lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200607132028.k6DKSTaD028541@lambchop.rdu.rpath.com>
Date: Thu, 13 Jul 2006 16:28:29 -0400
From: "Justin M. Forbes" <jmforbes@...th.com>
To: security-announce@...ts.rpath.com, update-announce@...ts.rpath.com
Cc: lwn@....net, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: rPSA-2006-0122-2 kernel


rPath Security Advisory: 2006-0122-2
Published: 2006-07-07
Updated:
    2006-07-13 Upgraded to Critical status with additional information
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
    Local Root Deterministic Privilege Escalation
Updated Versions:
    kernel=/conary.rpath.com@rpl:devel//1/2.6.16.24-0.1-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2451
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2934
    https://issues.rpath.com/browse/RPL-488

Description:
    Previous versions of the kernel package have two specific
    vulnerablities that are addressed in this version.
    
    The first vulnerability allows any local user to fill up file
    systems by causing core dumps to write to directories to which
    they do not have write access permissions, and on most systems
    (including any system that provides a generally-accessible "cron"
    or "at" service) to escalate to run arbitrary code as the root user.
    An exploit for this privilege escalation vulnerability is
    publically available and in active use.
    
    The second vulnerability applies only to systems using the SCTP
    protocol, which is not enabled by default, and the tools required
    to configure it (lksctp-tools) are not included in rPath Linux.
    This vulnerability, which cannot apply to systems without
    lksctp-tools installed, enables a remote denial of service attack
    in which specially-crafted packets can crash the system.
    
    A system reboot is required to make the update to resolve these
    vulnerabilities effective.  rPath strongly recommends that all
    users apply this update.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ