Linux Kernel Information Disclosure and Security Bypass

Searching_ _ _ · Mar 24, 2009

Some security issues have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious users to bypass certain security restrictions.

1) A security issue is caused due to an error when storing eCryptfs headers, which can be exploited to disclose certain kernel memory.

2) A security issue is caused due to nfsd not properly dropping the "CAP_MKNOD" capability for unprivileged users, which can be exploited to create device nodes.
Click to expand...

http://secunia.com/advisories/34422/

tlu · Mar 28, 2009

Who cares? Secunia themselves say that the leak is "less critical". And a fix by the Linux developers is already on its way.

Arup · Mar 28, 2009

Again, both are local exploits and they can be easily blocked, nothing serious like a OS hole allowing remote code execution.

Log in or Sign up

Linux Kernel Information Disclosure and Security Bypass

Searching_ _ _ Registered Member

tlu Guest

Arup Guest

Log in or Sign up

Linux Kernel Information Disclosure and Security Bypass

Searching_ _ _ Registered Member

tlu Guest

Arup Guest

Useful Searches