CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
97.3%
Debian Security Advisory DSA 1067-1 [email protected]
http://www.debian.org/security/ Martin Schulze, Dann Frazier
May 20th, 2006 http://www.debian.org/security/faq
Package : kernel-source-2.4.16,kernel-image-2.4.16-lart,kernel-image-2.4.16-riscpc,kernel-image-2.4.16-netwinder
Vulnerability : several
Problem-Type : local/remote
Debian-specific: no
CVE IDs : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135
Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2004-0427
A local denial of service vulnerability in do_fork() has been found.
CVE-2005-0489
A local denial of service vulnerability in proc memory handling has
been found.
CVE-2004-0394
A buffer overflow in the panic handling code has been found.
CVE-2004-0447
A local denial of service vulnerability through a null pointer
dereference in the IA64 process handling code has been found.
CVE-2004-0554
A local denial of service vulnerability through an infinite loop in
the signal handler code has been found.
CVE-2004-0565
An information leak in the context switch code has been found on
the IA64 architecture.
CVE-2004-0685
Unsafe use of copy_to_user in USB drivers may disclose sensitive
information.
CVE-2005-0001
A race condition in the i386 page fault handler may allow privilege
escalation.
CVE-2004-0883
Multiple vulnerabilities in the SMB filesystem code may allow denial
of service of information disclosure.
CVE-2004-0949
An information leak discovered in the SMB filesystem code.
CVE-2004-1016
A local denial of service vulnerability has been found in the SCM layer.
CVE-2004-1333
An integer overflow in the terminal code may allow a local denial of
service vulnerability.
CVE-2004-0997
A local privilege escalation in the MIPS assembly code has been found.
CVE-2004-1335
A memory leak in the ip_options_get() function may lead to denial of
service.
CVE-2004-1017
Multiple overflows exist in the io_edgeport driver which might be usable
as a denial of service attack vector.
CVE-2005-0124
Bryan Fulton reported a bounds checking bug in the coda_pioctl function
which may allow local users to execute arbitrary code or trigger a denial
of service attack.
CVE-2005-0528
A local privilege escalation in the mremap function has been found
CVE-2003-0984
Inproper initialization of the RTC may disclose information.
CVE-2004-1070
Insufficient input sanitising in the load_elf_binary() function may
lead to privilege escalation.
CVE-2004-1071
Incorrect error handling in the binfmt_elf loader may lead to privilege
escalation.
CVE-2004-1072
A buffer overflow in the binfmt_elf loader may lead to privilege
escalation or denial of service.
CVE-2004-1073
The open_exec function may disclose information.
CVE-2004-1074
The binfmt code is vulnerable to denial of service through malformed
a.out binaries.
CVE-2004-0138
A denial of service vulnerability in the ELF loader has been found.
CVE-2004-1068
A programming error in the unix_dgram_recvmsg() function may lead to
privilege escalation.
CVE-2004-1234
The ELF loader is vulnerable to denial of service through malformed
binaries.
CVE-2005-0003
Crafted ELF binaries may lead to privilege escalation, due to
insufficient checking of overlapping memory regions.
CVE-2004-1235
A race condition in the load_elf_library() and binfmt_aout() functions
may allow privilege escalation.
CVE-2005-0504
An integer overflow in the Moxa driver may lead to privilege escalation.
CVE-2005-0384
A remote denial of service vulnerability has been found in the PPP
driver.
CVE-2005-0135
An IA64 specific local denial of service vulnerability has been found
in the unw_unwind_to_user() function.
The following matrix explains which kernel version for which architecture
fix the problems mentioned above:
Debian 3.0 (woody)
Source 2.4.16-1woody2
arm/lart 20040419woody1
arm/netwinder 20040419woody1
arm/riscpc 20040419woody1
We recommend that you upgrade your kernel package immediately and reboot
the machine.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get dist-upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.dsc
Size/MD5 checksum: 655 cbaba3ab1ea1f99557d717bb19908dc8
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.tar.gz
Size/MD5 checksum: 16628 c10d76a01d03e58049b594270d7fd7c5
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.dsc
Size/MD5 checksum: 693 be25ede481365d969f465a0356bfe047
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.tar.gz
Size/MD5 checksum: 21947 12d6a2977ba7683e48e92293e4a87cf6
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.dsc
Size/MD5 checksum: 661 6895c73dc50b56d48588e3f053fbcc05
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.tar.gz
Size/MD5 checksum: 19300 3e60e7aa88e553221264f1b004d9091d
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.dsc
Size/MD5 checksum: 680 81e8e543d617f8464a222767e18aa261
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.diff.gz
Size/MD5 checksum: 46430 d164de27560966cb695141de9b004e7e
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16.orig.tar.gz
Size/MD5 checksum: 29364642 8e42e72848dc5098b6433d66d5cacffc
ARM architecture:
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1_arm.deb
Size/MD5 checksum: 718814 87806c13fa914865ecc00f784c64a8f4
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-headers-2.4.16_20040419woody1_arm.deb
Size/MD5 checksum: 3437272 3061b1a8212d2538bdbffa9609300322
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1_arm.deb
Size/MD5 checksum: 6675192 b588a74f3b53c06ef3ffb26218c6e191
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1_arm.deb
Size/MD5 checksum: 2914360 3df4986a2bfa64ddea35cb2b76d390a5
Architecture independent components:
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-doc-2.4.16_2.4.16-1woody3_all.deb
Size/MD5 checksum: 1718004 b458e950b6aabb99a781f507c2015dd3
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3_all.deb
Size/MD5 checksum: 23820868 3001c4af6222fa22ecba3053a146e248
These files will probably be moved into the stable distribution on
its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 3.1 | all | kernel-doc-2.6.8 | < 2.6.8-14 | kernel-doc-2.6.8_2.6.8-14_all.deb |
Debian | 3 | all | kernel-source-2.4.17 | < 2.4.17-1woody4 | kernel-source-2.4.17_2.4.17-1woody4_all.deb |
Debian | 3 | sparc | mkcramfs | < 2.4.17-1woody4 | mkcramfs_2.4.17-1woody4_sparc.deb |
Debian | 3.1 | all | kernel-tree-2.6.8 | < 2.6.8-13 | kernel-tree-2.6.8_2.6.8-13_all.deb |
Debian | 3 | all | kernel-source-2.4.16 | < 2.4.16-1woody2 | kernel-source-2.4.16_2.4.16-1woody2_all.deb |
Debian | 3 | all | kernel-source-2.4.19 | < 2.4.19-4.woody3 | kernel-source-2.4.19_2.4.19-4.woody3_all.deb |
Debian | 3.1 | all | kernel-doc-2.6.8 | < 2.6.8-13 | kernel-doc-2.6.8_2.6.8-13_all.deb |
Debian | 3 | sparc | kernel-image-2.4.19-sun4u | < 26woody1 | kernel-image-2.4.19-sun4u_26woody1_sparc.deb |
Debian | 3 | mipsel | mkcramfs | < 2.4.17-1woody4 | mkcramfs_2.4.17-1woody4_mipsel.deb |
Debian | 3.1 | all | kernel-tree-2.6.8 | < 2.6.8-14 | kernel-tree-2.6.8_2.6.8-14_all.deb |