7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
The original update lacked recompiled ALSA modules against the new kernel
ABI. Furthermore, kernel-latest-2.4-sparc now correctly depends on the
updated packages. For completeness weβre providing the original problem description:
>
> Several local and remote vulnerabilities have been discovered in the Linux
> kernel that may lead to a denial of service or the execution of arbitrary
> code. The Common Vulnerabilities and Exposures project identifies the
> following problems:
>
>
> * CVE-2004-0887
> Martin Schwidefsky discovered that the privileged instruction SACF (Set
> Address Space Control Fast) on the S/390 platform is not handled properly,
> allowing for a local user to gain root privileges.
> * CVE-2004-1058
> A race condition allows for a local user to read the environment variables
> of another process that is still spawning through /proc/β¦/cmdline.
> * CVE-2004-2607
> A numeric casting discrepancy in sdla_xfer allows local users to read
> portions of kernel memory via a large len argument which is received as an
> int but cast to a short, preventing read loop from filling a buffer.
> * CVE-2005-0449
> An error in the skb_checksum_help() function from the netfilter framework
> has been discovered that allows the bypass of packet filter rules or
> a denial of service attack.
> * CVE-2005-1761
> A vulnerability in the ptrace subsystem of the IA-64 architecture can
> allow local attackers to overwrite kernel memory and crash the kernel.
> * CVE-2005-2457
> Tim Yamin discovered that insufficient input validation in the compressed
> ISO file system (zisofs) allows a denial of service attack through
> maliciously crafted ISO images.
> * CVE-2005-2555
> Herbert Xu discovered that the setsockopt() function was not restricted to
> users/processes with the CAP_NET_ADMIN capability. This allows attackers to
> manipulate IPSEC policies or initiate a denial of service attack.
> * CVE-2005-2709
> Al Viro discovered a race condition in the /proc handling of network devices.
> A (local) attacker could exploit the stale reference after interface shutdown
> to cause a denial of service or possibly execute code in kernel mode.
> * CVE-2005-2973
> Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code
> can be forced into an endless loop, which allows a denial of service attack.
> * CVE-2005-3257
> Rudolf Polzer discovered that the kernel improperly restricts access to the
> KDSKBSENT ioctl, which can possibly lead to privilege escalation.
> * CVE-2005-3783
> The ptrace code using CLONE_THREAD didnβt use the thread group ID to
> determine whether the caller is attaching to itself, which allows a denial
> of service attack.
> * CVE-2005-3806
> Yen Zheng discovered that the IPv6 flow label code modified an incorrect variable,
> which could lead to memory corruption and denial of service.
> * CVE-2005-3848
> Ollie Wild discovered a memory leak in the icmp_push_reply() function, which
> allows denial of service through memory consumption.
> * CVE-2005-3857
> Chris Wright discovered that excessive allocation of broken file lock leases
> in the VFS layer can exhaust memory and fill up the system logging, which allows
> denial of service.
> * CVE-2005-3858
> Patrick McHardy discovered a memory leak in the ip6_input_finish() function from
> the IPv6 code, which allows denial of service.
> * CVE-2005-4618
> Yi Ying discovered that sysctl does not properly enforce the size of a
> buffer, which allows a denial of service attack.
>
>
>
The following matrix explains which kernel version for which architecture
fix the problems mentioned above:
Debian 3.1 (sarge) | |
---|---|
Source | 2.4.27-10sarge2 |
Alpha architecture | 2.4.27-10sarge2 |
ARM architecture | 2.4.27-2sarge2 |
Intel IA-32 architecture | 2.4.27-10sarge2 |
Intel IA-64 architecture | 2.4.27-10sarge2 |
Motorola 680x0 architecture | 2.4.27-3sarge2 |
Big endian MIPS architecture | 2.4.27-10.sarge1.040815-2 |
Little endian MIPS architecture | 2.4.27-10.sarge1.040815-2 |
PowerPC architecture | 2.4.27-10sarge2 |
IBM S/390 architecture | 2.4.27-2sarge2 |
Sun Sparc architecture | 2.4.27-9sarge2 |
The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:
Debian 3.1 (sarge) | |
---|---|
kernel-latest-2.4-alpha | 101sarge1 |
kernel-latest-2.4-i386 | 101sarge1 |
kernel-latest-2.4-s390 | 2.4.27-1sarge1 |
kernel-latest-2.4-sparc | 42sarge1 |
kernel-latest-powerpc | 102sarge1 |
fai-kernels | 1.9.1sarge1 |
i2c | 1:2.9.1-1sarge1 |
kernel-image-speakup-i386 | 2.4.27-1.1sasrge1 |
lm-sensors | 1:2.9.1-1sarge3 |
mindi-kernel | 2.4.27-2sarge1 |
pcmcia-modules-2.4.27-i386 | 3.2.5+2sarge1 |
systemimager | 3.2.3-6sarge1 |
We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.
This update introduces a change in the kernelβs binary interface, the affected
kernel packages inside Debian have been rebuilt, if youβre running local addons
youβll need to rebuild these as well.
CPE | Name | Operator | Version |
---|---|---|---|
kernel-source-2.4.27 | eq | 2.4.27-10sarge1 | |
kernel-source-2.4.27 | eq | 2.4.27-10 |