|
Linux Kernel Netfilter Weakness and Four Vulnerabilities
|
|
Secunia Advisory:
|
SA19330
|
|
|
Release Date:
|
2006-03-22
|
|
Last Update:
|
2006-05-04
|
|
Popularity:
|
14,436 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Unknown
Security Bypass
DoS
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Linux Kernel 2.6.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
A weakness and four vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, or with unknown impacts.
1) An integer overflow error exists within the "do_replace()" function in Netfilter. This can be exploited to cause a buffer overflow and allows the overwrite of arbitrary amounts of kernel memory when data is copied from user space.
Successful exploitation requires that the user is granted CAP_NET_ADMIN rights e.g. on systems that uses certain virtualisation solutions such as OpenVZ.
2) Insufficient memory allocation in "drivers/usb/gadget/rndis.c" when handling NDIS response to OID_GEN_SUPPORTED_LIST may cause kernel memory corruption.
3) An error in the get_compat_timespec() and compat_sys_clock_settime() functions when handling sign extended arguments can be exploited to cause the system to stop responding via a "date -s" command.
The vulnerability affects only the SPARC platform.
4) An error exists within the handling of singlestep ptrace when a task get preempted out of "do_debug()" processing while it is running on the DEBUG_STACK stack. This can be exploited to crash the system by having multiple tasks doing ptrace singlesteps at around the same time.
Successful exploitation requires that preemption is enabled in the kernel.
The vulnerability affects only the x86_64 platform.
5) An error exists within the SELinux ptrace handling code when setting the tracer SID of a process that is being ptraced. This causes incorrect ptrace revalidation at execve time and can potentially be exploited to bypass certain security restrictions.
The vulnerability was reportedly introduced in version 2.6.6.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
