LinuxQuestions.org
Page 11 of 20 « First 910 11 1213 Last »
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Kernel Vulns (https://www.linuxquestions.org/questions/linux-security-4/kernel-vulns-399624/)

win32sux 02-25-2009 04:48 AM
Linux Kernel Denial of Service Vulnerabilities
 
Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).

1) A vulnerability is caused due to an error within the "make_indexed_dir()" function in fs/ext4/namei.c, which can be exploited to e.g. crash a system via specially crafted Ext4 file systems.

2) A vulnerability is caused due to an error within the "ext4_fill_super()" function in fs/ext4/super.c, which can be exploited to e.g. crash a system via Ext4 file systems containing specially crafted superblock configurations.

Solution:
Update to version 2.6.27.19 or 2.6.28.7.
Secunia Advisory

win32sux 02-26-2009 07:51 AM
Linux Kernel "clone()" Child Signal Sending Weakness
 
Quote:
Description:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.

The weakness is caused due to an error when processing the signals sent by a child process created via the "clone()" system call and the "CLONE_PARENT" flag, which can be exploited to e.g. kill a parent process with higher privileges.

Successful exploitation e.g. requires that the privileged parent process launches user supplied applications as child processes

Solution:
Restrict access to trusted users only.
Secunia Advisory

win32sux 03-03-2009 01:52 PM
Linux Kernel 32bit/64bit System Call Security Bypass Weaknesses
 
Quote:
Description:
Two weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.

1) An implementation error within the "PR_SET_SECCOMP" feature can be exploited to invoke certain restricted system calls by e.g. switching a 32bit process to 64bit mode and using the "syscall" instruction or using the interrupt 80h in a 64bit process.

2) An implementation error within the "audit_syscall_entry()" function can be exploited to bypass the auditing by e.g. switching a 32bit process to 64bit mode and using the "syscall" instruction or using the interrupt 80h in a 64bit process.

Solution:
Fixed in the GIT repository.
Secunia Advisory

win32sux 03-17-2009 06:25 AM
Linux 2.6.28.8 has been released.
 
It contains one amendment to a security fix, and possibly other security fixes (I will update this as they become clear).
Quote:
net: amend the fix for SO_BSDCOMPAT gsopt infoleak

[ Upstream commit 50fee1dec5d71b8a14c1b82f2f42e16adc227f8b ]

The fix for CVE-2009-0676 (upstream commit df0bca04) is incomplete. Note
that the same problem of leaking kernel memory will reappear if someone
on some architecture uses struct timeval with some internal padding (for
example tv_sec 64-bit and tv_usec 32-bit) --- then, you are going to
leak the padded bytes to userspace.
ChangeLog

win32sux 03-23-2009 05:22 PM
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
 
Quote:
The Linux Kernel is prone to an unauthorized-access vulnerability that can occur when users with certain capabilities connect to the 'nfsd' service.

An attacker with authenticated access to the affected application can exploit this issue to perform privileged operations on a vulnerable computer; this may aid in further attacks.
Bugtraq

NOTE: This seems to have been fixed in 2.6.28.9, which was released a few minutes ago.

win32sux 03-24-2009 07:29 PM
To clarify, 2.6.28.9 addressed at least these two vulnerabilities.

win32sux 04-04-2009 02:04 PM
Linux Kernel "udp_get_next()" and "vms_set_msr()" Denial of Service
 
Quote:
Description:
A security issue and a vulnerability have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service)

1) A security issue is caused due to an error within the "udp_get_next()" function in net/ipv4/udp.c when trying to unlock a not yet locked spinlock. This can be exploited to crash a system by e.g. reading zero bytes from "/proc/net/udp/".

2) A vulnerability is caused due to the "vmx_set_msr()" function in arch/x86/kvm/vmx.c not properly restricting access to the EFER register, which can be exploited to e.g. crash the system.

Solution:
Update to version 2.6.29.1.
Secunia Advisory

win32sux 04-08-2009 09:33 AM
Linux Kernel "CIFSTCon()" Buffer Overflow Vulnerability
 
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "CIFSTCon()" function in fs/cifs/connect.c. This can be exploited to cause a buffer overflow by e.g. sending a specially crafted Tree Connect response to a vulnerable client.
Secunia Advisory

win32sux 04-17-2009 04:59 PM
Linux Kernel Privilege Escalation and Integer Overflow Vulnerabilities
 
Quote:
Multiple vulnerabilities have been identified in Linux Kernel, which could be exploited by local attackers to bypass security restrictions, disclose sensitive information, or gain elevated privileges.

The first issue is caused by an error in the "exit_notify()" [kernel/exit.c] function that does not properly check the CAP_KILL capability, which could allow malicious users to bypass security checks and gain elevated privileges by executing a setuid application before exiting.

The second vulnerability is caused by integer overflow errors in the "rose_sendmsg()" [sys/net/af_rose.c], "nr_sendmsg()" [net/netrom/af_netrom.c], and "x25_sendmsg()" [net/x25/af_x25.c] functions, which could be exploited by malicious users to disclose certain information.

Affected Products

Linux Kernel versions prior to 2.6.30-rc1
VUPEN Security Advisory

win32sux 04-22-2009 06:44 PM
Linux Kernel Multiple Vulnerabilities
 
Secunia has updated the CIFSTCon() advisory it had previously issued, adding a couple vulnerabilities.
Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to potentially compromise a vulnerable system.

1) A boundary error exists within the "CIFSTCon()" function in fs/cifs/connect.c. This can be exploited to cause a buffer overflow by e.g. sending a specially crafted Tree Connect response to a vulnerable client.

2) A boundary error exists within the "decode_unicode_ssetup()" function in fs/cifs/sess.c. This can be exploited to potentially cause a buffer overflow by tricking a user into connecting to a malicious server.

3) An error within the "agp_generic_alloc_page()" function in drivers/char/agp/generic.c can be exploited to disclose potentially sensitive kernel memory.

Solution:
Fixed in version 2.6.30-rc3.
Secunia Advisory

win32sux 04-27-2009 05:09 PM
Linux 2.6.29.2 has been released.
 
It includes fixes for at least two security vulnerabilities.
Quote:
agp: zero pages before sending to userspace

upstream commit: 59de2bebabc5027f93df999d59cc65df591c3e6e

CVE-2009-1192

AGP pages might be mapped into userspace finally, so the pages should be
set to zero before userspace can use it. Otherwise there is potential
information leakage.
Quote:
af_rose/x25: Sanity check the maximum user frame size

upstream commit: 83e0bbcbe2145f160fbaa109b0439dae7f4a38a9

CVE-2009-0795.

Otherwise we can wrap the sizes and end up sending garbage.
CVE-2009-1192 | CVE-2009-0795 | ChangeLog

win32sux 05-06-2009 09:38 PM
Linux Kernel "ptrace_attach()" Privilege Escalation Vulnerability
 
Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to potentially gain escalated privileges.

The vulnerability is caused due to "ptrace_attach()" using an inadequate mutex while synchronizing with "execve()". This can be exploited to potentially execute arbitrary code with root privileges by attaching to a setuid process.

The vulnerability is reported in version 2.6.29. Newer versions may also be affected.

Solution:
Fixed in the GIT repository.
http://git.kernel.org/?p=linux/kerne...c0c7f4a87209eb
Secunia Advisory

win32sux 05-08-2009 11:20 PM
Linux 2.6.29.3 has been released.
 
It includes at least two security-related fixes:
Quote:
unreached code in selinux_ip_postroute_iptables_compat() (CVE-2009-1184)

Not upstream in 2.6.30, as the function was removed there, making this a
non-issue.

Node and port send checks can skip in the compat_net=1 case. This bug
was introduced in commit effad8d.
Quote:
The CAP_KILL check in exit_notify() looks just wrong, kill it.

Whatever logic we have to reset ->exit_signal, the malicious user
can bypass it if it execs the setuid application before exiting.
ChangeLog | CVE-2009-1184 | CVE-2009-1337

win32sux 05-17-2009 05:15 AM
Linux Kernel CIFS String Conversion Multiple Vulnerabilities
 
Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service) and potentially execute arbitrary code.

The vulnerabilities are caused due to various errors when handling string conversions, which can be exploited to e.g. cause buffer overflows.

This is related to vulnerability #1 in:
SA34644

Solution:
Fixed in the GIT repository.

Also partially fixed in version 2.6.30-rc5.
Secunia Advisory

win32sux 05-18-2009 07:08 PM
Linux Kernel KVM Port 80h Denial of Service Security Issue
 
Quote:
Description:
A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The security issue is caused due to the KVM implementation allowing a guest machine direct access to host port 80h and can be exploited to hang the host system.

NOTE: The security issue only affects certain AMD platforms.

The security issue is reported in versions prior to 2.6.30-rc6.

Solution:
Fixed in 2.6.30-rc6.
Secunia Advisory


All times are GMT -5. The time now is 10:38 PM.
Page 11 of 20 « First 910 11 1213 Last »
Show 50 post(s) from this thread on one page