Login   |   Secure Purdue > News

Linux 2.4 and 2.6 kernel vulnerability

A recently discovered vulnerability in the Linux 2.4 and 2.6 kernels can allow an attacker with local user privileges to gain root access using a widely distributed exploit for a NULL pointer reference caused by incorrect proto_ops initializations. As of August 17th, the issue is still unpatched and the vulnerability affects basically all distributions of Linux running on the 2.4 or 2.6 kernels.

More info:

http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html

http://www.securityfocus.com/bid/36038

https://bugzilla.redhat.com/show_bug.cgi?id=516949

Be on the lookout for patches soon, especially if you run an open Linux server.

Posted by Brett Davis on August 17, 2009, in Handlers Log.