Due to a vulnerability in the Linux kernel, a local attacker on a system with Linux kernel series 2.6 could crash the system to deny service to legitimate users or possibly obtain root privileges.

Security Lab say the vulnerability is in fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), and possibly have some other unspecified impact, by making a readlink call that results in an error. The error leads to the call returning a -1 value as an array index. For those who compile their own kernel builds: there is a three line patch. The issue is fixed in the recently released version 2.6.28.1 of the Linux kernel. According to an advisory on Security Focus how an exploit might be developed is apparently still unclear and to-date there are no known exploits.

eCryptfs is now an option for some Linux distributions such as Ubuntu 8.10 “Intrepid Ibex”. It adds metadata to a normal file to allow for transparent, portable encryption and decryption of the file.

Related Posts: On this day...

• The risk of using apps that access your Gmail account - 2012
• Verizon releases BlackBerry OS 6 - 2011
• Neil deGrasse is a badass! - 2011
• Panopticlick: EFF's tool for telling you how unique your browser profile is - 2010
• New Law Will Require Camera Phones to "Click" - 2009
• With Cheney gone, Google Maps gains sky view of VP's home - 2009
• AlterNet: The End of Privacy - 2008