Pardus: Kernel: Multiple Denial of Service - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 20th, 2013

Linux Advisory Watch: May 17th, 2013

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Pardus: Kernel: Multiple Denial of Service

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

There are multiple Denial of Service and buffer overflow vulnerabilities in Linux kernel.


------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-13            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-01-23
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
=======

There are multiple Denial of Service and buffer overflow vulnerabilities
in Linux kernel. 


Description
===========

1) net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8  and 
earlier allows local users to cause a denial of service (kernel infinite
loop) by making two calls to svc_listen for the same socket,  and  then 
reading a /proc/net/atm/*vc file, related  to  corruption  of  the  vcc 
table. 



2) The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might
allow local users to gain privileges via unknown vectors related to race
conditions in inotify watch removal and umount. 



3) Linux kernel 2.6.28 allows local users to cause a denial of  service 
("soft lockup" and process loss) via a large number of sendmsg function 
calls, which does not  block  during  AF_UNIX  garbage  collection  and 
triggers an OOM condition, a different vulnerability than CVE-2008-5029. 



4)   Buffer overflow   in   the    hfsplus_find_cat    function    in   
fs/hfsplus/catalog.c  in the  Linux  kernel  before  2.6.28-rc1  allows 
attackers to cause a denial of service  (memory  corruption  or  system 
crash)  via an  hfsplus  filesystem  image  with  an  invalid  catalog  
namelength field, related to the hfsplus_cat_build_key_uni function. 



5) Stack-based buffer overflow in  the  hfs_cat_find_brec  function  in 
fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers 
to cause a denial of service (memory corruption or system crash) via an 
hfs filesystem image with an invalid catalog namelength field, a related
issue to CVE-2008-4933. 


Affected packages:

  Pardus 2008:
    kernel, all before 2.6.25.20-114-51
    kernel-debug, all before 2.6.25.20-114-37
    kernel-debug-source, all before 2.6.25.20-114-38
    kernel-headers, all before 2.6.25.20-114-51
    kernel-source, all before 2.6.25.20-114-51



Resolution
==========

There  are update(s)  for  kernel,  kernel-debug,  kernel-debug-source, 
kernel-headers, kernel-source. You can update them via Package  Manager 
or with a single command from console: 

    pisi up kernel kernel-debug kernel-debug-source kernel-headers kernel-source

References
==========

  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5079
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5182
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5300
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4933
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5025