Release date:
Updated on: 2010-3 3
Affected Systems:
Linux kernel 2.6.0-2.6.37
Description:
--------------------------------------------------------------------------------
Bugtraq id: 45159
Linux Kernel is the Kernel used by open source Linux.
A security vulnerability exists in the Linux Kernel address restriction over-control function. A local attacker can exploit this vulnerability to escalate permissions through a known Denial Of Service Vulnerability to completely control the affected computers.
This vulnerability is caused by the failure to correctly execute "access_ OK ()" on the provided address when the address limit is exceeded through the "set_fs ()" function ()".
<* Source: Nelson Elhage (nelhage@mit.edu)
Link: http://permalink.gmane.org/gmane.comp.security.oss.general/3871
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.kernel.org/