Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Description:
Some vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).
1) A vulnerability is caused due to an error within the "make_indexed_dir()" function in fs/ext4/namei.c, which can be exploited to e.g. crash a system via specially crafted Ext4 file systems.
2) A vulnerability is caused due to an error within the "ext4_fill_super()" function in fs/ext4/super.c, which can be exploited to e.g. crash a system via Ext4 file systems containing specially crafted superblock configurations.
Solution:
Update to version 2.6.27.19 or 2.6.28.7.
Linux Kernel "clone()" Child Signal Sending Weakness
Quote:
Description:
A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.
The weakness is caused due to an error when processing the signals sent by a child process created via the "clone()" system call and the "CLONE_PARENT" flag, which can be exploited to e.g. kill a parent process with higher privileges.
Successful exploitation e.g. requires that the privileged parent process launches user supplied applications as child processes
Linux Kernel 32bit/64bit System Call Security Bypass Weaknesses
Quote:
Description:
Two weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.
1) An implementation error within the "PR_SET_SECCOMP" feature can be exploited to invoke certain restricted system calls by e.g. switching a 32bit process to 64bit mode and using the "syscall" instruction or using the interrupt 80h in a 64bit process.
2) An implementation error within the "audit_syscall_entry()" function can be exploited to bypass the auditing by e.g. switching a 32bit process to 64bit mode and using the "syscall" instruction or using the interrupt 80h in a 64bit process.
The fix for CVE-2009-0676 (upstream commit df0bca04) is incomplete. Note
that the same problem of leaking kernel memory will reappear if someone
on some architecture uses struct timeval with some internal padding (for
example tv_sec 64-bit and tv_usec 32-bit) --- then, you are going to
leak the padded bytes to userspace.
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
Quote:
The Linux Kernel is prone to an unauthorized-access vulnerability that can occur when users with certain capabilities connect to the 'nfsd' service.
An attacker with authenticated access to the affected application can exploit this issue to perform privileged operations on a vulnerable computer; this may aid in further attacks.
Linux Kernel "udp_get_next()" and "vms_set_msr()" Denial of Service
Quote:
Description:
A security issue and a vulnerability have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service)
1) A security issue is caused due to an error within the "udp_get_next()" function in net/ipv4/udp.c when trying to unlock a not yet locked spinlock. This can be exploited to crash a system by e.g. reading zero bytes from "/proc/net/udp/".
2) A vulnerability is caused due to the "vmx_set_msr()" function in arch/x86/kvm/vmx.c not properly restricting access to the EFER register, which can be exploited to e.g. crash the system.
Linux Kernel "CIFSTCon()" Buffer Overflow Vulnerability
Quote:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to potentially compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the "CIFSTCon()" function in fs/cifs/connect.c. This can be exploited to cause a buffer overflow by e.g. sending a specially crafted Tree Connect response to a vulnerable client.
Linux Kernel Privilege Escalation and Integer Overflow Vulnerabilities
Quote:
Multiple vulnerabilities have been identified in Linux Kernel, which could be exploited by local attackers to bypass security restrictions, disclose sensitive information, or gain elevated privileges.
The first issue is caused by an error in the "exit_notify()" [kernel/exit.c] function that does not properly check the CAP_KILL capability, which could allow malicious users to bypass security checks and gain elevated privileges by executing a setuid application before exiting.
The second vulnerability is caused by integer overflow errors in the "rose_sendmsg()" [sys/net/af_rose.c], "nr_sendmsg()" [net/netrom/af_netrom.c], and "x25_sendmsg()" [net/x25/af_x25.c] functions, which could be exploited by malicious users to disclose certain information.
Secunia has updated the CIFSTCon() advisory it had previously issued, adding a couple vulnerabilities.
Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to potentially compromise a vulnerable system.
1) A boundary error exists within the "CIFSTCon()" function in fs/cifs/connect.c. This can be exploited to cause a buffer overflow by e.g. sending a specially crafted Tree Connect response to a vulnerable client.
2) A boundary error exists within the "decode_unicode_ssetup()" function in fs/cifs/sess.c. This can be exploited to potentially cause a buffer overflow by tricking a user into connecting to a malicious server.
3) An error within the "agp_generic_alloc_page()" function in drivers/char/agp/generic.c can be exploited to disclose potentially sensitive kernel memory.
AGP pages might be mapped into userspace finally, so the pages should be
set to zero before userspace can use it. Otherwise there is potential
information leakage.
Quote:
af_rose/x25: Sanity check the maximum user frame size
Linux Kernel "ptrace_attach()" Privilege Escalation Vulnerability
Quote:
Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to potentially gain escalated privileges.
The vulnerability is caused due to "ptrace_attach()" using an inadequate mutex while synchronizing with "execve()". This can be exploited to potentially execute arbitrary code with root privileges by attaching to a setuid process.
The vulnerability is reported in version 2.6.29. Newer versions may also be affected.
Linux Kernel CIFS String Conversion Multiple Vulnerabilities
Quote:
Description:
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service) and potentially execute arbitrary code.
The vulnerabilities are caused due to various errors when handling string conversions, which can be exploited to e.g. cause buffer overflows.
Linux Kernel KVM Port 80h Denial of Service Security Issue
Quote:
Description:
A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The security issue is caused due to the KVM implementation allowing a guest machine direct access to host port 80h and can be exploited to hang the host system.
NOTE: The security issue only affects certain AMD platforms.
The security issue is reported in versions prior to 2.6.30-rc6.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
