LinuxKernel network driver vulnerability

Article title: LinuxKernel network driver vulnerability. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The tehui driver of Linux Kernel has a vulnerability in processing malformed parameter data. if a local attacker executes a specially crafted BDX_OP_WRITE IOCTL call to the tehui network driver used by Linux, the Kernel memory may be damaged, this causes a denial of service or arbitrary command execution.
Release date: 2008-05-02

Updated on: 2008-05-04

Affected systems:

Linux kernel <2.6.25.1

Description:

----------------------------------------------------------------------------

Bugtraq id: 29014

CVE (CAN) ID: CVE-2008-1675

Linux Kernel is the Kernel used by open source Linux.

The tehui driver of Linux Kernel has a vulnerability in processing malformed parameter data. if a local attacker executes a specially crafted BDX_OP_WRITE IOCTL call to the tehui network driver used by Linux, the Kernel memory may be damaged, this causes a denial of service or arbitrary command execution.

<* Source: Jeff Garzik (jeff@garzik.org)

Link: http://secunia.com/advisories/25594/

Linux/kernel/v2.6/ChangeLog-2.6.24.6 "> http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6

*>

Suggestion:

----------------------------------------------------------------------------

Vendor patch:

Linux

-----

The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.kernel.org/pub/linux/kernel/v2.6/patch-2.6.25.1.bz2