Your submission was sent successfully! Close

USN-281-1: Linux kernel vulnerabilities

04 May 2006

Linux kernel vulnerabilities

Releases

Details

The sys_mbind() function did not properly verify the validity of the
'maxnod' argument. A local user could exploit this to trigger a buffer
overflow, which caused a kernel crash. (CVE-2006-0557)

The SELinux module did not correctly handle the tracer SID when a
process was already being traced. A local attacker could exploit this
to cause a kernel crash. (CVE-2006-1052)

Al Viro discovered a local Denial of Service in the sysfs write buffer
handling. By writing a block with a length exactly equal to the
processor's page size to any writable file in /sys, a local attacker
could cause a kernel crash. (CVE-2006-1055)

John Blackwood discovered a race condition with single-step debugging
multiple processes at the same time. A local attacker could exploit
this to crash the system. This only affects the amd64 platform.
(CVE-2006-1066)

Marco Ivaldi discovered a flaw in the handling of the ID number of IP
packets. This number was incremented after receiving unsolicited TCP
SYN-ACK packets. A remote attacker could exploit this to conduct port
scans with the 'Idle scan' method (nmap -sI), which bypassed intended
port scan protections. (CVE-2006-1242)

Pavel Kankovsky discovered that the getsockopt() function, when called
with an SO_ORIGINAL_DST argument, does not properly clear the returned
structure, so that a random piece of kernel memory is exposed to the
user. This could potentially reveal sensitive data like passwords or
encryption keys. (CVE-2006-1343)

A buffer overflow was discovered in the USB Gadget RNDIS
implementation. While creating a reply message, the driver did not
allocate enough memory for the reply structure. A remote attacker
could exploit this to cause a kernel crash. (CVE-2006-1368)

Alexandra Kossovsky discovered an invalid memory access in the
ip_route_input() function. By using the 'ip' command in a particular
way to retrieve multicast routes, a local attacker could exploit this
to crash the kernel. (CVE-2006-1525)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
  • linux-patch-ubuntu-2.6.10 -
  • linux-image-2.6.12-10-hppa64-smp -
  • linux-patch-ubuntu-2.6.12 -
  • linux-image-2.6.12-10-hppa32 -
  • linux-image-2.6.12-10-itanium-smp -
  • linux-image-2.6.10-6-686 -
  • linux-image-2.6.10-6-powerpc -
  • linux-image-2.6.10-6-itanium -
  • linux-image-2.6.10-6-power4-smp -
  • linux-image-2.6.12-10-powerpc64-smp -
  • linux-image-2.6.12-10-powerpc-smp -
  • linux-image-2.6.12-10-amd64-generic -
  • linux-image-2.6.12-10-iseries-smp -
  • linux-image-2.6.12-10-k7-smp -
  • linux-image-2.6.12-10-amd64-xeon -
  • linux-image-2.6.10-6-386 -
  • linux-image-2.6.12-10-itanium -
  • linux-image-2.6.12-10-hppa32-smp -
  • linux-image-2.6.12-10-powerpc -
  • linux-image-2.6.10-6-k7-smp -
  • linux-image-2.6.10-6-amd64-xeon -
  • linux-image-2.6.12-10-mckinley -
  • linux-image-2.6.10-6-itanium-smp -
  • linux-image-2.6.10-6-powerpc-smp -
  • linux-image-2.6.10-6-power3-smp -
  • linux-image-2.6.10-6-power3 -
  • linux-image-2.6.12-10-hppa64 -
  • linux-image-2.6.10-6-k7 -
  • linux-image-2.6.12-10-amd64-k8-smp -
  • linux-image-2.6.10-6-power4 -
  • linux-image-2.6.12-10-686 -
  • linux-image-2.6.10-6-mckinley -
  • linux-image-2.6.12-10-686-smp -
  • linux-image-2.6.10-6-686-smp -
  • linux-image-2.6.10-6-amd64-k8-smp -
  • linux-image-2.6.12-10-k7 -
  • linux-image-2.6.10-6-amd64-generic -
  • linux-image-2.6.10-6-amd64-k8 -
  • linux-image-2.6.12-10-mckinley-smp -
  • linux-image-2.6.12-10-386 -
  • linux-image-2.6.10-6-mckinley-smp -
  • linux-image-2.6.12-10-amd64-k8 -
Ubuntu 5.04
  • linux-patch-ubuntu-2.6.10 -
  • linux-image-2.6.12-10-hppa64-smp -
  • linux-patch-ubuntu-2.6.12 -
  • linux-image-2.6.12-10-hppa32 -
  • linux-image-2.6.12-10-itanium-smp -
  • linux-image-2.6.10-6-686 -
  • linux-image-2.6.10-6-powerpc -
  • linux-image-2.6.10-6-itanium -
  • linux-image-2.6.10-6-power4-smp -
  • linux-image-2.6.12-10-powerpc64-smp -
  • linux-image-2.6.12-10-powerpc-smp -
  • linux-image-2.6.12-10-amd64-generic -
  • linux-image-2.6.12-10-iseries-smp -
  • linux-image-2.6.12-10-k7-smp -
  • linux-image-2.6.12-10-amd64-xeon -
  • linux-image-2.6.10-6-386 -
  • linux-image-2.6.12-10-itanium -
  • linux-image-2.6.12-10-hppa32-smp -
  • linux-image-2.6.12-10-powerpc -
  • linux-image-2.6.10-6-k7-smp -
  • linux-image-2.6.10-6-amd64-xeon -
  • linux-image-2.6.12-10-mckinley -
  • linux-image-2.6.10-6-itanium-smp -
  • linux-image-2.6.10-6-powerpc-smp -
  • linux-image-2.6.10-6-power3-smp -
  • linux-image-2.6.10-6-power3 -
  • linux-image-2.6.12-10-hppa64 -
  • linux-image-2.6.10-6-k7 -
  • linux-image-2.6.12-10-amd64-k8-smp -
  • linux-image-2.6.10-6-power4 -
  • linux-image-2.6.12-10-686 -
  • linux-image-2.6.10-6-mckinley -
  • linux-image-2.6.12-10-686-smp -
  • linux-image-2.6.10-6-686-smp -
  • linux-image-2.6.10-6-amd64-k8-smp -
  • linux-image-2.6.12-10-k7 -
  • linux-image-2.6.10-6-amd64-generic -
  • linux-image-2.6.10-6-amd64-k8 -
  • linux-image-2.6.12-10-mckinley-smp -
  • linux-image-2.6.12-10-386 -
  • linux-image-2.6.10-6-mckinley-smp -
  • linux-image-2.6.12-10-amd64-k8 -

In general, a standard system update will make all the necessary changes.

Related notices

  • USN-302-1: linux-image-2.6.12-10-amd64-k8, linux-686-smp, linux-k7-smp, avm-fritz-firmware-2.6.15-25, linux-image-amd64-server, linux-restricted-modules-powerpc, linux-image-2.6.10-6-686, linux-restricted-modules-386, linux-image-2.6.15-25-server, linux-image-power4-smp, linux-powerpc64-smp, linux-image-2.6.10-6-power4, linux-image-amd64-xeon, linux-powerpc, xorg-driver-fglrx, linux-image-2.6.10-6-power4-smp, linux-686, linux-image-2.6.10-6-386, linux-restricted-modules-2.6.15-25-powerpc, linux-image-powerpc-smp, xorg-driver-fglrx-dev, linux-image-2.6.15-25-amd64-server, linux-image-2.6.15-25-powerpc, linux-image-k7, linux-amd64-xeon, linux-restricted-modules-amd64-k8, linux-image-686, linux-restricted-modules-2.6.15-25-386, linux-image-2.6.10-6-power3-smp, linux-restricted-modules-amd64-generic, nvidia-glx-legacy, linux-restricted-modules-common, linux-power4, linux-image-2.6.15-25-686, linux-restricted-modules-2.6.15-25-686, linux-image-2.6.10-6-686-smp, linux-amd64-server, linux-image-2.6.12-10-powerpc-smp, linux-image-2.6.15-25-386, nvidia-glx, linux-image-2.6.12-10-386, linux-restricted-modules-powerpc-smp, nvidia-glx-dev, linux-source-2.6.12, linux-image-2.6.10-6-powerpc-smp, linux-server-bigiron, fglrx-control, linux-image-2.6.12-10-k7-smp, linux-restricted-modules-k7, linux-image-server, linux-image-2.6.10-6-powerpc, avm-fritz-kernel-source, linux-image-2.6.10-6-amd64-generic, linux-restricted-modules-2.6.15-25-k7, linux-image-2.6.15-25-amd64-k8, fglrx-kernel-source, linux-image-2.6.10-6-k7-smp, linux-386, linux-image-2.6.15-25-amd64-xeon, linux-powerpc-smp, avm-fritz-firmware, linux-image-2.6.12-10-k7, linux-amd64-generic, linux-restricted-modules-2.6.15-25-amd64-generic, linux-image-power4, linux-image-2.6.12-10-amd64-k8-smp, linux-k7, linux-image-2.6.10-6-power3, linux-power3-smp, linux-power4-smp, linux-restricted-modules-2.6.15-25-powerpc-smp, linux-source-2.6.10, linux-image-power3-smp, linux-source-2.6.15, linux-image-amd64-k8, linux-patch-ubuntu-2.6.12, linux-server, linux-restricted-modules-amd64-xeon, linux-image-powerpc, linux-tree-2.6.10, linux-image-2.6.15-25-amd64-generic, linux-image-2.6.10-6-amd64-xeon, linux-image-2.6.15-25-k7, nvidia-glx-legacy-dev, linux-image-server-bigiron, linux-restricted-modules-686, linux-image-2.6.12-10-amd64-generic, linux-image-2.6.15-25-powerpc-smp, linux-amd64-k8-smp, linux-image-power3, linux-patch-ubuntu-2.6.10, linux-power3, linux-image-amd64-generic, linux-image-powerpc64-smp, linux-image-2.6.10-6-amd64-k8-smp, linux-image-2.6.12-10-amd64-xeon, linux-image-2.6.12-10-686, linux-tree-2.6.12, linux-image-2.6.10-6-k7, linux-image-2.6.12-10-686-smp, linux-image-2.6.10-6-amd64-k8, linux-restricted-modules-2.6.15-25-amd64-xeon, linux-image-2.6.12-10-powerpc64-smp, linux-image-2.6.15-25-server-bigiron, linux-image-2.6.12-10-powerpc, linux-image-386, linux-amd64-k8, linux-restricted-modules-2.6.15-25-amd64-k8, linux-image-2.6.15-25-powerpc64-smp