[dundee] Linux Kernel 'ac_ioctl()' Local Buffer Overflow Vulnerability

Lee Hughes toxicnaan at yahoo.co.uk
Mon Dec 15 09:44:28 UTC 2008


I wonder why linux users know more about whats going on inside their
machines, than the 'windows monkey with typewriters people'?



;-)




--- On Sun, 14/12/08, Arron Finnon <afinnon at googlemail.com> wrote:
From: Arron Finnon <afinnon at googlemail.com>
Subject: Re: [dundee] Linux Kernel 'ac_ioctl()' Local Buffer Overflow Vulnerability
To: dundee at lists.lug.org.uk
Date: Sunday, 14 December, 2008, 10:00 PM

Bit More info if anyone is interested

18. Linux Kernel 'ac_ioctl()' Local Buffer Overflow Vulnerability
BugTraq ID: 32759
Remote: No
Date Published: 2008-12-10
Relevant URL: http://www.securityfocus.com/bid/32759
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability
because it fails to perform adequate boundary checks on user-supplied
data.

Local attackers may be able to exploit this issue to crash the
affected kernel, denying service to legitimate users. Given the nature
of this issue, attackers may also be able to run arbitrary code, but
this has not been confirmed.

Versions prior to the Linux kernel 2.6.28-rc1 are vulnerable.

_______________________________________________
dundee GNU/Linux Users Group mailing list
dundee at lists.lug.org.uk  http://dundee.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/dundee
Chat on IRC, #tlug on dundee.lug.org.uk



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/dundee/attachments/20081215/5c411ad7/attachment.htm 


More information about the dundee mailing list