|
Linux Kernel Local Denial of Service and Information Disclosure
|
|
Secunia Advisory:
|
SA19083
|
|
|
Release Date:
|
2006-03-02
|
|
Last Update:
|
2006-05-04
|
|
Popularity:
|
17,878 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of sensitive information
DoS
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Linux Kernel 2.6.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-0457
CVE-2006-0554
CVE-2006-0555
CVE-2006-0557
CVE-2006-0741
|
|
Description:
Some vulnerabilities have been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain knowledge of potentially sensitive information.
1) An error in the "nfs_get_user_pages()" function due to insufficient checks on the return value returned by the "get_user_pages()" function can be exploited to cause a local DoS by performing an O_DIRECT write to an NFS file where the user buffer starts with a valid mapped page, but also contains an unmapped page.
2) Missing checks for bad elf entry addresses can be exploited to cause an endless recursive fault on Intel systems, which results in a local DoS.
3) The "sys_mbind()" function in "/mm/mempolicy.c" does not sanity check its arguments before passing it to the "get_nodes()" function. This can potentially be exploited to cause a local DoS.
An error in the XFS "ftruncate()" function, which may expose stale data off disk to users, has also been reported.
4) A race condition in the "sys_add_key()", "sys_request_key()", and "keyctl()" functions in "/security/keys/keyctl.c" can potentially be exploited by local users to either crash the kernel or read random parts of kernel memory by modifying the length of string arguments after the kernel has determined their length, but before the kernel copied them into kernel memory.
The vulnerability has been reported in versions prior to 2.6.15.4.
Solution:
Update to version 2.6.15.5.
http://kernel.org/
Provided and/or discovered by:
Reported by vendor.
Changelog:
2006-03-03: Added information about additional vulnerability.
2006-03-13: Added information about additional vulnerability.
2006-05-04: Added CVE reference and updated "Description" and "Original Advisory" sections.
Original Advisory:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.4
http://www.kernel.org/git/?p=linux/ke...d460744b92d00d5114079fcfc8e547d7ac143
http://www.kernel.org/git/?p=linux/ke...f13c174dd7c84a437d3c3e8fa66f03f7fda63
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
