Security researchers are warning of potentially serious vulnerabilities in the Linux kernel that could allow malicious hackers to gain full super-user privileges.
The vulnerability affects the 2.6.x branch prior to version 2.6.3 and the Linux kernel memory management code.
Experts note that the latest bug is unrelated to a previous vulnerability in the same internal kernel function code.
Users are urged to update to version 2.6.3 at the Linux Kernel Archives.
According to an advisory issued by Secunia, a boundary error in the “ncp_lookup()” function causes the privilege escalation flaw.
“This can be exploited to cause a stack overflow and may allow execution of arbitrary code with escalated privileges,” the Copenhagen-based research firm warned.
The bug could also cause denial-of-service attacks have issued updates to correct the flaw.
Secunia also issued a separate advisory for another hole in the Linux kernel, which can be exploited by malicious, local users to cause denial-of-service issues. The vulnerability was found in the Vicam USB driver and could be exploited to violate security boundaries in the kernel. Linux versions prior to 2.4.25 are affected.
