Security Advisory SA41263 - Linux Kernel Multiple Vulnerabilities

Secunia

Blog

Secunia Advisory SA41263

Linux Kernel Multiple Vulnerabilities

Secunia Advisory

SA41263

Release Date

2010-09-02

Last Update

2010-12-08

Popularity

3,288 views

Comments

0 comments

Criticality level

Less critical

Impact

Privilege escalation
DoS
Exposure of sensitive information

Where

Local system

Authentication level

This information is available to Secunia VIM customers

Report reliability

This information is available to Secunia VIM customers

Solution Status

Vendor Patch

Systems affected

This information is available to Secunia VIM customers

Approve distribution

This information is available to Secunia VIM customers

Remediation status

Secunia CSI, Secunia PSI

Automated scanning

Secunia CSI, Secunia PSI

Operating System

Linux Kernel 2.6.x

Secunia CVSS Score

This information is available to Secunia VIM Customers

CVE Reference(s)

CVE-2010-2960 CVSS score available to Secunia VIM customers
CVE-2010-3080 CVSS score available to Secunia VIM customers
CVE-2010-4074 CVSS score available to Secunia VIM customers
CVE-2010-4082 CVSS score available to Secunia VIM customers

Description

Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose sensitive information, and potentially gain escalated privileges.

1) An error exists within the "keyctl_session_to_parent()" function in security/keys/keyctl.c, which can be exploited to cause a NULL pointer dereference by e.g. calling "keyctl()" with KEYCTL_SESSION_TO_PARENT.

Note: Successful exploitation may require that the distribution does not use pam_keyinit.

2) A use-after-free error exists within the "snd_seq_oss_open()" function in sound/core/seq/oss/seq_oss_init.c, which can be exploited to e.g. cause a kernel crash.

Note: Successful exploitation may require access to the sequencer device.

3) The "mos7720_ioctl()" function in drivers/usb/serial/mos7720.c, the "mos7840_ioctl()" function in drivers/usb/serial/mos7840.c, and the "viafb_ioctl_get_viafb_info()" function in drivers/video/via/ioctl.c are not properly initializing all members of certain structures before copying them to userspace, which can be exploited to disclose kernel stack memory by sending certain IOCTLs.

Solution
Update to version 2.6.32.23 or 2.6.35.6.

Provided and/or discovered by
1, 2) Tavis Ormandy
3) Dan Rosenberg

Changelog
Further details available to Secunia VIM customers

Original Advisory
Kernel.org:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.23
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.6

1) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2960
http://www.openwall.com/lists/oss-security/2010/09/02/1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3d96406c7da1ed5811ea52a3b0905f4f0e295376

2) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=27f7ad53829f79e799a253285318bff79ece15bd
http://www.openwall.com/lists/oss-security/2010/09/08/7

3) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4082
http://www.openwall.com/lists/oss-security/2010/10/25/3
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b4aaa78f4c2f9cde2f335b14f4ca30b01f9651ca

Deep Links
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Linux Kernel Multiple Vulnerabilities

No posts yet

Secunia Advisory SA41263

Linux Kernel Multiple Vulnerabilities

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?