Linux Kernel Multiple Vulnerabilities

Filed under
Security

secunia.com has published "some vulnerabilities have been reported in the Linux kernel. One has an unknown impact, and the others can be exploited to cause a DoS (Denial of Service) and potentially compromise a vulnerable system."

Most if not all these obscure vulnerabilities have been addressed in the latest kernel update, citing the 2.6.12-rc1 changelog.

Published findings include:

1) An error exists in ROSE due to missing verification of the ndigis argument of new routes.

2) Any user with permissions to access a SCSI tape device can send some commands, which may cause it to become unusable for other users.

3) Some unspecified errors have been reported in the ISO9660 filesystem handler including Rock Ridge and Juliet extensions. These can be exploited via a specially crafted filesystem to cause a DoS or potentially corrupt memory leading to execution of arbitrary code.

Source.