Multiple vulnerabilities were identified in Linux Kernel, which could be exploited by malicious users to cause a denial of service and potentially obtain elevated privileges.
The first issue is due to an error in "mm/mempolicy.c" when handling policy system calls, which could be exploited by local attackers to cause a denial of service via a "set_mempolicy" call with a 0 bitmask.
The second flaw is due to a one-byte buffer overrun error in "kernel/sysctl.c" when processing an overly long user-supplied string, which could be exploited by local attackers to potentially execute arbitrary commands.
The third vulnerability is due to an error in "net/ipv4/fib_frontend.c" when processing malformed "fib_lookup" netlink messages, which could cause illegal memory references.
The fourth issue is due to a buffer overflow error in the CA-driver for TwinHan DST Frontend/Card [drivers/media/dvb/bt8xx/dst_ca.c], which could be exploited by malicious users to cause a denial of service or potentially execute arbitrary commands.
Credits
Vulnerabilities reported by Doug Chapman, Perceval Anichini and Yi Yang
ChangeLog
2006-01-04 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
