A kernel vulnerability has been found today by Masayuki Nakagawa, which can be exploited by local attackers to cause a denial of service (DoS) attack.Affected Software
Linux Kernel versions 2.6.x
Description
A vulnerability has been identified in Linux Kernel, which could be exploited by local attackers to cause a denial of service. This issue is due to an error in the "tcp_v6_syn_recv_soc()" [net/ipv6/tcp_ipv6.c] function where the IPv6 flow list (ipv6_fl_socklist) is shared with child sockets, which could be exploited by malicious users to crash an affected system by manipulating listening IPv6 TCP sockets.
This issue has been rated as low risk and can only be exploited locally and not remotely.
This issue has been rated as low risk and can only be exploited locally and not remotely.
Workaround Available
Apply patch :
http://www.marc.info/?l=linux-netdev&m=117406721731891
References
References for this kernel vulnerability can be found here and here.
http://www.marc.info/?l=linux-netdev&m=117406721731891
References
References for this kernel vulnerability can be found here and here.
See more bugs discovered in CompuWorld here. And helpful tips here.
Subscribe for latest updates here.
No comments:
Post a Comment