|
Linux Kernel Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA14295
|
|
|
Release Date:
|
2005-02-16
|
|
Last Update:
|
2005-12-01
|
|
Popularity:
|
28,024 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Unknown
Hijacking
Security Bypass
Exposure of sensitive information
Privilege escalation
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Partial Fix
|
|
| OS: | Linux Kernel 2.4.x
Linux Kernel 2.6.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Some vulnerabilities have been reported in the Linux kernel. These can be exploited by malicious, local users to gain knowledge of potentially sensitive information, cause a DoS (Denial of Service), or gain escalated privileges, or by malicious people to cause a DoS or bypass certain security restrictions.
1) Insufficient permission checking in the "shmctl()" function allows any process to lock/unlock arbitrary System V shared memory segments that fall within the RLIMIT_MEMLOCK limit.
This can be exploited to unlock locked memory of other processes, which may result in sensitive information being written to swap space.
2) A race condition exists in the terminal handling of the "setsid()" function used for starting new process sessions.
3) An error within the handling of the OUTS instruction on 64-bit platforms can be exploited by malicious, local users to write to privileged IO ports.
4) Table sizes in "nls_ascii.c" are incorrectly set to 128 instead of 256, which may be exploited to cause buffer overflows and crash the kernel.
5) A design error in the netfilter/iptables module can be exploited to crash the kernel or bypass firewall rules via specially crafted packets.
6) An error in the netfilter/iptables module can be exploited to crash the kernel via specially crafted IP packet fragments.
7) A memory leak in the netfilter/iptables module when handling locally generated packet fragments can be exploited to consume all available kernel memory resources.
8) Missing restrictions on the N_MOUSE line discipline makes it possible for any user to inject mouse movements and keyboard events into the input subsystem and thereby hijack another user's session.
9) An error in the futex handling can be exploited to cause a deadlock condition.
10) A signedness error in sysfs when writing to a sysfs file can be exploited to overwrite kernel memory. This may crash the system or allow execution of arbitrary code with escalated privileges.
11) An unspecified error in the "unw_unwind_to_user()" function can be exploited by malicious, local users to crash 64-bit systems.
12) An unspecified error in the NFS client O_DIRECT error case handling can be exploited by malicious, local users to crash the system.
13) An error in the auditing code can be exploited by malicious, local users on Itanium systems to crash the kernel.
14) A error in the handling of extended attributes on ext2 and ext3 file systems can cause incorrect enforcement of Access Control Lists and may allow unauthorized access to files.
15) A boundary error in the "coda_pioctl()" function in the coda module (pioctl.c) may be exploited to crash the kernel or execute arbitrary code via negative "vi.in_size" or "vi.out_size" values.
16) A race condition in "/fs/exec.c" when threads are sharing memory mapping via CLONE_VM e.g. linuxthreads and vfork, may be exploited by local users to cause a DoS (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.
17) An error in handling the situation when one thread is tracing another thread that shares the same memory map, may be exploited by local users to cause a DoS (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state.
18) Some signedness errors in "drivers/block/scsi_ioctl.c" may be exploited by malicious users to read and write kernel memory, potentially causing a crash.
The vulnerabilities have been reported in the 2.6 kernel. Vulnerability #3 also affects the 2.4 kernel.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
