"There is no such thing on earth as an uninteresting subject;
the only thing that can exist is an uninterested person."
G. K. Chesterton (1874 - 1936); English author & mystery novelist.

- Vulnerability in Linux kernel -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, December 27 2005 - iDefense has announced a complete memory exhaustion vulnerability in versions 2.4 and 2.6 of the Linux kernel, which could allow denial of service attacks.

The flaw stems from a limitation in the design of the Linux kernel, and consists of a lack of resource checking during the buffering of data for transfer over a pair of sockets. An attacker could create a situation which, depending on the available system resources, can cause a 'kernel panic' due to memory resource exhaustion.

An attack can be launched by opening up a number of connected file descriptors or socket pairs and creating the largest possible kernel buffer for data transfer between the two sockets. By causing the process to enter a zombie state or closing the file descriptor while keeping a reference open, the data is kept in the kernel until the transfer can complete. If done repeatedly, system memory resources can be exhausted from the kernel.

To fully exploit this vulnerability, an attacker would need local access to the affected system.

------------------------------------------------------------

The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1)Banker.BSX; 2)Nabload.U; 3)Sdbot.ftp; 4)Sober.AH; 5)Galapoper.IE.

Lagu