IT Security

Vulnerabilities reported in SUSE Linux Enterprise Server, SUSE kernel

October 15, 2007, 12:01 AM PDT

Takeaway: A vulnerability which could be exploited to cause a Denial of Service has been reported in SUSE Linux Enterprise Server. SUSE has also released an update for various vulnerabilities found in the kernel.

A vulnerability that could be exploited to cause a denial-of-service attack has been reported in SUSE Linux Enterprise Server. SUSE has also released an update for various vulnerabilities found in the kernel.

According to Secunia:

The vulnerability is caused due to an error when processing dynamic DNS update requests. This can be exploited to crash the “named” process via a GSS-TSIG request.

This vulnerability is reported in Novell SUSE Linux Enterprise Server 10 SP1 and can be rectified by updating libgssapi package to version 0.6-13.7 or later.

In addition, SUSE has issued an update for the kernel. This update fixes some vulnerabilities that can be exploited by local users to gain escalated privileges as well as cause a DoS. For a list of the patches, check out the Secunia advisory.

Get IT Tips, news, and reviews delivered directly to your inbox by subscribing to TechRepublic’s free newsletters.

OpenBSD DHCP vulnerability fixed

Multiple vulnerabilities discovered in Sun Java WebStart