Paul Starzetz of iSEC has discovered two new security holes in the Linux kernel. The first hole, a flaw in the kernel implementation of IGMP (multicasting) allows “unprivileged local users” to “gain elevated (root) privileges” and “remote users to hang or even crash a vulnerable Linux machine”. The second flaw, in the socket layer API, may allow “unprivileged local users to hang a vulnerable Linux machine”. Full details INCLUDING exploit source code are available at iSEC’s website. No patches as of now available. At least one of these has already been fixed.
Tags: security —