LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-05-2008, 02:01 AM   #136
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel PARISC "parisc_show_stack()" Denial of Service


Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "parisc_show_stack()" function when trying to unwind a stack containing userspace addresses, which can be exploited to crash a vulnerable system.

Successful exploitation requires that the kernel is running on a PARISC 32bit or 64bit machine.

Solution:
Fixed in version 2.6.28-rc7.
Secunia Advisory | Bugtraq

Last edited by win32sux; 12-05-2008 at 02:22 AM.
 
Old 12-05-2008, 05:26 PM   #137
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.27.8 has been released.

It includes at least one security fix (CVE-2008-5300).

The full changelog is here.

Last edited by win32sux; 12-05-2008 at 05:28 PM.
 
Old 12-13-2008, 06:20 PM   #138
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.27.9 has been released.

It includes at least one security fix.
Quote:
ATM: CVE-2008-5079: duplicate listen() on socket corrupts the vcc table

commit 17b24b3c97498935a2ef9777370b1151dfed3f6f upstream.

As reported by Hugo Dias that it is possible to cause a local denial
of service attack by calling the svc_listen function twice on the same
socket and reading /proc/net/atm/*vc
ChangeLog | CVE-2008-5079
 
Old 01-15-2009, 01:00 PM   #139
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel 64bit ABI System Call Parameter Sign Extension Security Issue

Quote:
A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to potentially cause a DoS (Denial of Service) or gain escalated privileges.

The security issue is caused due to the kernel accepting certain 32bit parameters passed in a 64bit register from userspace without ensuring that the value is correctly sign extended. This may be exploited to crash a system or potentially gain escalated privileges by passing specially crafted parameters to affected system calls.

Reportedly, the following architectures use a vulnerable ABI system when running a 64bit kernel and a 64bit userspace:
* S390
* PowerPC
* SPARC64
* MIPS
Secunia Advisory | CVE-2009-0029
 
Old 01-19-2009, 04:24 PM   #140
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel "keyctl_join_session_keyring()" Denial of Service

Quote:
A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a memory leak within the "keyctl_join_session_keyring()" function in security/keys/keyctl.c and can be exploited to exhaust all available memory.
Secunia Advisory | CVE-2009-0031
 
Old 01-26-2009, 05:06 PM   #141
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel dell_rbu Denial of Service Security Issues

Quote:
Description:
Two security issues have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The security issues are caused due to errors within the "read_rbu_image_type()" and "read_rbu_packet_size()" functions in drivers/firmware/dell_rbu.c and can be exploited to crash a vulnerable system by e.g. reading zero bytes from /sys/devices/platform/dell_rbu/image_type or /sys/devices/platform/dell_rbu/packet_size.

Solution:
Update to version 2.6.27.13 or 2.6.28.2.
Secunia Advisory
 
Old 02-04-2009, 12:10 PM   #142
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel Denial of Service Vulnerabilities

Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).

1) A vulnerability is caused due to an error within the "make_indexed_dir()" function in fs/ext3/namei.c, which can be exploited to e.g. crash a system via a specially crafted Ext3 system.

2) A vulnerability is caused due to an error within the "inotify_read()" function in fs/notify/inotify/inotify_user.c, which can result in the device's list mutex being unlocked twice. This can be exploited to e.g. cause a system crash by passing an invalid pointer to the "read()" function of an inotify instance while simultaneously accessing it from different tasks.

The vulnerabilities are reported in versions prior to 2.6.27.14 and 2.6.28.3. Other versions may also be affected.

Solution:
Update to version 2.6.27.14 and 2.6.28.3.
Secunia Advisory
 
Old 02-11-2009, 04:58 PM   #143
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel Console Selection Local Privilege Escalation Vulnerability

Quote:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges or crash the affected kernel, denying service to legitimate users.

Versions prior to Linux kernel 2.6.28.4 are vulnerable.
Bugtraq
 
Old 02-12-2009, 08:40 AM   #144
GazL
Senior Member
 
Registered: May 2008
Posts: 3,319

Rep: Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881Reputation: 881
Quote:
Originally Posted by win32sux View Post
If this is:
Quote:
Fix memory corruption in console selection
commit 878b8619f711280fd05845e21956434b5e588cc4 upstream.
... then for those sticking with the 27.x branch, it looks like it's also fixed in 2.6.27.15.


PS. Thanks for posting these win32sux. As my distro of choice doesn't tend to update the kernel except in the most severe cases, I find your announcements here invaluable.
 
Old 02-12-2009, 03:45 PM   #145
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,987
Blog Entries: 54

Original Poster
Rep: Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742Reputation: 2742
Yeah, you have my gratitude as well. Keep up the good work win32sux!
 
Old 02-12-2009, 05:39 PM   #146
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel Kprobe Memory Corruption Vulnerability

Glad to be of service, guys!

Quote:
The Linux kernel is prone to a memory-corruption vulnerability because of a design flaw in the Kprobe system.

Local attackers could exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with kernel-level privileges, but this has not been confirmed.

Versions prior to Linux kernel 2.6.28.5 are vulnerable.
Bugtraq
 
Old 02-17-2009, 06:07 PM   #147
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel 64 Bit ABI System Call Parameter Privilege Escalation Vulnerability

Quote:
The Linux Kernel is prone to a local privilege-escalation vulnerability.

A local attacker may be able to exploit this issue to read or write to unintended address spaces. This may result in denial-of-service conditions, the disclosure of sensitive information, or privilege escalation.

This issue affects versions prior to Linux 2.6.28.6 on some 64-bit architectures, including s390, PowerPC, SPARC64, and MIPS. Additional architectures may also be affected.
Bugtraq | CVE-2009-0029

Last edited by win32sux; 02-17-2009 at 06:09 PM. Reason: Added CVE.
 
Old 02-20-2009, 11:42 AM   #148
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel SysKonnect FDDI Driver Statistics Reset Security Bypass

Quote:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.

The weakness is caused due to a logic error within the "skfp_ioctl()" function in drivers/net/skfp/skfddi.c, which can be exploited to reset the driver statistics without having CAP_NET_ADMIN capabilities.

The weakness is reported in versions prior to 2.6.27.18 and 2.6.28.6.
Secunia Advisory
 
Old 02-20-2009, 05:36 PM   #149
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability

Quote:
The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation.

Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

Versions prior to Linux Kernel 2.6.28.6 are vulnerable.
Bugtraq
 
Old 02-20-2009, 08:42 PM   #150
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,732
Blog Entries: 12

Rep: Reputation: 455Reputation: 455Reputation: 455Reputation: 455Reputation: 455
Gotta love sidux, slh keeps the kernel updated.

2.6.28-7.slh.1-sidux-686
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Kernel 2.4 in Zipslack (Waring: unable to open an initial console | Kernel Panic...) kurtamos Linux - General 2 05-10-2006 12:58 PM
Kernel-Patch Debian Logo 2.6.2 not correctly working for custom kernel 2.6.11 smp deepclutch Debian 3 06-27-2005 03:59 AM
kernel panic: try passing init= option to kernel...installation with Red Hat 9 kergen Linux - Hardware 1 09-30-2004 03:28 AM
are there any vulns for kernel 2.6.5? trax Linux - Security 2 04-24-2004 04:10 PM
snort rules to vulns not yet published zuessh Linux - Security 1 02-12-2004 02:17 PM


All times are GMT -5. The time now is 09:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration