vulnerability affects Avaya CMS R12, R13/R13.1, and R14.

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm
http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm

Other References:
SA28550:
http://secunia.com/advisories/28550/

Collapse -
Cisco Unified IP Phone Multiple Vulnerabilities
by Marianna Schmudlach / February 14, 2008 12:08 AM PST

Secunia Advisory: SA28935
Release Date: 2008-02-14


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Cisco Unified IP Phones 7900 Series



Software: Cisco IP Phone 7940
Cisco IP Phones 7960

Description:
Some vulnerabilities have been reported in Cisco Unified IP Phone models, which can be exploited by malicious users to compromise a vulnerable device or by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable device.

1) A boundary error within the internal SSH server can be exploited to cause a buffer overflow via a specially crafted packet sent to default port 22/TCP.

2) A boundary error in the parsing of DNS responses can be exploited to cause a buffer overflow.

3) A boundary error in the handling of MIME encoded data can be exploited to cause a buffer overflow via a specially crafted SIP message.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

4) A boundary error within the internal telnet server can be exploited to cause a buffer overflow via a specially crafted command.

Successful exploitation may allow execution of arbitrary code but requires that the telnet server is enabled (not enabled by default).

5) A boundary error in the handling of challenge/response messages from an SIP proxy can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code but requires e.g. control of a SIP proxy.

6) An error in the handling of ICMP echo request packets can be exploited to cause a device to reboot via an overly large ICMP echo request packet.

7) An error within the internal HTTP server when handling HTTP requests can be exploited to cause the device to reboot via a specially crafted HTTP request.

The vulnerabilities affect one or more of the following devices running SCCP and SIP firmwares (please see the vendor's advisory for more information):

Cisco Unified IP Phone devices running SCCP firmware:
* 7906G
* 7911G
* 7935
* 7936
* 7940
* 7940G
* 7941G
* 7960
* 7960G
* 7961G
* 7970G
* 7971G

Cisco Unified IP Phone devices running SIP firmware:
* 7940
* 7940G
* 7960
* 7960G

Solution:
Update to the latest firmware versions (see vendor's advisory for details).

Provided and/or discovered by:
1) Reported by the vendor
2-5) Jon Griffin and Mustaque Ahamad, School of Computer Science, Georgia Institute of Technology
6) Reported by a Cisco customer
7) Sven Weizenegger, T-Systems

Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20080213-phone.shtml

Collapse -
Update your IP phones!
by Marianna Schmudlach / February 14, 2008 12:42 AM PST

Cisco has released a couple of security advisories covering vulnerabilities in their IP Phones and the Unified Communications Manager (UCM):

Cisco IP Phones present multiple and serious overflows and DoS vulnerabilities. It is time to update your VoIP phones! This issues affect phones using Skinny (SCCP) or/and SIP. The vulnerabilities affect several phone components, and the first four are specially relevant:
DNS (CVE-2008-0530): Malicious DNS responses may trigger a buffer overflow and execute arbitrary code on a vulnerable phone.
SSH ( CVE-2004-2486, old CVE): Buffer overflow on the phone SSH server that may allow remote code execution with system privileges.
SIP (CVE-2008-0528): Buffer overflow when handling MIME on SIP messages that may allow remote code execution.
SIP (CVE-2008-0531): Heap overflow when handling SIP challenge and response messages with the SIP proxy that may allow remote code execution.
ICMP (CVE-2008-0526): DoS due to large ICMP echo request packets (another ping of death!).
HTTP (CVE-2008-0527): DoS due to specially crafted HTTP requests to the phone HTTP server.
Telnet (CVE-2008-0529): Buffer overflow may allow privilege escalation.

More: http://isc.sans.org/

Collapse -
Cisco Unified Communications Manager "key" SQL Injection
by Marianna Schmudlach / February 14, 2008 12:10 AM PST

Secunia Advisory: SA28932
Release Date: 2008-02-14


Critical:
Less critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: Cisco Unified Communications Manager 5.x
Cisco Unified Communications Manager 6.x



Description:
A vulnerability has been reported in Cisco Unified Communications Manager, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to the "key" parameter is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in 5.0/5.1 versions prior to 5.1(3a), and 6.0/6.1 versions prior to 6.1(1a).

Solution:
Apply updated packages.

Cisco Unified Communications Manager 5.0/5.1:
Update to version 5.1(3a).
http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-51?psrtdcat20e2

Cisco Unified Communications Manager 6.0/6.1:
Update to version 6.1(1a).
http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-61?psrtdcat20e2

Provided and/or discovered by:
The vendor credits Nico Leidecker and Tracey Parry of Portcullis Computer Security Limited.

Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20080213-cucmsql.shtml

Collapse -
iTheora "url" Disclosure of Sensitive Information
by Marianna Schmudlach / February 14, 2008 12:12 AM PST

Secunia Advisory: SA28929
Release Date: 2008-02-14


Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: iTheora 1.x

Description:
A vulnerability has been reported in iTheora, which can be exploited by malicious people to disclose potentially sensitive information.

Input passed to the "url" parameter in lib/download.php is not properly verified before being used to read files. This can be exploited to download arbitrary local files via directory traversal attacks.

The vulnerability is reported in version 1.0rc1. Prior versions may also be affected.

Solution:
Update to version 1.0rc2.

Provided and/or discovered by:
Ysangkok

Original Advisory:
http://en.wikipedia.org/wiki/Talk:Itheora

Collapse -
FreeBSD "sendfile" Information Disclosure Security Issue
by Marianna Schmudlach / February 14, 2008 12:13 AM PST

Secunia Advisory: SA28928
Release Date: 2008-02-14


Critical:
Not critical
Impact: Exposure of sensitive information

Where: Local system

Solution Status: Vendor Patch


OS: FreeBSD 5.x
FreeBSD 6.x

Description:
A security issue has been reported in FreeBSD, which potentially can be exploited by malicious, local users to disclose sensitive information.

The problem is that the "sendfile" system call does not check the file descriptor access flags before sending data from a file. This can be exploited to e.g. open a write-only file and send the data even if a user has no read access.

Successful exploitation requires that the target file is write-only.

Solution:
Update FreeBSD or apply patches.

2008-02-14 11:45:00 UTC (RELENG_7, 7.0-PRERELEASE)
2008-02-14 11:45:41 UTC (RELENG_7_0, 7.0-RELEASE)
2008-02-14 11:46:08 UTC (RELENG_6, 6.3-STABLE)
2008-02-14 11:46:41 UTC (RELENG_6_3, 6.3-RELEASE-p1)
2008-02-14 11:47:06 UTC (RELENG_6_2, 6.2-RELEASE-p11)
2008-02-14 11:47:39 UTC (RELENG_6_1, 6.1-RELEASE-p23)
2008-02-14 11:49:39 UTC (RELENG_5, 5.5-STABLE)
2008-02-14 11:50:28 UTC (RELENG_5_5, 5.5-RELEASE-p19)

-- Patches --

FreeBSD 6.2, 6.3, and 7.0:
http://security.FreeBSD.org/patches/SA-08:03/sendfile.patch
http://security.FreeBSD.org/patches/SA-08:03/sendfile.patch.asc

FreeBSD 6.1:
http://security.FreeBSD.org/patches/SA-08:03/sendfile61.patch
http://security.FreeBSD.org/patches/SA-08:03/sendfile61.patch.asc

FreeBSD 5.5:
http://security.FreeBSD.org/patches/SA-08:03/sendfile55.patch
http://security.FreeBSD.org/patches/SA-08:03/sendfile55.patch.asc

Provided and/or discovered by:
Kostik Belousov

Original Advisory:
http://security.freebsd.org/advisories/FreeBSD-SA-08:03.sendfile.asc

Collapse -
PCRE Character Class Buffer Overflow
by Marianna Schmudlach / February 14, 2008 12:15 AM PST

Secunia Advisory: SA28923
Release Date: 2008-02-14


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: PCRE 7.x

Description:
A vulnerability has been reported in PCRE, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

The vulnerability is caused due to a boundary error when processing character classes and can be exploited to cause a buffer overflow via an overly long character class with codepoints greater than 255.

The vulnerability is reported in versions prior to 7.6.

Solution:
Update to version 7.6.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://pcre.org/changelog.txt

Collapse -
Drupal Header Image Module Security Bypass Vulnerability
by Marianna Schmudlach / February 14, 2008 12:17 AM PST

Secunia Advisory: SA28876
Release Date: 2008-02-14


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Drupal Header Image Module 5.x



Description:
A vulnerability has been reported in the Header Image module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is cause due to an unspecified error and can be exploited to gain access to the module's administration pages.

The vulnerability is reported in versions prior to 5.x-1.1.

Solution:
Update to version 5.x-1.1.
http://drupal.org/node/203444

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://drupal.org/node/221359

Collapse -
rPath update for SDL_image
by Marianna Schmudlach / February 14, 2008 12:18 AM PST

Secunia Advisory: SA28869
Release Date: 2008-02-14


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for SDL_image. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

Solution:
Update to "SDL_image=conary.rpath.com@rpl:1/1.2.4-3.2-1".

Original Advisory:
http://lists.rpath.com/pipermail/security-announce/2008-February/000317.html

Other References:
SA28640:
http://secunia.com/advisories/28640/

Collapse -
rPath update for boost
by Marianna Schmudlach / February 14, 2008 12:20 AM PST

Secunia Advisory: SA28860
Release Date: 2008-02-14


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for boost. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Update to:
boost=conary.rpath.com@rpl:1/1.33.1-1.1-1

Original Advisory:
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0063

Other References:
SA28511:
http://secunia.com/advisories/28511/

Collapse -
PHParanoid Cross-Site Request Forgery and Security Bypass
by Marianna Schmudlach / February 14, 2008 12:22 AM PST

Secunia Advisory: SA28847
Release Date: 2008-02-14


Critical:
Moderately critical
Impact: Unknown
Security Bypass
Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: PHParanoid 0.x

Description:
Some vulnerabilities have been reported in PHParanoid, which can be exploited by malicious people to conduct cross-site request forgery attacks and to bypass certain security restrictions.

1) Some vulnerabilities are caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. No further information is currently available.

2) The members area does not properly restrict access to logged-in users. No further information is currently available.

The vulnerabilities are reported in versions prior to 0.5.

Solution:
Update to version 0.5.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=575358
http://sourceforge.net/project/shownotes.php?release_id=575374

Collapse -
Vulnerability in OLE Automation Allows Code Execution
by Marianna Schmudlach / February 14, 2008 12:51 AM PST

Summary
This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE) Automation. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This is a critical security update for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, Microsoft Office 2004 for Mac, and Visual Basic 6. For other affected editions of Windows, this update is rated moderate. For more information, see the subsection, Affected and Non-Affected Software, in this section.

Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx


http://www.securiteam.com/windowsntfocus/5DP0B15NFM.html

Collapse -
Adobe Flash Media Server Vulnerabilities
by Marianna Schmudlach / February 14, 2008 1:09 AM PST

added February 14, 2008 at 09:33 am

Adobe has released Flash Media Server 2.0.5 to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review the Flash Media Server 2.0.5 release notes and update to Flash Media Server 2.0.5 to help mitigate the risks.

US-CERT will provide more information as it becomes available.


http://www.us-cert.gov/current/current_activity.html#adobe_flash_media_server_vulnerabilities

Collapse -
Major Linux security glitch lets hackers in at Claranet
by Marianna Schmudlach / February 14, 2008 3:23 AM PST

10-minute swoop to close new hole
By Chris Williams and John Leyden

Published Thursday 14th February 2008

A major security vulnerability in the Linux kernel, which was revealed on Sunday, has claimed its first confirmed UK victim in business ISP Claranet.

Hackers used a bug in the sys_vmsplice kernel call, which handles virtual memory management, to gain root privileges and replace Claranet customers' index.html files with the hacker's calling card.

The exploit was noticed at about 6pm on Tuesday.

Claranet said: "Malicious activity related to the vulnerability was detected on Claranet's shared hosting platform. Within 10 minutes Claranet contained and halted the malicious activity, and locked down the platform to prevent further damage.

More: http://www.theregister.co.uk/2008/02/14/claranet_linux_security_hole/

Collapse -
Public Exploit for Local Linux Kernel Vulnerability
by Marianna Schmudlach / February 14, 2008 10:30 AM PST

added February 14, 2008 at 11:53 am

US-CERT has received information that public exploit information is available for a vulnerability affecting Linux kernels 2.6.17 to 2.6.24.1. These kernel versions contain a buffer overflow vulnerability in the get_user_pages function which may allow an unprivileged local attacker to gain root privileges.

US-CERT encourages users to upgrade to Linux kernel version 2.6.24.2.

US-CERT will provide more information as it becomes available.


http://www.us-cert.gov/current/current_activity.html#public_expolit_for_linux_kernel

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.