CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTE

CERT-In Vulnerability Note CIVN-2008-113
Linux Kernel LDT Denial of Service Vulnerability

Original Issue Date: July 29, 2008

Severity Rating: High

System Affected

Linux Kernel Versions 2.6.25.x prior to 2.6.25.11

Overview

A vulnerability has been reported in LDT of Linux Kernel. A remote attacker can exploit this vulnerability to cause a Denial of Service or gain escalated privileges in a local system.

Description

This vulnerability is caused due to an error in the implementation of Local Descriptor Table (LDT) in the Linux kernel on x86_64 platforms. Successful exploitation of this vulnerability allows a local attacker to cause a Denial of Service (system crash) or gain escalated privileges.

Solution

Upgrade Linux Kernel to version 2.6.25.11.
http://www.kernel.org

Vendor Information

Kernel
http://www.kernel.org/pub/linux/kernel/v2.6/Change
Log-2.6.25.11

References

Secunia
http://secunia.com/advisories/31172/

SecurityTracker
http://securitytracker.com/alerts/2008/Jul/1020544.html

CVE Name
CVE-2008-3247

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Vulnerability Note CIVN-2008-113 Linux Kernel LDT Denial of Service Vulnerability

CERT-In Vulnerability Note CIVN-2008-113
Linux Kernel LDT Denial of Service Vulnerability