LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 1119-1: Linux kernel (OMAP4) vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu
==========================================================================
Ubuntu Security Notice USN-1119-1
April 20, 2011

linux-ti-omap4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.10

Summary:

Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel.

Software Description:
- linux-ti-omap4: Linux kernel for OMAP4 devices

Details:

Dan Rosenberg discovered that the RDS network protocol did not correctly
check certain parameters. A local attacker could exploit this gain root
privileges. (CVE-2010-3904)

Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)

Ben Hawkes discovered that the Linux kernel did not correctly validate
memory ranges on 64bit kernels when allocating memory on behalf of 32bit
system calls. On a 64bit system, a local attacker could perform malicious
multicast getsockopt calls to gain root privileges. (CVE-2010-3081)

Tavis Ormandy discovered that the IRDA subsystem did not correctly shut
down. A local attacker could exploit this to cause the system to crash or
possibly gain root privileges. (CVE-2010-2954)

Brad Spengler discovered that the wireless extensions did not correctly
validate certain request sizes. A local attacker could exploit this to read
portions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)

Tavis Ormandy discovered that the session keyring did not correctly check
for its parent. On systems without a default session keyring, a local
attacker could exploit this to crash the system, leading to a denial of
service. (CVE-2010-2960)

Kees Cook discovered that the Intel i915 graphics driver did not correctly
validate memory regions. A local attacker with access to the video card
could read and write arbitrary kernel memory to gain root privileges.
(CVE-2010-2962)

Kees Cook discovered that the V4L1 32bit compat interface did not correctly
validate certain parameters. A local attacker on a 64bit system with access
to a video device could exploit this to gain root privileges.
(CVE-2010-2963)

Robert Swiecki discovered that ftrace did not correctly handle mutexes. A
local attacker could exploit this to crash the kernel, leading to a denial
of service. (CVE-2010-3079)

Tavis Ormandy discovered that the OSS sequencer device did not correctly
shut down. A local attacker could exploit this to crash the system or
possibly gain root privileges. (CVE-2010-3080)

Dan Rosenberg discovered that the CD driver did not correctly check
parameters. A local attacker could exploit this to read arbitrary kernel
memory, leading to a loss of privacy. (CVE-2010-3437)

Dan Rosenberg discovered that SCTP did not correctly handle HMAC
calculations. A remote attacker could send specially crafted traffic that
would crash the system, leading to a denial of service. (CVE-2010-3705)

Kees Cook discovered that the ethtool interface did not correctly clear
kernel memory. A local attacker could read kernel heap memory, leading to a
loss of privacy. (CVE-2010-3861)

Thomas Pollet discovered that the RDS network protocol did not check
certain iovec buffers. A local attacker could exploit this to crash the
system or possibly execute arbitrary code as the root user. (CVE-2010-3865)

Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
crash the kernel, leading to a denial of service. (CVE-2010-3873)

Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did
not correctly clear kernel memory. A local attacker could exploit this to
read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)

Vasiliy Kulikov discovered that the Linux kernel sockets implementation did
not properly initialize certain structures. A local attacker could exploit
this to read kernel stack memory, leading to a loss of privacy.
(CVE-2010-3876)

Vasiliy Kulikov discovered that the TIPC interface did not correctly
initialize certain structures. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-3877)

Kees Cook and Vasiliy Kulikov discovered that the shm interface did not
clear kernel memory correctly. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-4072)

Dan Rosenberg discovered that the ivtv V4L driver did not correctly
initialize certian structures. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-4079)

Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)

Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. If
a system was using X.25, a remote attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-4164)

Steve Chen discovered that setsockopt did not correctly check MSS values. A
local attacker could make a specially crafted socket call to crash the
system, leading to a denial of service. (CVE-2010-4165)

Vegard Nossum discovered that memory garbage collection was not handled
correctly for active sockets. A local attacker could exploit this to
allocate all available kernel memory, leading to a denial of service.
(CVE-2010-4249)

Nelson Elhage discovered that Econet did not correctly handle AUN packets
over UDP. A local attacker could send specially crafted traffic to crash
the system, leading to a denial of service. (CVE-2010-4342)

Tavis Ormandy discovered that the install_special_mapping function could
bypass the mmap_min_addr restriction. A local attacker could exploit this
to mmap 4096 bytes below the mmap_min_addr area, possibly improving the
chances of performing NULL pointer dereference attacks. (CVE-2010-4346)

Dan Rosenberg discovered that the OSS subsystem did not handle name
termination correctly. A local attacker could exploit this crash the system
or gain root privileges. (CVE-2010-4527)

Dan Rosenberg discovered that IRDA did not correctly check the size of
buffers. On non-x86 systems, a local attacker could exploit this to read
kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
  linux-image-2.6.35-903-omap4    2.6.35-903.22

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  CVE-2010-2954, CVE-2010-2955, CVE-2010-2960, CVE-2010-2962,
  CVE-2010-2963, CVE-2010-3079, CVE-2010-3080, CVE-2010-3081,
  CVE-2010-3437, CVE-2010-3705, CVE-2010-3848, CVE-2010-3849,
  CVE-2010-3850, CVE-2010-3861, CVE-2010-3865, CVE-2010-3873,
  CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3904,
  CVE-2010-4072, CVE-2010-4079, CVE-2010-4158, CVE-2010-4164,
  CVE-2010-4165, CVE-2010-4249, CVE-2010-4342, CVE-2010-4346,
  CVE-2010-4527, CVE-2010-4529

Package Information:
  https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.35-903.22


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.