Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Linux Kernel PARISC "parisc_show_stack()" Denial of Service
Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the "parisc_show_stack()" function when trying to unwind a stack containing userspace addresses, which can be exploited to crash a vulnerable system.
Successful exploitation requires that the kernel is running on a PARISC 32bit or 64bit machine.
As reported by Hugo Dias that it is possible to cause a local denial
of service attack by calling the svc_listen function twice on the same
socket and reading /proc/net/atm/*vc
Linux Kernel 64bit ABI System Call Parameter Sign Extension Security Issue
Quote:
A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to potentially cause a DoS (Denial of Service) or gain escalated privileges.
The security issue is caused due to the kernel accepting certain 32bit parameters passed in a 64bit register from userspace without ensuring that the value is correctly sign extended. This may be exploited to crash a system or potentially gain escalated privileges by passing specially crafted parameters to affected system calls.
Reportedly, the following architectures use a vulnerable ABI system when running a 64bit kernel and a 64bit userspace:
* S390
* PowerPC
* SPARC64
* MIPS
Linux Kernel "keyctl_join_session_keyring()" Denial of Service
Quote:
A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to a memory leak within the "keyctl_join_session_keyring()" function in security/keys/keyctl.c and can be exploited to exhaust all available memory.
Linux Kernel dell_rbu Denial of Service Security Issues
Quote:
Description:
Two security issues have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The security issues are caused due to errors within the "read_rbu_image_type()" and "read_rbu_packet_size()" functions in drivers/firmware/dell_rbu.c and can be exploited to crash a vulnerable system by e.g. reading zero bytes from /sys/devices/platform/dell_rbu/image_type or /sys/devices/platform/dell_rbu/packet_size.
Solution:
Update to version 2.6.27.13 or 2.6.28.2.
Description:
Some vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).
1) A vulnerability is caused due to an error within the "make_indexed_dir()" function in fs/ext3/namei.c, which can be exploited to e.g. crash a system via a specially crafted Ext3 system.
2) A vulnerability is caused due to an error within the "inotify_read()" function in fs/notify/inotify/inotify_user.c, which can result in the device's list mutex being unlocked twice. This can be exploited to e.g. cause a system crash by passing an invalid pointer to the "read()" function of an inotify instance while simultaneously accessing it from different tasks.
The vulnerabilities are reported in versions prior to 2.6.27.14 and 2.6.28.3. Other versions may also be affected.
Solution:
Update to version 2.6.27.14 and 2.6.28.3.
Linux Kernel Console Selection Local Privilege Escalation Vulnerability
Quote:
The Linux kernel is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to execute arbitrary code with elevated privileges or crash the affected kernel, denying service to legitimate users.
Versions prior to Linux kernel 2.6.28.4 are vulnerable.
Fix memory corruption in console selection
commit 878b8619f711280fd05845e21956434b5e588cc4 upstream.
... then for those sticking with the 27.x branch, it looks like it's also fixed in 2.6.27.15.
PS. Thanks for posting these win32sux. As my distro of choice doesn't tend to update the kernel except in the most severe cases, I find your announcements here invaluable.
Linux Kernel Kprobe Memory Corruption Vulnerability
Glad to be of service, guys!
Quote:
The Linux kernel is prone to a memory-corruption vulnerability because of a design flaw in the Kprobe system.
Local attackers could exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with kernel-level privileges, but this has not been confirmed.
Versions prior to Linux kernel 2.6.28.5 are vulnerable.
Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability
Quote:
The Linux Kernel is prone to a local privilege-escalation vulnerability.
A local attacker may be able to exploit this issue to read or write to unintended address spaces. This may result in denial-of-service conditions, the disclosure of sensitive information, or privilege escalation.
This issue affects versions prior to Linux 2.6.28.6 on some 64-bit architectures, including s390, PowerPC, SPARC64, and MIPS. Additional architectures may also be affected.
Linux Kernel SysKonnect FDDI Driver Statistics Reset Security Bypass
Quote:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.
The weakness is caused due to a logic error within the "skfp_ioctl()" function in drivers/net/skfp/skfddi.c, which can be exploited to reset the driver statistics without having CAP_NET_ADMIN capabilities.
The weakness is reported in versions prior to 2.6.27.18 and 2.6.28.6.
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
Quote:
The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation.
Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.
Versions prior to Linux Kernel 2.6.28.6 are vulnerable.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
