Affected Systems:
Linux kernel 2.6.7
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1-rc2
Linux kernel 2.6.1-rc1
Linux kernel 2.6.1
Linux kernel 2.6
Linux kernel 2.4.9
Linux kernel 2.4.8
Linux kernel 2.4.7
Linux kernel 2.4.6
Linux kernel 2.4.5
Linux kernel 2.4.4
Linux kernel 2.4.3
Linux kernel 2.4.27-pre2
Linux kernel 2.4.27-pre1
Linux kernel 2.4.26
Linux kernel 2.4.25
Linux kernel 2.4.24
Linux kernel 2.4.23
Linux kernel 2.4.22
Linux kernel 2.4.21
Linux Kernel 2.4.20
Linux Kernel 2.4.2
Linux Kernel 2.4.19
Linux Kernel 2.4.18
Linux Kernel 2.4.17
Linux Kernel 2.4.16
Linux Kernel 2.4.15
Linux Kernel 2.4.14
Linux Kernel 2.4.13
Linux Kernel 2.4.12
Linux Kernel 2.4.11
Linux Kernel 2.4.10
Linux Kernel 2.4.1
Linux Kernel 2.4
Detailed description:
Linux Kernel is an open-source operating system.
The knfsd contained in Linux kernel has integer overflow. Remote attackers can exploit this vulnerability to crash the knfsd service program.
A remote attacker can forge a trusted source address and send a write request packet containing a size greater than 2 ^ 31, which may cause kernel problems and cause DoS attacks. It is unclear whether the packet can be used to execute arbitrary commands.
Patch download:
S. U. S. E. has released a Security Bulletin (SUSE-SA: 2004: 028) and patches for this:
SUSE-SA: 2004: 028: Kernel
From: kingsoft.com