A weakness and four vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, or with unknown impacts.
1) An integer overflow error exists within the "do_replace()" function in Netfilter. This can be exploited to cause a buffer overflow and allows the overwrite of arbitrary amounts of kernel memory when data is copied from user space.
Successful exploitation requires that the user is granted CAP_NET_ADMIN rights e.g. on systems that uses certain virtualisation solutions such as OpenVZ.
2) Insufficient memory allocation in "drivers/usb/gadget/rndis.c" when handling NDIS response to OID_GEN_SUPPORTED_LIST may cause kernel memory corruption.
3) An error in the get_compat_timespec() and compat_sys_clock_settime() functions when handling sign extended arguments can be exploited to cause the system to stop responding via a "date -s" command.
The vulnerability affects only the SPARC platform.
4) An error exists within the handling of singlestep ptrace when a task get preempted out of "do_debug()" processing while it is running on the DEBUG_STACK stack. This can be exploited to crash the system by having multiple tasks doing ptrace singlesteps at around the same time.
Successful exploitation requires that preemption is enabled in the kernel.
The vulnerability affects only the x86_64 platform.
5) An error exists within the SELinux ptrace handling code when setting the tracer SID of a process that is being ptraced. This causes incorrect ptrace revalidation at execve time and can potentially be exploited to bypass certain security restrictions.
The vulnerability was reportedly introduced in version 2.6.6.
Provided and/or discovered by: 1) Solar Designer
2) Shaun Tancheff
3) Ludovic Courtes
4) John Blackwood
5) Stephen Smalley
Original Advisory: http://marc.theaimsgroup.com/?l=linux-sparc&m=113861010514065&w=2
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Linux Kernel Netfilter Weakness and Four Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.