Pardus: Kernel: Multiple Denial of Service
Posted by Benjamin D. Thomas   
There are multiple Denial of Service and buffer overflow vulnerabilities in Linux kernel.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-13            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-01-23
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
=======

There are multiple Denial of Service and buffer overflow vulnerabilities
in Linux kernel. 


Description
===========

1) net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8  and 
earlier allows local users to cause a denial of service (kernel infinite
loop) by making two calls to svc_listen for the same socket,  and  then 
reading a /proc/net/atm/*vc file, related  to  corruption  of  the  vcc 
table. 



2) The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might
allow local users to gain privileges via unknown vectors related to race
conditions in inotify watch removal and umount. 



3) Linux kernel 2.6.28 allows local users to cause a denial of  service 
("soft lockup" and process loss) via a large number of sendmsg function 
calls, which does not  block  during  AF_UNIX  garbage  collection  and 
triggers an OOM condition, a different vulnerability than CVE-2008-5029. 



4)   Buffer overflow   in   the    hfsplus_find_cat    function    in   
fs/hfsplus/catalog.c  in the  Linux  kernel  before  2.6.28-rc1  allows 
attackers to cause a denial of service  (memory  corruption  or  system 
crash)  via an  hfsplus  filesystem  image  with  an  invalid  catalog  
namelength field, related to the hfsplus_cat_build_key_uni function. 



5) Stack-based buffer overflow in  the  hfs_cat_find_brec  function  in 
fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers 
to cause a denial of service (memory corruption or system crash) via an 
hfs filesystem image with an invalid catalog namelength field, a related
issue to CVE-2008-4933. 


Affected packages:

  Pardus 2008:
    kernel, all before 2.6.25.20-114-51
    kernel-debug, all before 2.6.25.20-114-37
    kernel-debug-source, all before 2.6.25.20-114-38
    kernel-headers, all before 2.6.25.20-114-51
    kernel-source, all before 2.6.25.20-114-51



Resolution
==========

There  are update(s)  for  kernel,  kernel-debug,  kernel-debug-source, 
kernel-headers, kernel-source. You can update them via Package  Manager 
or with a single command from console: 

    pisi up kernel kernel-debug kernel-debug-source kernel-headers kernel-source

References
==========

  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5079
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5182
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5300
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4933
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5025