Lucene search

K
osvGoogleOSV:DSA-1503-2
HistoryFeb 22, 2008 - 12:00 a.m.

kernel-source-2.4.27 - several vulnerabilities

2008-02-2200:00:00
Google
osv.dev
32

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.141 Low

EPSS

Percentile

95.7%

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:

  • CVE-2004-2731
    infamous41md reported multiple integer overflows in the Sbus PROM
    driver that would allow for a DoS (Denial of Service) attack by a
    local user, and possibly the execution of arbitrary code.
  • CVE-2006-4814
    Doug Chapman discovered a potential local DoS (deadlock) in the mincore
    function caused by improper lock handling.
  • CVE-2006-5753
    Eric Sandeen provided a fix for a local memory corruption vulnerability
    resulting from a misinterpretation of return values when operating on
    inodes which have been marked bad.
  • CVE-2006-5823
    LMH reported a potential local DoS which could be exploited by a malicious
    user with the privileges to mount and read a corrupted cramfs filesystem.
  • CVE-2006-6053
    LMH reported a potential local DoS which could be exploited by a malicious
    user with the privileges to mount and read a corrupted ext3 filesystem.
  • CVE-2006-6054
    LMH reported a potential local DoS which could be exploited by a malicious
    user with the privileges to mount and read a corrupted ext2 filesystem.
  • CVE-2006-6106
    Marcel Holtman discovered multiple buffer overflows in the Bluetooth
    subsystem which can be used to trigger a remote DoS (crash) and potentially
    execute arbitrary code.
  • CVE-2007-1353
    Ilja van Sprundel discovered that kernel memory could be leaked via the
    Bluetooth setsockopt call due to an uninitialized stack buffer. This
    could be used by local attackers to read the contents of sensitive kernel
    memory.
  • CVE-2007-1592
    Masayuki Nakagawa discovered that flow labels were inadvertently
    being shared between listening sockets and child sockets. This defect
    can be exploited by local users to cause a DoS (Oops).
  • CVE-2007-2172
    Thomas Graf reported a typo in the DECnet protocol handler that could
    be used by a local attacker to overrun an array via crafted packets,
    potentially resulting in a Denial of Service (system crash).
    A similar issue exists in the IPV4 protocol handler and will be fixed
    in a subsequent update.
  • CVE-2007-2525
    Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused
    by releasing a socket before PPPIOCGCHAN is called upon it. This could
    be used by a local user to DoS a system by consuming all available memory.
  • CVE-2007-3848
    Wojciech Purczynski discovered that pdeath_signal was not being reset
    properly under certain conditions which may allow local users to gain
    privileges by sending arbitrary signals to suid binaries.
  • CVE-2007-4308
    Alan Cox reported an issue in the aacraid driver that allows unprivileged
    local users to make ioctl calls which should be restricted to admin
    privileges.
  • CVE-2007-4311
    PaX team discovered an issue in the random driver where a defect in the
    reseeding code leads to a reduction in entropy.
  • CVE-2007-5093
    Alex Smith discovered an issue with the pwc driver for certain webcam
    devices. If the device is removed while a userspace application has it
    open, the driver will wait for userspace to close the device, resulting
    in a blocked USB subsystem. This issue is of low security impact as
    it requires the attacker to either have physical access to the system
    or to convince a user with local access to remove the device on their
    behalf.
  • CVE-2007-6063
    Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl
    handling, exploitable by a local user.
  • CVE-2007-6151
    ADLAB discovered a possible memory overrun in the ISDN subsystem that
    may permit a local user to overwrite kernel memory by issuing
    ioctls with unterminated data.
  • CVE-2007-6206
    Blake Frantz discovered that when a core file owned by a non-root user
    exists, and a root-owned process dumps core over it, the core file
    retains its original ownership. This could be used by a local user to
    gain access to sensitive information.
  • CVE-2007-6694
    Cyrill Gorcunov reported a NULL pointer dereference in code specific
    to the CHRP PowerPC platforms. Local users could exploit this issue
    to achieve a Denial of Service (DoS).
  • CVE-2008-0007
    Nick Piggin of SuSE discovered a number of issues in subsystems which
    register a fault handler for memory mapped areas. This issue can be
    exploited by local users to achieve a Denial of Service (DoS) and possibly
    execute arbitrary code.

The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:

Debian 3.1 (sarge)
alsa-modules-i386 1.0.8+2sarge2
kernel-image-2.4.27-arm 2.4.27-2sarge6
kernel-image-2.4.27-m68k 2.4.27-3sarge6
kernel-image-speakup-i386 2.4.27-1.1sarge5
kernel-image-2.4.27-alpha 2.4.27-10sarge6
kernel-image-2.4.27-s390 2.4.27-2sarge6
kernel-image-2.4.27-sparc 2.4.27-9sarge6
kernel-image-2.4.27-i386 2.4.27-10sarge6
kernel-image-2.4.27-ia64 2.4.27-10sarge6
kernel-patch-2.4.27-mips 2.4.27-10.sarge4.040815-3
kernel-patch-powerpc-2.4.27 2.4.27-10sarge6
kernel-latest-2.4-alpha 101sarge3
kernel-latest-2.4-i386 101sarge2
kernel-latest-2.4-s390 2.4.27-1sarge2
kernel-latest-2.4-sparc 42sarge3
i2c 1:2.9.1-1sarge2
lm-sensors 1:2.9.1-1sarge4
mindi-kernel 2.4.27-2sarge5
pcmcia-modules-2.4.27-i386 3.2.5+2sarge2
hostap-modules-i386 1:0.3.7-1sarge3
systemimager 3.2.3-6sarge5

We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.141 Low

EPSS

Percentile

95.7%