Security holes in Linux kernel closed
The Linux kernel developers have fixed security flaws in version 220.127.116.11 published last Friday that affect the CIFS and SNMP-NAT modules (
nf_nat_snmp_basic). Crafted packets can cause a buffer overflow remotely in the BER decoder used by the ASN.1 parser. The kernel then crashes, and it may even be possible to inject and execute code in the process.
CIFS provides access to network shares. An extension of the older SMBFS under Linux, it uses Server Message Blocks (SMB) to transmit data. A buffer overflow in the CIFS implementation of the Linux kernel previously caused problems in version 18.104.22.168.
The developers do not provide any additional information in their announcement. You should assume that you are vulnerable if you use the modules mentioned. The developers recommend that the update be installed as soon as possible. In addition to the 2.6 kernel, the 2.4 kernel is also affected. The flaw has been remedied in 22.214.171.124.
- Linux 126.96.36.199, announcement at the Linux Kernel Mailing List