Web blog.fakap.net

BSD anyone?

Tuesday, May 23, 2006, posted by ~ayoi~

Well this is not my finding (obviously) but excerpt from one of the sec sites

Linux Kernel "snmp_trap_decode()" Remote Memory Corruption Vulnerability

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-05-22

A vulnerability has been identified in Linux Kernel, which could be exploited by remote attackers to cause a denial of service. This flaw is due to a memory corruption error in the "snmp_trap_decode()" [ipv4/netfilter/ip_nat_snmp_basic.c] function when allocating the ID and the address, which could be exploited by remote attackers to crash a vulnerable system where the "ip_nat_snmp_basic" module is loaded and traffic on port 161 or 162 is NATed.

Affected Products

Linux Kernel version 2.6.16.17 and prior

Solution

Upgrade to Linux Kernel version 2.6.16.18 :
http://www.kernel.org/

Here's the link :
http://www.frsirt.com/english/advisories/2006/1916

Now let see what's my lsmod output..

Share your thoughts about this blog, contact us now!
We are open for Link Exchange, submit your website to increase exposure.

 

Comments

Anonymous mypapit said...

Uih, kernel 2.6.17 pun tak release lagi, teruk camni :p

Commented @ May 23, 2006 5:06 PM  

Post a Comment



Archives