All the latest UK technology news, reviews and analysis

Linux flaw could lead to DoS attacks

by Matt Chapman

07 Apr 2006

Comments: 2

  • Tweet this
A security flaw has been found in Linux kernel version 2.6.x
Vulnerability could allow a local user to launch a denial of service attack

A security flaw has been found in Linux kernel version 2.6.x that could allow malicious local users to cause a denial of service attack, according to an advisory from security firm Secunia

The vulnerability is caused by an out-of-bounds memory error in the 'fill_write_buffer()' function in 'sysfs/file.c'.

Further reading

The problem occurs when writing a PAGE_SIZE amount of data that does not contain any zeroes to a 'sysfs' file.

The vulnerability has been fixed in version 2.6.17-rc1 of the Linux kernel, and users are advised to download the latest patch immediately.

Do you agree?

Add your comment

Do not update to 2.6.17-rc1

Users are recommended to install a development version of the kernel?! Please get your facts right, noone will ever recommend normal users to run an RC1 kernel, which contains all latest development code and has its share of bugs...

Posted by: Frederik 09 Apr 2006

Doesn't look dangerous

Looking at the sysfs filesystem on my machine nothing in there can we written to by anyone other than root, so it looks like you need to be root to trigger this exploit. On most machines if you're root you can do anything you want anyway. Even if you're using capabilities to limit what root can do, I'd hope whoever you allow access to the root account can be trusted not to try a denail of service attack.

Posted by: Richard 07 Apr 2006

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

Toy soldiers on keyboard representing cyber security

Boardroom gears up for cyber war

Related white papers

Related articles

Related jobs

Today's top stories

A Cisco logo on a building

Cisco asks EU to rethink approval for Microsoft's Skype buy

meg-whitman-hp-ceo-global-partner-conference1

HP plans to double R&D spend across all divisions

Mozilla Firefox logo

Mozilla adds Android and security updates to Firefox roadmap

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 reporter Dan Worth

World-changing CERN experiments highlight humanity’s intrinsic curiosity

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Data Delivery Support Analyst

We have been given the privilege of recruiting for a...

Quant Trader - Equities - Leading Prop shop

My client is a proprietary, electronic trading firm and...

Senior Project Manager (Telecoms - 9 month FTC)

Our client is looking for a Senior Project Manager (Telecoms...

Business Analyst - Surrey

Business Analysts are being sought by my leading financial...

To send to more than one email address, simply separate each address with a comma.