[critical] Linux Server Vulnerability

Our server will shortly be patched to avoid the following vulnerability. Multiple vulnerabilities have been reported in Linux Kernel, which can be exploited by malicious people to potentially compromise a vulnerable system.

The vulnerabilities are caused due to an error in the "dccp_new()", "dccp_packet()", and "dccp_error()" functions (net/netfilter/nf_conntrack_proto_dccp.c), which can be exploited to corrupt kernel stack memory via specially crafted DCCP packets.

Successful exploitation may allow execution of arbitrary code with kernel privileges.

The vulnerabilities are reported in versions 2.6.32.61, 3.2.55, 3.4.83, 3.10.33, 3.12.14, and 3.13.6.

 

Solution:
Fixed in the source code repository.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b22f5126a24b

Comments

Powered by Zendesk