Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel.
0c5624a431067b087e027c806e2b0a15c6931e0b219f19ff925a96db06e0cfacUbuntu Security Notice 625-1 - A massive slew of Linux kernel related vulnerabilities have been addressed for the linux-source-2.6.15/20/22 packages.
e309dbb8ed4824d0ba3a0db45465a00498514fe1765827e95617f7fc118a59dcMandriva Linux Security Advisory - The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.
89462fab20dfaa1a27ad9dd2d7a06c79801ad5d651d59a14339a79123017c8bbDebian Security Advisory 1592-2 - Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. Wei Wang from McAfee reported a potential heap overflow in the ASN.1 decode code that is used by the SNMP NAT and CIFS subsystem. Exploitation of this issue may lead to arbitrary code execution. This issue is not believed to be exploitable with the pre-built kernel images provided by Debian, but it might be an issue for custom images built from the Debian-provided source package. Brandon Edwards of McAfee Avert labs discovered an issue in the DCCP subsystem. Due to missing feature length checks it is possible to cause an overflow they may result in remote arbitrary code execution. This updated advisory adds the linux-2.6 build for mipsel which was not yet available at the time of DSA-1592-1.
24b053846451d3576b4c71ededba2a1cd624973f0c782d76c0de627779d54fa0Debian Security Advisory 1592-1 - Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. Wei Wang from McAfee reported a potential heap overflow in the ASN.1 decode code that is used by the SNMP NAT and CIFS subsystem. Exploitation of this issue may lead to arbitrary code execution. This issue is not believed to be exploitable with the pre-built kernel images provided by Debian, but it might be an issue for custom images built from the Debian-provided source package. Brandon Edwards of McAfee Avert labs discovered an issue in the DCCP subsystem. Due to missing feature length checks it is possible to cause an overflow they may result in remote arbitrary code execution.
507e04b8955c1ccae5b54ef31af8f349dfad3e78ada5a7467a0c78115443ee88
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed