Latest Linux Vulnerabilities Get Patches
Graphics library and kernel functions are open to attack, but the current Linux kernel addresses the problems.A series of recently announced security flaws open Linux and related technologies to attacks ranging from denials of service and local exploits to the potential for remote system compromise. Senior Linux developer Alan Cox announced a set of "race conditions" in the Linux kernel that were fixed in Version 2.6.9. The problems are in the terminal subsystem. Patches are also available for the 2.4x kernel, but not the 2.2 kernel. Cox reports two problems, the first involving a local program performing specific operations with a particular timing, resulting in crashes and "other undefined behavior," including the release of small amounts of random kernel data. The second attack involves dial-up users connecting over PPP (point-to-point protocol) ports and performing a console switch at precisely the right time, causing a crash. The second attack can only be reproduced over direct serial lines, not modems, leading Cox to minimize the possibility of a true remote attack.
A separate problem was reported in the iptables program of the 2.6x kernel, specifically an integer underflow. iptables is part of the Linux kernels network security. Along with netfilter it provides packet filtering, network address translation and other security features.