[Full-disclosure] [USN-95-1] Linux kernel vulnerabilities

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 03/15/05

Next message: Andrew Simmons: "Re: [Full-disclosure] Good security books"

Previous message: Cupps, James: "RE: [Full-disclosure] Good security books"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 15 Mar 2005 15:12:28 +0100
To: ubuntu-security-announce@lists.ubuntu.com

===========================================================
Ubuntu Security Notice USN-95-1 March 15, 2005
linux-source-2.6.8.1 vulnerabilities
CAN-2005-0209, CAN-2005-0210, CAN-2005-0384, CAN-2005-0529,
CAN-2005-0530, CAN-2005-0531, CAN-2005-0532, CAN-2005-0736
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-patch-debian-2.6.8.1

The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.12. You need to reboot the computer after doing a
standard system upgrade to effect the necessary changes.

Details follow:

A remote Denial of Service vulnerability was discovered in the
Netfilter IP packet handler. This allowed a remote attacker to crash
the machine by sending specially crafted IP packet fragments.
(CAN-2005-0209)

The Netfilter code also contained a memory leak. Certain locally
generated packet fragments are reassembled twice, which caused a
double allocation of a data structure. This could be locally exploited
to crash the machine due to kernel memory exhaustion. (CAN-2005-0210)

Ben Martel and Stephen Blackheath found a remote Denial of Service
vulnerability in the PPP driver. This allowed a malicious pppd client
to crash the server machine. (CAN-2005-0384)

Georgi Guninski discovered a buffer overflow in the ATM driver. The
atm_get_addr() function does not validate its arguments sufficiently,
which could allow a local attacker to overwrite large portions of
kernel memory by supplying a negative length argument. This could
eventually lead to arbitrary code execution. (CAN-2005-0531)

Georgi Guninski also discovered three other integer comparison
problems in the TTY layer, in the /proc interface and the ReiserFS
driver. However, the previous Ubuntu security update (kernel version
2.6.8.1-16.11) already contained a patch which checks the arguments to
these functions at a higher level and thus prevents these flaws from
being exploited. (CAN-2005-0529, CAN-2005-0530, CAN-2005-0532)

Georgi Guninski discovered an integer overflow in the sys_epoll_wait()
function which allowed local users to overwrite the first few kB of
physical memory. However, very few applications actually use this
space (dosemu is a notable exception), but potentially this could lead
to privilege escalation. (CAN-2005-0736)

Eric Anholt discovered a race condition in the Radeon DRI driver. In
some cases this allowed a local user with DRI privileges on a Radeon
card to execute arbitrary code with root privileges.

Finally this update fixes a regression in the NFS server driver
which was introduced in the previous security update (kernel version
2.6.8.1-16.11). We apologize for the inconvenience.
(https://bugzilla.ubuntulinux.org/show_bug.cgi?id=6749)

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.12.diff.gz
      Size/MD5: 3138173 562c678c1db3839022a46fe6707b17a2
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.12.dsc
      Size/MD5: 2121 ca9878e5a4300fb3d3ae973528826752
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1.orig.tar.gz
      Size/MD5: 44728688 79730a3ad4773ba65fab65515369df84

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-doc-2.6.8.1_2.6.8.1-16.12_all.deb
      Size/MD5: 6156398 8c909af9ca59a3ca9332e9b104550345
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-patch-debian-2.6.8.1_2.6.8.1-16.12_all.deb
      Size/MD5: 1494402 7a0837f2bf959a81c654c739adbd46e9
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-source-2.6.8.1_2.6.8.1-16.12_all.deb
      Size/MD5: 36720352 05befe6c04d9327f92b49f8141220449
    http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.8.1/linux-tree-2.6.8.1_2.6.8.1-16.12_all.deb
      Size/MD5: 308034 147891a0041bcf9d210915a71914d6c0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

application/pgp-signature attachment: Digital signature

Next message: Andrew Simmons: "Re: [Full-disclosure] Good security books"

Previous message: Cupps, James: "RE: [Full-disclosure] Good security books"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[USN-95-1] Linux kernel vulnerabilities
... Ubuntu 4.10 ... The following packages are affected: ... Georgi Guninski discovered a buffer overflow in the ATM driver. ... the previous Ubuntu security update (kernel version ...
(Bugtraq)
[Full-Disclosure] [USN-70-1] Perl DBI module vulnerability
... Ubuntu 4.10 ... The following packages are affected: ... The problem can be corrected by upgrading the affected package to ... Javier Fern�ndez-Sanguino Pe�a from the Debian Security Audit Project ...
(Full-Disclosure)
[USN-70-1] Perl DBI module vulnerability
... Ubuntu 4.10 ... The following packages are affected: ... The problem can be corrected by upgrading the affected package to ... Javier Fern�ndez-Sanguino Pe�a from the Debian Security Audit Project ...
(Bugtraq)
[USN-70-1] Perl DBI module vulnerability
... Ubuntu 4.10 ... The following packages are affected: ... The problem can be corrected by upgrading the affected package to ... Javier Fern�ndez-Sanguino Pe�a from the Debian Security Audit Project ...
(Full-Disclosure)
The Big Ol Ubuntu Security Resource
... but its default install has flaws. ... are the mods you need to make to protect your system. ... If you've recently switched from Windows to the Linux distribution Ubuntu, ... IT Security has prepared a guide to help you ...
(microsoft.public.windowsxp.general)