Mandriva: Subject: [Security Announce] [ MDVSA-2008:174 ] kernel


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: February 6th, 2012

Linux Advisory Watch: February 3rd, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Mandriva: Subject: [Security Announce] [ MDVSA-2008:174 ] kernel

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset. (CVE-2008-0007) The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. (CVE-2008-1673)

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:174
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : kernel
 Date    : August 19, 2008
 Affected: Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Some vulnerabilities were discovered and corrected in the Linux
 2.6 kernel:
 
 Linux kernel before 2.6.22.17, when using certain drivers that register
 a fault handler that does not perform range checks, allows local users
 to access kernel memory via an out-of-range offset. (CVE-2008-0007)
 
 The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and
 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules;
 and (b) the gxsnmp package; does not properly validate length values
 during decoding of ASN.1 BER data, which allows remote attackers
 to cause a denial of service (crash) or execute arbitrary code via
 (1) a length greater than the working buffer, which can lead to an
 unspecified overflow; (2) an oid length of zero, which can lead to
 an off-by-one error; or (3) an indefinite length for a primitive
 encoding. (CVE-2008-1673)
 
 Linux kernel 2.6.18, and possibly other versions, when running on
 AMD64 architectures, allows local users to cause a denial of service
 (crash) via certain ptrace calls. (CVE-2008-1615)
 
 Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the
 Linux kernel before 2.6.25.3 allows remote attackers to cause a
 denial of service (memory consumption) via network traffic to a
 Simple Internet Transition (SIT) tunnel interface, related to the
 pskb_may_pull and kfree_skb functions, and management of an skb
 reference count. (CVE-2008-2136)
 
 Integer overflow in the sctp_getsockopt_local_addrs_old function in
 net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
 functionality in the Linux kernel before 2.6.25.9 allows local users
 to cause a denial of service (resource consumption and system outage)
 via vectors involving a large addr_num field in an sctp_getaddrs_old
 data structure. (CVE-2008-2826)
 
 arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on
 some AMD64 systems does not erase destination memory locations after
 an exception during kernel memory copy, which allows local users to
 obtain sensitive information. (CVE-2008-2729)
 
 To update your kernel, please follow the directions located at:
 
   http://www.mandriva.com/en/security/kernelupdate
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0007
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1673
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1615
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2826
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2729
 _______________________________________________________________________

 Updated Packages:

 Corporate 4.0:
 aca649de138ecacc1118ffeb85a8585a  corporate/4.0/i586/kernel-2.6.12.36mdk-1-1mdk.i586.rpm
 4fe3d387ed0da34cafd6cce37296b105  corporate/4.0/i586/kernel-BOOT-2.6.12.36mdk-1-1mdk.i586.rpm
 d1f4ea6bced7542e9ae13fe587550cef  corporate/4.0/i586/kernel-doc-2.6.12.36mdk-1-1mdk.i586.rpm
 c8981c9817e8f0cb532f33ae7a7f309a  corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.36mdk-1-1mdk.i586.rpm
 40b1b582f84d04cbbe7d80c03db8caf7  corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.36mdk-1-1mdk.i586.rpm
 d215dccb6a76fa5f783397fddbfc6f14  corporate/4.0/i586/kernel-smp-2.6.12.36mdk-1-1mdk.i586.rpm
 b64cf23b05ec50253a05d190b7663ef7  corporate/4.0/i586/kernel-source-2.6.12.36mdk-1-1mdk.i586.rpm
 9473bec94760af7a36c9a67714363480  corporate/4.0/i586/kernel-source-stripped-2.6.12.36mdk-1-1mdk.i586.rpm
 df75cfb33266eb4a18d75e367a9f0c11  corporate/4.0/i586/kernel-xbox-2.6.12.36mdk-1-1mdk.i586.rpm
 cb8bbb9f2daff324ec085ac80b146101  corporate/4.0/i586/kernel-xen0-2.6.12.36mdk-1-1mdk.i586.rpm
 d8e3b3c456c8ba162b957d22b6313b14  corporate/4.0/i586/kernel-xenU-2.6.12.36mdk-1-1mdk.i586.rpm 
 cf443a0b3549d4868171933bb6504d03  corporate/4.0/SRPMS/kernel-2.6.12.36mdk-1-1mdk.src.rpm

 Corporate 4.0/X86_64:
 181a597366b6c12d437148b9ba4e42da  corporate/4.0/x86_64/kernel-2.6.12.36mdk-1-1mdk.x86_64.rpm
 4bc50966cf92867ebe5031a271b2f792  corporate/4.0/x86_64/kernel-BOOT-2.6.12.36mdk-1-1mdk.x86_64.rpm
 f67a89cd2715ab7444803532d9aa9f5c  corporate/4.0/x86_64/kernel-doc-2.6.12.36mdk-1-1mdk.x86_64.rpm
 12c6df680e33523ab403d01202e9ffc8  corporate/4.0/x86_64/kernel-smp-2.6.12.36mdk-1-1mdk.x86_64.rpm
 ea697bdc33252e1b7fba82352c91b21b  corporate/4.0/x86_64/kernel-source-2.6.12.36mdk-1-1mdk.x86_64.rpm
 8c1d20d6bc3fb30f7b5a51f97af6419a  corporate/4.0/x86_64/kernel-source-stripped-2.6.12.36mdk-1-1mdk.x86_64.rpm
 454cafa0ee5243852a1ce9f56f9cfd42  corporate/4.0/x86_64/kernel-xen0-2.6.12.36mdk-1-1mdk.x86_64.rpm
 f52a9f3a0ff8f7f1ad7c043ca1d424c4  corporate/4.0/x86_64/kernel-xenU-2.6.12.36mdk-1-1mdk.x86_64.rpm 
 cf443a0b3549d4868171933bb6504d03  corporate/4.0/SRPMS/kernel-2.6.12.36mdk-1-1mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team