LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-25-2009, 04:48 AM   #151
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel Denial of Service Vulnerabilities


Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).

1) A vulnerability is caused due to an error within the "make_indexed_dir()" function in fs/ext4/namei.c, which can be exploited to e.g. crash a system via specially crafted Ext4 file systems.

2) A vulnerability is caused due to an error within the "ext4_fill_super()" function in fs/ext4/super.c, which can be exploited to e.g. crash a system via Ext4 file systems containing specially crafted superblock configurations.

Solution:
Update to version 2.6.27.19 or 2.6.28.7.
Secunia Advisory
 
Old 02-26-2009, 07:51 AM   #152
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel "clone()" Child Signal Sending Weakness

Quote:
Description:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.

The weakness is caused due to an error when processing the signals sent by a child process created via the "clone()" system call and the "CLONE_PARENT" flag, which can be exploited to e.g. kill a parent process with higher privileges.

Successful exploitation e.g. requires that the privileged parent process launches user supplied applications as child processes

Solution:
Restrict access to trusted users only.
Secunia Advisory
 
Old 03-03-2009, 01:52 PM   #153
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel 32bit/64bit System Call Security Bypass Weaknesses

Quote:
Description:
Two weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.

1) An implementation error within the "PR_SET_SECCOMP" feature can be exploited to invoke certain restricted system calls by e.g. switching a 32bit process to 64bit mode and using the "syscall" instruction or using the interrupt 80h in a 64bit process.

2) An implementation error within the "audit_syscall_entry()" function can be exploited to bypass the auditing by e.g. switching a 32bit process to 64bit mode and using the "syscall" instruction or using the interrupt 80h in a 64bit process.

Solution:
Fixed in the GIT repository.
Secunia Advisory
 
Old 03-17-2009, 06:25 AM   #154
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.28.8 has been released.

It contains one amendment to a security fix, and possibly other security fixes (I will update this as they become clear).
Quote:
net: amend the fix for SO_BSDCOMPAT gsopt infoleak

[ Upstream commit 50fee1dec5d71b8a14c1b82f2f42e16adc227f8b ]

The fix for CVE-2009-0676 (upstream commit df0bca04) is incomplete. Note
that the same problem of leaking kernel memory will reappear if someone
on some architecture uses struct timeval with some internal padding (for
example tv_sec 64-bit and tv_usec 32-bit) --- then, you are going to
leak the padded bytes to userspace.
ChangeLog
 
Old 03-23-2009, 05:22 PM   #155
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability

Quote:
The Linux Kernel is prone to an unauthorized-access vulnerability that can occur when users with certain capabilities connect to the 'nfsd' service.

An attacker with authenticated access to the affected application can exploit this issue to perform privileged operations on a vulnerable computer; this may aid in further attacks.
Bugtraq

NOTE: This seems to have been fixed in 2.6.28.9, which was released a few minutes ago.
 
Old 03-24-2009, 07:29 PM   #156
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
To clarify, 2.6.28.9 addressed at least these two vulnerabilities.
 
Old 04-04-2009, 02:04 PM   #157
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel "udp_get_next()" and "vms_set_msr()" Denial of Service

Quote:
Description:
A security issue and a vulnerability have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service)

1) A security issue is caused due to an error within the "udp_get_next()" function in net/ipv4/udp.c when trying to unlock a not yet locked spinlock. This can be exploited to crash a system by e.g. reading zero bytes from "/proc/net/udp/".

2) A vulnerability is caused due to the "vmx_set_msr()" function in arch/x86/kvm/vmx.c not properly restricting access to the EFER register, which can be exploited to e.g. crash the system.

Solution:
Update to version 2.6.29.1.
Secunia Advisory
 
Old 04-08-2009, 09:33 AM   #158
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel "CIFSTCon()" Buffer Overflow Vulnerability

Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "CIFSTCon()" function in fs/cifs/connect.c. This can be exploited to cause a buffer overflow by e.g. sending a specially crafted Tree Connect response to a vulnerable client.
Secunia Advisory
 
Old 04-17-2009, 04:59 PM   #159
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel Privilege Escalation and Integer Overflow Vulnerabilities

Quote:
Multiple vulnerabilities have been identified in Linux Kernel, which could be exploited by local attackers to bypass security restrictions, disclose sensitive information, or gain elevated privileges.

The first issue is caused by an error in the "exit_notify()" [kernel/exit.c] function that does not properly check the CAP_KILL capability, which could allow malicious users to bypass security checks and gain elevated privileges by executing a setuid application before exiting.

The second vulnerability is caused by integer overflow errors in the "rose_sendmsg()" [sys/net/af_rose.c], "nr_sendmsg()" [net/netrom/af_netrom.c], and "x25_sendmsg()" [net/x25/af_x25.c] functions, which could be exploited by malicious users to disclose certain information.

Affected Products

Linux Kernel versions prior to 2.6.30-rc1
VUPEN Security Advisory

Last edited by win32sux; 04-17-2009 at 05:17 PM.
 
Old 04-22-2009, 06:44 PM   #160
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel Multiple Vulnerabilities

Secunia has updated the CIFSTCon() advisory it had previously issued, adding a couple vulnerabilities.
Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to potentially compromise a vulnerable system.

1) A boundary error exists within the "CIFSTCon()" function in fs/cifs/connect.c. This can be exploited to cause a buffer overflow by e.g. sending a specially crafted Tree Connect response to a vulnerable client.

2) A boundary error exists within the "decode_unicode_ssetup()" function in fs/cifs/sess.c. This can be exploited to potentially cause a buffer overflow by tricking a user into connecting to a malicious server.

3) An error within the "agp_generic_alloc_page()" function in drivers/char/agp/generic.c can be exploited to disclose potentially sensitive kernel memory.

Solution:
Fixed in version 2.6.30-rc3.
Secunia Advisory
 
Old 04-27-2009, 05:09 PM   #161
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.29.2 has been released.

It includes fixes for at least two security vulnerabilities.
Quote:
agp: zero pages before sending to userspace

upstream commit: 59de2bebabc5027f93df999d59cc65df591c3e6e

CVE-2009-1192

AGP pages might be mapped into userspace finally, so the pages should be
set to zero before userspace can use it. Otherwise there is potential
information leakage.
Quote:
af_rose/x25: Sanity check the maximum user frame size

upstream commit: 83e0bbcbe2145f160fbaa109b0439dae7f4a38a9

CVE-2009-0795.

Otherwise we can wrap the sizes and end up sending garbage.
CVE-2009-1192 | CVE-2009-0795 | ChangeLog
 
Old 05-06-2009, 09:38 PM   #162
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel "ptrace_attach()" Privilege Escalation Vulnerability

Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to potentially gain escalated privileges.

The vulnerability is caused due to "ptrace_attach()" using an inadequate mutex while synchronizing with "execve()". This can be exploited to potentially execute arbitrary code with root privileges by attaching to a setuid process.

The vulnerability is reported in version 2.6.29. Newer versions may also be affected.

Solution:
Fixed in the GIT repository.
http://git.kernel.org/?p=linux/kerne...c0c7f4a87209eb
Secunia Advisory
 
Old 05-08-2009, 11:20 PM   #163
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.29.3 has been released.

It includes at least two security-related fixes:
Quote:
unreached code in selinux_ip_postroute_iptables_compat() (CVE-2009-1184)

Not upstream in 2.6.30, as the function was removed there, making this a
non-issue.

Node and port send checks can skip in the compat_net=1 case. This bug
was introduced in commit effad8d.
Quote:
The CAP_KILL check in exit_notify() looks just wrong, kill it.

Whatever logic we have to reset ->exit_signal, the malicious user
can bypass it if it execs the setuid application before exiting.
ChangeLog | CVE-2009-1184 | CVE-2009-1337
 
Old 05-17-2009, 05:15 AM   #164
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel CIFS String Conversion Multiple Vulnerabilities

Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service) and potentially execute arbitrary code.

The vulnerabilities are caused due to various errors when handling string conversions, which can be exploited to e.g. cause buffer overflows.

This is related to vulnerability #1 in:
SA34644

Solution:
Fixed in the GIT repository.

Also partially fixed in version 2.6.30-rc5.
Secunia Advisory
 
Old 05-18-2009, 07:08 PM   #165
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel KVM Port 80h Denial of Service Security Issue

Quote:
Description:
A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The security issue is caused due to the KVM implementation allowing a guest machine direct access to host port 80h and can be exploited to hang the host system.

NOTE: The security issue only affects certain AMD platforms.

The security issue is reported in versions prior to 2.6.30-rc6.

Solution:
Fixed in 2.6.30-rc6.
Secunia Advisory
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Kernel 2.4 in Zipslack (Waring: unable to open an initial console | Kernel Panic...) kurtamos Linux - General 2 05-10-2006 12:58 PM
Kernel-Patch Debian Logo 2.6.2 not correctly working for custom kernel 2.6.11 smp deepclutch Debian 3 06-27-2005 03:59 AM
kernel panic: try passing init= option to kernel...installation with Red Hat 9 kergen Linux - Hardware 1 09-30-2004 03:28 AM
are there any vulns for kernel 2.6.5? trax Linux - Security 2 04-24-2004 04:10 PM
snort rules to vulns not yet published zuessh Linux - Security 1 02-12-2004 02:17 PM


All times are GMT -5. The time now is 11:15 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration