lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20110911020657.GB13066@dannf.org>
Date: Sat, 10 Sep 2011 20:06:57 -0600
From: dann frazier <dannf@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-2303-2                security@...ian.org
http://www.debian.org/security/                           Dann Frazier
September 10, 2011                  http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package        : linux-2.6
Vulnerability  : privilege escalation/denial of service/information leak
Problem type   : local/remote
Debian-specific: no
CVE Id(s)      : CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491
                 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497
                 CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723
                 CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928
                 CVE-2011-3188 CVE-2011-3191
Debian Bug     : 640966

The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a
regression that can result in an oops during invalid accesses to
/proc/<pid>/maps files.


The text of the original advisory is reproduced for reference:

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2011-1020 

    Kees Cook discovered an issue in the /proc filesystem that allows local
    users to gain access to sensitive process information after execution of a
    setuid binary.

CVE-2011-1576 

    Ryan Sweat discovered an issue in the VLAN implementation. Local users may
    be able to cause a kernel memory leak, resulting in a denial of service.

CVE-2011-2484 

    Vasiliy Kulikov of Openwall discovered that the number of exit handlers that
    a process can register is not capped, resulting in local denial of service
    through resource exhaustion (cpu time and memory).

CVE-2011-2491

    Vasily Averin discovered an issue with the NFS locking implementation.  A
    malicious NFS server can cause a client to hang indefinitely in an unlock
    call.

CVE-2011-2492 

    Marek Kroemeke and Filip Palian discovered that uninitialized struct
    elements in the Bluetooth subsystem could lead to a leak of sensitive kernel
    memory through leaked stack memory.

CVE-2011-2495 

    Vasiliy Kulikov of Openwall discovered that the io file of a process' proc
    directory was world-readable, resulting in local information disclosure of
    information such as password lengths.

CVE-2011-2496 

    Robert Swiecki discovered that mremap() could be abused for local denial of
    service by triggering a BUG_ON assert.

CVE-2011-2497

    Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,
    which could lead to denial of service or privilege escalation.

CVE-2011-2517 

    It was discovered that the netlink-based wireless configuration interface
    performed insufficient length validation when parsing SSIDs, resulting in
    buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a
    denial of service.

CVE-2011-2525 

    Ben Pfaff reported an issue in the network scheduling code. A local user
    could cause a denial of service (NULL pointer dereference) by sending a
    specially crafted netlink message.

CVE-2011-2700 

    Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the
    driver for the Si4713 FM Radio Transmitter driver used by N900 devices.
    Local users could exploit this issue to cause a denial of service or
    potentially gain elevated privileges.

CVE-2011-2723

    Brent Meshier reported an issue in the GRO (generic receive offload)
    implementation. This can be exploited by remote users to create a denial of
    service (system crash) in certain network device configurations.

CVE-2011-2905 

    Christian Ohm discovered that the 'perf' analysis tool searches for its
    config files in the current working directory. This could lead to denial of
    service or potential privilege escalation if a user with elevated privileges
    is tricked into running 'perf' in a directory under the control of the
    attacker.

CVE-2011-2909 

    Vasiliy Kulikov of Openwall discovered that a programming error in
    the Comedi driver could lead to the information disclosure through 
    leaked stack memory.

CVE-2011-2918 

    Vince Weaver discovered that incorrect handling of software event overflows
    in the 'perf' analysis tool could lead to local denial of service.

CVE-2011-2928

    Timo Warns discovered that insufficient validation of Be filesystem images
    could lead to local denial of service if a malformed filesystem image is
    mounted.

CVE-2011-3188 

    Dan Kaminsky reported a weakness of the sequence number generation in the
    TCP protocol implementation. This can be used by remote attackers to inject
    packets into an active session.

CVE-2011-3191

    Darren Lavender reported an issue in the Common Internet File System (CIFS).
    A malicious file server could cause memory corruption leading to a denial of
    service.

This update also includes a fix for a regression introduced with the previous
security fix for CVE-2011-1768 (Debian: #633738)

For the stable distribution (squeeze), this problem has been fixed in version
2.6.32-35squeeze2. Updates for issues impacting the oldstable distribution
(lenny) will be available soon.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

                                             Debian 6.0 (squeeze)
     user-mode-linux                         2.6.32-1um-4+35squeeze2

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJOa7gPAAoJEBv4PF5U/IZAhyoP/1VRIeUGZPmOMBIIUWfPP5Vt
LJzj2kXbNmk6GpSJaO23mTZSq9XdrGP9aPpkTQY/QRsH5/nVEr6Djq4X/ld07l2U
M3M8/ufVrdht/evuS37nriTKQ3+wuN8N2e2uP6ZPV3ez+PO6r5eh2QdjotMNOA8P
CnF1VuLXOm0WguxOFFekbM6XjYCovSeFz6V2vIpdSZlDAVcBjW8Qrb/elSDY43rb
yNWt61V05ihNnlhIDZwT2Q8QJ2aR27VIsNxZbnualV3iT3f+A+pX7Mix8mgZkbvp
ZDHQ+gV2xr0D0zBO8JOa7CCkqhp0TQKiATD6ix2ZcjehmqtwB0HxQx074o2OVKA3
vL7UaEd8aY06VcUsW2KutjK3qjfWKEMmgp/aI9jP6wpJOi7GUxiUc2vK/e1Ksw95
dYe9tP1QmSKW5IFHeJauIgWWT1ERe3ofa8UGT7Z9Y3zExjDwesNzqf2OlYCuS4g4
d4wvkLZsKB+e9Xy6TDSdqLL66CIwHhOc50iI8F2fC02RJrxE3WICePmdCAJd/lrQ
2IeXkeq0hEjW3vOFKgp1/ta6fOjQNNev/1w/BZK6b/9UZf8LOmT2lKZQXlbcSoE4
Iztr47uj/w1/fjFjfBntwX93sPrDGQP1/kwppLCeWOsoTYL4Nh2cpTm5mRTH8qH9
PRLlyhdV4oDL0uqQwYo5
=ffJs
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ