|
Linux Kernel Netfilter Weakness and Four Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA19330
|
|
|
Release Date:
|
2006-03-22
|
|
Last Update:
|
2006-05-04
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Unknown
Security Bypass
DoS
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Linux Kernel 2.6.x
|
|
| | CVE reference: | CVE-2006-0038 (Secunia mirror)
CVE-2006-0482 (Secunia mirror)
CVE-2006-1052 (Secunia mirror)
CVE-2006-1066 (Secunia mirror)
CVE-2006-1368 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A weakness and four vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, or with unknown impacts.
1) An integer overflow error exists within the "do_replace()" function in Netfilter. This can be exploited to cause a buffer overflow and allows the overwrite of arbitrary amounts of kernel memory when data is copied from user space.
Successful exploitation requires that the user is granted CAP_NET_ADMIN rights e.g. on systems that uses certain virtualisation solutions such as OpenVZ.
2) Insufficient memory allocation in "drivers/usb/gadget/rndis.c" when handling NDIS response to OID_GEN_SUPPORTED_LIST may cause kernel memory corruption.
3) An error in the get_compat_timespec() and compat_sys_clock_settime() functions when handling sign extended arguments can be exploited to cause the system to stop responding via a "date -s" command.
The vulnerability affects only the SPARC platform.
4) An error exists within the handling of singlestep ptrace when a task get preempted out of "do_debug()" processing while it is running on the DEBUG_STACK stack. This can be exploited to crash the system by having multiple tasks doing ptrace singlesteps at around the same time.
Successful exploitation requires that preemption is enabled in the kernel.
The vulnerability affects only the x86_64 platform.
5) An error exists within the SELinux ptrace handling code when setting the tracer SID of a process that is being ptraced. This causes incorrect ptrace revalidation at execve time and can potentially be exploited to bypass certain security restrictions.
The vulnerability was reportedly introduced in version 2.6.6.
Solution:
Update to version 2.6.16.
http://www.kernel.org/
Provided and/or discovered by:
1) Solar Designer
2) Shaun Tancheff
3) Ludovic Courtes
4) John Blackwood
5) Stephen Smalley
Changelog:
2006-03-23: Updated advisory with information from vendor. Added CVE reference and updated "Critical", "Where" and "Description" sections.
2006-03-24: Added information about additional vulnerability.
2006-03-27: Added CVE reference.
2006-03-28: Added information about additional vulnerability.
2006-05-04: Added information about additional vulnerability.
Original Advisory:
http://marc.theaimsgroup.com/?l=linux-sparc&m=113861010514065&w=2
http://marc.theaimsgroup.com/?l=linux-kernel&m=113932292516359&w=2
http://marc.theaimsgroup.com/?l=selinux&m=114226465106131&w=2
Kernel.org:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16
http://www.kernel.org/git/?p=linux/ke...bb818ae35f68d1f848eae0a7b150a38eb4168
http://www.kernel.org/git/?p=linux/ke...3716bfe4d8a16bef28c9947cf9d799b1796a5
http://www.kernel.org/git/?p=linux/ke...fc12e2513a4229bad0d05fde2d40a75c3e197
http://www.kernel.org/git/?p=linux/ke...d17c9d27a85782cfe1bbc36c747ffa1f81814
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
151 Related Secunia Security Advisories, displaying 10
|
|
|
1. Linux Kernel "dccp_setsockopt_change()" Integer Overflow
|
|
2. Linux Kernel Information Disclosure and Denial of Service
|
|
3. Linux Kernel LDT Buffer Size Handling Vulnerability
|
|
4. Linux Kernel Multiple Vulnerabilities
|
|
5. Linux Kernel "pppol2tp_recvmsg()" Memory Corruption Vulnerability
|
|
6. Linux Kernel ASN.1 BER Decoding Vulnerability
|
|
7. Linux Kernel Unspecified Vulnerability
|
|
8. Linux Kernel Multiple Vulnerabilities
|
|
9. Linux Kernel "fcntl_setlk()" SMP Reordered Access Vulnerability
|
|
10. Linux Kernel Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
