Affected Systems:
Linux kernel 2.6.11.11-2.6.37
Description:
Linux Kernel is the Kernel used by open source Linux.
"Fs/partitions/ldm. c. There is a buffer overflow and denial of service vulnerability in implementation. Attackers can exploit this vulnerability to execute arbitrary code, escalate permissions, leak sensitive information, and cause DOS.
Whether or not automatic partitioning is enabled, the Kernel automatically evaluates the Partition Table of the storage device. The code used to evaluate MAC and LDM partition tables contains the following vulnerabilities:
1. mac_partition in fs/partitions/mac. c has a buffer overflow vulnerability, which causes DOS through a corrupted MAC partition table.
2. The zero-division vulnerability of fs/partitions/ldm. c ldm_get_vblks causes DOS through the corrupted LDM partition table.
3. The ldm_frag_add buffer overflow vulnerability in fs/partitions/ldm. c causes permission escalation and information leakage through the corrupted LDM partition table.
<* Source: Timo Warns (<warns@pre-sense.de>)
*>
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.kernel.org/