LinuxQuestions.org
Page 9 of 20 « First 78 9 101119 Last »
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Kernel Vulns (https://www.linuxquestions.org/questions/linux-security-4/kernel-vulns-399624/)

win32sux 07-09-2008 01:09 PM
TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
 
Another one without a CVE mentioned in the 2.6.25.10 ChangeLog.
Quote:
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
CVE-2008-2812 | Bugtraq ID: 30076

win32sux 08-06-2008 10:31 AM
Linux Kernel "snd_seq_oss_synth_make_info()" Information Disclosure
 
Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.

The vulnerability is caused due to an error within the "snd_seq_oss_synth_make_info()" function in sound/core/seq/oss/seq_oss_synth.c. This can be exploited to disclose potentially sensitive memory by passing an invalid device number to the vulnerable function.

The vulnerability is reported in versions prior to 2.6.27-rc2.

Solution:
Fixed in version 2.6.27-rc2.
Secunia Advisory | CVE-2008-3272

EDIT: Note that stable version 2.6.26.2 was released today, and it includes a patch for this.

win32sux 08-07-2008 05:38 PM
Linux Kernel 'uvc_driver.c ' Format Descriptor Parsing Buffer Overflow Vulnerability
 
Seems 2.6.26.1 did include at least one security patch, which I missed (partly for reasons discussed here).

So I'm posting this late notice only for completeness' sake. =/

Quote:
The Linux kernel is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Linux kernel 2.6.26.1 are vulnerable.
Bugtraq ID: 30514

win32sux 08-22-2008 03:25 PM
Linux Kernel "rt6_fill_node()" Denial of Service Vulnerability
 
Quote:
Description:
A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL-pointer dereference error within the "rt6_fill_node()" function in net/ipv6/route.c. This can be exploited to trigger a kernel panic via an "ip route get" command.

Successful exploitation requires that the IPv6 default route is not set.

The vulnerability is reported in version 2.6.26.2. Other versions may also be affected.

Solution:
Fixed in the GIT repository.
http://git.kernel.org/?p=linux/kerne...b9123204f1327a

Restrict local access to trusted users only.
Secunia Advisory | CVE-2008-3686

win32sux 08-30-2008 03:00 AM
Linux Kernel 'sctp_setsockopt_auth_key()' Remote Denial of Service Vulnerability
 
Quote:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

Versions since Linux kernel 2.6.24-rc1 are vulnerable.
Bugtraq ID: 30847

Quote:
Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option.
CVE-2008-3526

win32sux 09-15-2008 02:35 PM
Linux Kernel s390 ptrace Local Denial of Service
 
Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when running a 31-bit ptrace, which can be exploited to cause a kernel panic.

The vulnerability is reported in versions prior to 2.6.27-rc6 for the s390 architecture.

Solution:
Fixed in 2.6.27-rc6.
Secunia Advisory | CVE-2008-1514

win32sux 09-17-2008 08:33 PM
Linux kernel NFSv4 ACL Buffer Overflow Vulnerability
 
Quote:
The Linux kernel is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code or cause a denial-of-service condition.

Versions prior to Linux kernel 2.6.26.4 are vulnerable.
Bugtraq ID:31133 | CVE-2008-3915

win32sux 10-04-2008 09:09 AM
Linux Kernel "vmi_write_ldt_entry()" Privilege Escalation
 
Quote:
Description:
Eugene Teo has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users in a VMI guest to cause a DoS (Denial of Service) and potentially gain escalated privileges.

The vulnerability is caused due to an error within the "vmi_write_ldt_entry()" function in arch/x86/kernel/vmi_32.c. This can be exploited to write values into the IDT by e.g. calling "sys_modify_ldt()".

Successful exploitation requires that the kernel is running as VMI guest on a x86 system.

Solution:
Fixed in the GIT repository.
http://git.kernel.org/?p=linux/kerne...7398ca0606ab1c
Secunia Advisory

win32sux 10-08-2008 10:53 PM
Linux 2.6.26.6 has been released. AFAICT, it includes at least two security fixes. One for the previously mentioned CVE-2008-1514, and one for a SCTP INIT-ACK AUTH Extension Remote Denial of Service Vulnerability.

win32sux 10-20-2008 07:29 AM
Linux Kernel DRM_I915_HWS_ADDR IOCTL Privilege Escalation
 
Quote:
Description:
Olaf Kirch has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to potentially gain escalated privileges.

The vulnerability is caused due to the DRM_I915_HWS_ADDR IOCTL being available to non-root users, which can be exploited to e.g. zero and remap memory locations by sending a specially crafted IOCTL to the driver.

Successful exploitation may allow to execute arbitrary code with escalated privileges, but requires an Intel G33 series or newer chipset.

Solution:
Fixed in version 2.6.27-git8.
http://git.kernel.org/?p=linux/kerne...6c2a19c072e9bd
Secunia Advisory | CVE-2008-3831

win32sux 10-22-2008 05:24 PM
Linux 2.6.27.3 has been released.
 
It includes the fix for CVE-2008-3831 (mentioned above), and at least one more security-related fix:
Code:
    security: avoid calling a NULL function pointer in drivers/video/tvaudio.c
   
    commit 5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 upstream
   
    NULL function pointers are very bad security wise. This one got caught by
    kerneloops.org quite a few times, so it's happening in the field....
   
    Fix is simple, check the function pointer for NULL, like 6 other places
    in the same function are already doing.
2.6.27.3 ChangeLog

win32sux 10-26-2008 12:13 AM
Linux 2.6.27.4 has been released.
 
It includes at least one security vulnerability fix:
Code:
    ext[234]: Avoid printk floods in the face of directory corruption
   
    Note: some people thinks this represents a security bug, since it
    might make the system go away while it is printing a large number of
    console messages, especially if a serial console is involved.  Hence,
    it has been assigned CVE-2008-3528, but it requires that the attacker
    either has physical access to your machine to insert a USB disk with a
    corrupted filesystem image (at which point why not just hit the power
    button), or is otherwise able to convince the system administrator to
    mount an arbitrary filesystem image (at which point why not just
    include a setuid shell or world-writable hard disk device file or some
    such).  Me, I think they're just being silly. --tytso
2.6.27.4 ChangeLog | CVE-2008-3528

win32sux 11-13-2008 01:46 PM
Linux 2.6.27.6 has been released.
 
In addresses at least one security vulnerability:
Quote:
hfs: fix namelength memory corruption (CVE-2008-5025)
ChangeLog | CVE-2008-5025

win32sux 11-20-2008 08:11 PM
Linux 2.6.27.7 has been released.
 
It addresses at least one security vulnerability:
Quote:
V4L/DVB (9624): CVE-2008-5033: fix OOPS on tvaudio when controlling bass/treble
ChangeLog | CVE-2008-5033

win32sux 11-28-2008 12:10 PM
Linux Kernel "sendmsg()" Garbage Collector Denial of Service
 
Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due "sendmsg()" not correctly blocking while the UNIX garbage collector is running. This can be exploited to e.g. cause soft lockups or trigger out of memory conditions in other applications via certain UNIX socket operations.

Solution:
Fixed in the GIT repository.
Secunia Advisory


All times are GMT -5. The time now is 04:36 AM.
Page 9 of 20 « First 78 9 101119 Last »
Show 50 post(s) from this thread on one page