Security researchers have uncovered “critical” security flaws in a version of the Linux kernel used by a large number of popular distributions.

The three bugs allow unauthorized users to read or write to kernel memory locations or to access certain resources in certain servers, according to a SecurityFocus advisory.

They could be exploited by malicious local users to cause denial-of-service attacks, disclose potentially sensitive information or gain “root” privileges, according to security experts.

The bug affects all versions of the Linux kernel up to Version 2.6.24.1, which contains a patch. Distributions such as Ubuntu, TurboLinux, SUSE, Red Hat, Mandriva, Debian and others are affected.

The problems are within three functions in the system call fs/splice.c, according to an advisory from Secunia APS.

“In the 2.6.23 kernel, the system call functionality has been further extended resulting in … critical vulnerabilities,” said iSEC Security Research in an advisory.

Click here to read the rest of the story…

This entry was posted on Tuesday, February 26th, 2008 at 10:48 am and is filed under News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.