LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-31-2006, 04:14 PM   #46
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371

Linux 2.4.33.3 has been released.

It includes a patch for CVE-2006-4145 (UDF deadlock and memory corruption).

The full ChangeLog is here.
 
Old 09-11-2006, 06:06 PM   #47
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel ULE Packet Handling Denial of Service (Less Critical)

Quote:
Description:
Ang Way Chuang has reported a vulnerability in Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the ULE (Unidirectional Lightweight Encapsulation) decapsulation code when processing ULE packets. This can be exploited to crash the system by sending a malicious ULE packet with an SNDU (Sub Network Data Unit) size of 0.

The vulnerability has been reported in version 2.6.17.11. Other versions may also be affected.

Solution:
Secunia is currently not aware of an official version fixing the vulnerability.
Secunia Advisory | CVE-2006-4623
 
Old 09-15-2006, 02:06 AM   #48
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.16.29 has been released.

It consists of many bugfixes, three of which address security vulnerabilities.
Quote:
Security fixes since 2.6.16.28:
- CVE-2006-3468: fix NFS over ext3 DoS
- fix NFS over ext2 DoS
- ipv6: fix oops triggerable by any user
ChangeLog | Patch | Tarball
 
Old 09-19-2006, 01:08 PM   #49
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel SCTP Denial of Service Vulnerability (Not Critical)

Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the handling of SCTP sockets. This can be exploited to crash the Kernel by opening a SCTP socket with a special SO_LINGER value.

Solution:
Restrict access to trusted users only.
Secunia Advisory | CVE-2006-4535

NOTE: This affects both 2.4 and 2.6 kernels.

Last edited by win32sux; 09-19-2006 at 01:12 PM.
 
Old 10-07-2006, 12:48 AM   #50
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel s390 "copy_from_user" Information Disclosure (Less Critical)

Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information.

The vulnerability is caused due to the "copy_from_user" function not correctly clearing kernel buffers after receiving a fault because of invalid user space addresses. This can be exploited to read uninitialised kernel memory by appending to files from invalid addresses.

Note: The vulnerability affects the s390 architecture only.

Solution:
The vulnerability has been fixed in version 2.6.19-rc1.
Secunia Advisory | CVE-2006-5174

Last edited by win32sux; 10-07-2006 at 12:52 AM.
 
Old 10-07-2006, 12:51 AM   #51
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel Denial of Service Vulnerabilities (Moderately Critical)

Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service).

1) The "sys_perfmon()" function on Itanium (IA64) systems does not correctly handle file descriptor reference counts, which can be exploited to cause a DoS by consuming all available file descriptors.

2) The "clip_mkip()" function in net/atm/clip.c may dereference a previously freed pointer when processing received data, which can be exploited to cause a kernel panic.

Solution:
Update to version 2.6.18.
Secunia Advisory | CVE-2006-3741 | CVE-2006-4997
 
Old 10-11-2006, 07:21 AM   #52
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel "clip_mkip()" Denial of Service Vulnerability (Moderately Critical)

Quote:
Description:
A vulnerability has been reported in Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the "clip_mkip()" function in the ATM (Asynchronous Transfer Mode) subsystem and can be exploited to cause a kernel panic.

Successful exploitation requires installed ATM hardware and configured ATM support.

Solution:
The vulnerability has been fixed in version 2.4.34-pre4.
Secunia Advisory | CVE-2006-4997
 
Old 10-13-2006, 08:21 PM   #53
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.17.14 has been released

It's a maintenance release, but it addresses a security vulnerability:
Quote:
dvb-core: Proper handling ULE SNDU length of 0

ULE (Unidirectional Lightweight Encapsulation RFC 4326) decapsulation
code has a bug that allows an attacker to send a malformed ULE packet
with SNDU length of 0 and bring down the receiving machine. This patch
fix the bug and has been tested on version 2.6.17.11. This bug is 100%
reproducible and the modified source code (GPL) used to produce this bug
will be posted on http://nrg.cs.usm.my/downloads.htm shortly. The
kernel will produce a dump during CRC32 checking on faulty ULE packet.
ChangeLog | CVE-2006-4623

Last edited by win32sux; 10-14-2006 at 01:47 AM.
 
Old 10-14-2006, 01:46 AM   #54
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.18.1 has been released

It includes a patch for an s390 architecture vulnerability:
Quote:
[S390] user readable uninitialised kernel memory.

A user space program can read uninitialised kernel memory
by appending to a file from a bad address and then reading
the result back. The cause is the copy_from_user function
that does not clear the remaining bytes of the kernel
buffer after it got a fault on the user space address.
ChangeLog | CVE-2006-5174

Last edited by win32sux; 10-14-2006 at 01:48 AM.
 
Old 11-01-2006, 08:43 AM   #55
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel IPv6 Flow Label Denial of Service (Not Critical)

Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the handling of seqfiles for "/proc/net/ip6_flowlabel", which can be exploited to cause kernel lockups and crashes via specially crafted flow labels.

Solution:
Fixed in the GIT repository.
Secunia Advisory | CVE-2006-5619
 
Old 11-03-2006, 09:41 PM   #56
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.18.2 has been released

It includes many bugfixes, one of which addresses the ip6_flowlabel vulnerabilty above:
Quote:
IPV6: fix lockup via /proc/net/ip6_flowlabel [CVE-2006-5619]
ChangeLog

Last edited by win32sux; 11-04-2006 at 06:52 AM.
 
Old 11-03-2006, 09:53 PM   #57
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.16.30 has been released

It includes many bugfixes, three of which address security vulnerabilities:
Quote:
[IA64] correct file descriptor reference counting in perfmon (CVE-2006-3741)

[ATM] CLIP: Do not refer freed skbuff in clip_mkip() (CVE-2006-4997)

dvb-core: Proper handling ULE SNDU length of 0 (CVE-2006-4623)
ChangeLog
 
Old 11-06-2006, 11:06 AM   #58
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel ISO9660 Local Denial of Service (Not Critical)

Quote:
Description:
LMH has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to race conditions within the implementation of the ISO9660 file system. This can be exploited to cause an infinite loop in the "isofs_get_blocks()" function by mounting a specially crafted ISO9660 image and performing a read operation on the mounted file system.

Solution:
Allow only trusted users to mount ISO9660 images.
Secunia Advisory
 
Old 11-07-2006, 12:37 PM   #59
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux Kernel Fragmented IPv6 Packet Filtering Bypass (Moderately Critical)

Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerabilities are caused due to the incorrect processing of certain fragmented IPv6 packets. This can be exploited to bypass filtering rules by sending specially crafted packets.

Solution:
Fixed in the GIT repository.
Secunia Advisory
 
Old 11-19-2006, 04:49 AM   #60
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Linux 2.6.16.31/32 (Late Notification)

I missed the last two releases for the 2.6.16.y branch. =/

2.6.16.31 was released the 7th, while 2.6.16.32 was released the 15th.

Both releases addressed security vulnerabilities.

For 2.6.16.31:
Quote:
[NETFILTER]: Fix ip6_tables extension header bypass bug (CVE-2006-4572)

As reported by Mark Dowd <Mark_Dowd@McAfee.com>, ip6_tables is susceptible
to a fragmentation attack causing false negatives on extension header
matches.

When extension headers occur in the non-first fragment after the fragment
header (possibly with an incorrect nexthdr value in the fragment header)
a rule looking for this extension header will never match.

Drop fragments that are at offset 0 and don't contain the final protocol
header regardless of the ruleset, since this should not happen normally.
Since all extension headers are before the protocol header this makes sure
an extension header is either not present or in the first fragment, where
we can properly parse it.
Quote:
[NETFILTER]: Fix ip6_tables protocol bypass bug (CVE-2006-4572)

As reported by Mark Dowd <Mark_Dowd@McAfee.com>, ip6_tables is susceptible
to a fragmentation attack causing false negatives on protocol matches.

When the protocol header doesn't follow the fragment header immediately,
the fragment header contains the protocol number of the next extension
header. When the extension header and the protocol header are sent in
a second fragment a rule like "ip6tables .. -p udp -j DROP" will never
match.

Drop fragments that are at offset 0 and don't contain the final protocol
header regardless of the ruleset, since this should not happen normally.
Quote:
[IPV6]: fix lockup via /proc/net/ip6_flowlabel (CVE-2006-5619)

There's a bug in the seqfile handling for /proc/net/ip6_flowlabel, where,
after finding a flowlabel, the code will loop forever not finding any
further flowlabels, first traversing the rest of the hash bucket then just
looping.

This patch fixes the problem by breaking after the hash bucket has been
traversed.

Note that this bug can cause lockups and oopses, and is trivially invoked
by an unpriveleged user.
Quote:
[S390] fix user readable uninitialised kernel memory (CVE-2006-5174)

A user space program can read uninitialised kernel memory
by appending to a file from a bad address and then reading
the result back. The cause is the copy_from_user function
that does not clear the remaining bytes of the kernel
buffer after it got a fault on the user space address.
ChangeLog | CVE-2006-4572 | CVE-2006-5619 | CVE-2006-5174

For 2.6.16.32:
Quote:
ia64/sparc: fix local DoS with corrupted ELFs (CVE-2006-4538)

This patch prevents cross-region mappings
on IA64 and SPARC which could lead to system crash.
ChangeLog | CVE-2006-4538

Last edited by win32sux; 11-19-2006 at 05:19 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Kernel 2.4 in Zipslack (Waring: unable to open an initial console | Kernel Panic...) kurtamos Linux - General 2 05-10-2006 12:58 PM
Kernel-Patch Debian Logo 2.6.2 not correctly working for custom kernel 2.6.11 smp deepclutch Debian 3 06-27-2005 03:59 AM
kernel panic: try passing init= option to kernel...installation with Red Hat 9 kergen Linux - Hardware 1 09-30-2004 03:28 AM
are there any vulns for kernel 2.6.5? trax Linux - Security 2 04-24-2004 04:10 PM
snort rules to vulns not yet published zuessh Linux - Security 1 02-12-2004 02:17 PM


All times are GMT -5. The time now is 03:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration