|
Linux Kernel Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA25594
|
|
|
Release Date:
|
2007-06-08
|
|
Last Update:
|
2007-07-20
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Brute force
Exposure of sensitive information
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Linux Kernel 2.6.x
|
|
| | CVE reference: | CVE-2007-2453 (Secunia mirror)
CVE-2007-2875 (Secunia mirror)
CVE-2007-2876 (Secunia mirror)
CVE-2007-3380 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities and a weakness have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information and malicious people to cause a DoS (Denial of Service).
1) A NULL-pointer dereference exists within netfilter when handling new SCTP connections with unknown chunk types. This can be exploited to crash the kernel by sending malicious packets.
Note: This issue is reintroduced in version 2.6.22.
2) An underflow error within the "cpuset_task_read()" function in /kernel/cpuset.c can be exploited to read kernel memory, which may contain potentially sensitive information.
Successful exploitation requires that the attacker has access to open the /dev/cpuset/tasks file (the cpuset file system needs to be mounted).
3) The kernel does not handle seeds for the random number generator correctly. This may weaken the security of applications relying on the randomness of the kernel random number generator.
4) A vulnerability is caused due to an error within the function "tcp_accept_from_sock()" in fs/dlm/lowcomms.c. This can be exploited to halt services using the DLM by opening a connection to the DLM port (default 21064/TCP).
Successful exploitation requires that DLM is used and an attacker can create TCP connections to said port.
Solution:
Update to version 2.6.20.13 or 2.6.21.4
Users affected by vulnerability #1 that is reintroduced in Linux Kernel 2.6.22 and vulnerability #4 should update to version 2.6.22.1.
Provided and/or discovered by:
1) Vilmos Nebehaj
2) Discovered by an anonymous person and reported via iDefense Labs.
3) Reported by the vendor.
4) Reported in a Red Hat Bugzilla report.
Changelog:
2007-06-11: Updated advisory with new information provided by iDefense Labs. Added link to iDefense advisory. Updated "Solution" section.
2007-07-11: Updated "Description" and "Solution" section since vulnerability #1 is reintroduced in version 2.6.22. Added link to new ChangeLog.
2007-07-20: Added vulnerability #4. Updated "Solution" section.
Original Advisory:
Kernel:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.1
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=541
Red Hat:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245922
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
151 Related Secunia Security Advisories, displaying 10
|
|
|
1. Linux Kernel "dccp_setsockopt_change()" Integer Overflow
|
|
2. Linux Kernel Information Disclosure and Denial of Service
|
|
3. Linux Kernel LDT Buffer Size Handling Vulnerability
|
|
4. Linux Kernel Multiple Vulnerabilities
|
|
5. Linux Kernel "pppol2tp_recvmsg()" Memory Corruption Vulnerability
|
|
6. Linux Kernel ASN.1 BER Decoding Vulnerability
|
|
7. Linux Kernel Unspecified Vulnerability
|
|
8. Linux Kernel Multiple Vulnerabilities
|
|
9. Linux Kernel "fcntl_setlk()" SMP Reordered Access Vulnerability
|
|
10. Linux Kernel Multiple Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
