USN-869-1 -- linux vulnerabilityID: oval:org.secpod.oval:def:700424 | Date: (C)2011-05-13 (M)2024-02-19 |
Class: PATCH | Family: unix |
David Ford discovered that the IPv4 defragmentation routine did not correctly handle oversized packets. A remote attacker could send specially crafted traffic that would cause a system to crash, leading to a denial of service. Akira Fujita discovered that the Ext4 "move extents" ioctl did not correctly check permissions. A local attacker could exploit this to overwrite arbitrary files on the system, leading to root privilege escalation