|
Linux Kernel Local Denial of Service and Information Disclosure
|
|
|
|
|
Secunia Advisory:
|
SA19083
|
|
|
Release Date:
|
2006-03-02
|
|
Last Update:
|
2006-05-04
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of sensitive information
DoS
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Linux Kernel 2.6.x
|
|
| | CVE reference: | CVE-2006-0457 (Secunia mirror)
CVE-2006-0554 (Secunia mirror)
CVE-2006-0555 (Secunia mirror)
CVE-2006-0557 (Secunia mirror)
CVE-2006-0741 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain knowledge of potentially sensitive information.
1) An error in the "nfs_get_user_pages()" function due to insufficient checks on the return value returned by the "get_user_pages()" function can be exploited to cause a local DoS by performing an O_DIRECT write to an NFS file where the user buffer starts with a valid mapped page, but also contains an unmapped page.
2) Missing checks for bad elf entry addresses can be exploited to cause an endless recursive fault on Intel systems, which results in a local DoS.
3) The "sys_mbind()" function in "/mm/mempolicy.c" does not sanity check its arguments before passing it to the "get_nodes()" function. This can potentially be exploited to cause a local DoS.
An error in the XFS "ftruncate()" function, which may expose stale data off disk to users, has also been reported.
4) A race condition in the "sys_add_key()", "sys_request_key()", and "keyctl()" functions in "/security/keys/keyctl.c" can potentially be exploited by local users to either crash the kernel or read random parts of kernel memory by modifying the length of string arguments after the kernel has determined their length, but before the kernel copied them into kernel memory.
The vulnerability has been reported in versions prior to 2.6.15.4.
Solution:
Update to version 2.6.15.5.
http://kernel.org/
Provided and/or discovered by:
Reported by vendor.
Changelog:
2006-03-03: Added information about additional vulnerability.
2006-03-13: Added information about additional vulnerability.
2006-05-04: Added CVE reference and updated "Description" and "Original Advisory" sections.
Original Advisory:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.4
http://www.kernel.org/git/?p=linux/ke...d460744b92d00d5114079fcfc8e547d7ac143
http://www.kernel.org/git/?p=linux/ke...f13c174dd7c84a437d3c3e8fa66f03f7fda63
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
152 Related Secunia Security Advisories, displaying 10
|
|
|
1. Linux Kernel "rt6_fill_node()" Denial of Service Vulnerability
|
|
2. Linux Kernel "dccp_setsockopt_change()" Integer Overflow
|
|
3. Linux Kernel Information Disclosure and Denial of Service
|
|
4. Linux Kernel LDT Buffer Size Handling Vulnerability
|
|
5. Linux Kernel Multiple Vulnerabilities
|
|
6. Linux Kernel "pppol2tp_recvmsg()" Memory Corruption Vulnerability
|
|
7. Linux Kernel ASN.1 BER Decoding Vulnerability
|
|
8. Linux Kernel Unspecified Vulnerability
|
|
9. Linux Kernel Multiple Vulnerabilities
|
|
10. Linux Kernel "fcntl_setlk()" SMP Reordered Access Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
