-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Multiple Vulnerabilities in Linux Kernel
http://www.cert-in.org.in/advisory/ciad-2009-45.htm
Original Issue Date: September 30, 2009
Severity Rating:Medium
System Affected
Linux Kernel versions 2.6.x
Overview
Multiple vulnerabilities has been reported in Linux Kernel, which could
allow attackers to potentially gain escalated privileges, cause Denial of
Service conditions or execution of an arbitrary code.
Description
1. 'find_ie()' Function Remote Denial of Service Vulnerability
(CVE-2009-3280)
This vulnerability is caused due to an Integer signedness error when
processing malformed packets in the "find_ie" [net/wireless/scan.c]
function in the cfg80211 subsystem in the Linux kernel before 2.6.31.1-rc1.
A remote attacker could exploit this vulnerability by sending specially
crafted packets to trigger an infinite loop causes denial of service
condition.
Note: This issue does not affect versions prior to 2.6.30.
2. 'perf_counter_open()' Local Buffer Overflow Vulnerability
(CVE-2009-3234)
This vulnerability is caused due to a boundary error within the
"perf_copy_attr()" function in kernel/perf_counter.c in Linux kernel
2.6.31-rc1. An attacker could exploit this vulnerability by passing
specially crafted data to the "perf_counter_open()" system call to trigger
buffer overflow error. Successful exploitation of this vulnerability could
allow an attacker to cause denial of service condition and execute an
arbitrary code.
Note: This issue does not affect versions prior to 2.6.31.
3. 'O_EXCL' NFSv4 Privilege Escalation Vulnerability
(CVE-2009-3286)
This vulnerability is caused due to improper clean up an inode when an
O_EXCL create fails, which causes files to be created with insecure
settings such as setuid bits in the Linux kernel before 2.6.19-rc6. An
attacker could exploit this vulnerability to execute an arbitrary code with
the elevated privileges.
Solution
Apply appropriate patches or Update to kernel version 2.6.31.1
http://www.kernel.org/
Vendor Information
kernel.org
http://www.kernel.org/
References
kernel.org
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h
=fcc6cb0c13555e78c2d47257b6d1b5e59b0c419a
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdi
ff; h=81ac95c5
Redhat
https://bugzilla.redhat.com/show_bug.cgi?id=524520
Openwall
http://www.openwall.com/lists/oss-security/2009/09/16/1
http://www.openwall.com/lists/oss-security/2009/09/21/2
http://www.openwall.com/lists/oss-security/2009/09/17/13
Secunia
http://secunia.com/advisories/36763/
SecurityFocus
http://www.securityfocus.com/bid/36423
http://www.securityfocus.com/bid/36472
http://www.securityfocus.com/bid/36421
VUPEN
http://www.vupen.com/english/advisories/2009/2690
Juniper
http://www.juniper.net/security/auto/vulnerabilities/vuln36421.html
CVE Name
CVE-2009-3234
CVE-2009-3280
CVE-2009-3286
CWE Name
CWE-119
CWE-264
Disclaimer
The information provided herein is on "as is" basis, without warranty of
any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
Note: Please do not reply to this e-mail. For further queries contact
CERT-In Information Desk. Email: info@cert-in.org.in
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSsR0lHWXeYNsoT30AQpj4Qf+NWrt0xirYmbpdKaoRlC5wIlDZcOYHj0z
P6SiYsIOoUqnnNGQif84NWiY2Vds+AUD2lP9wz0iZdQUAev6hxvyGE+va6kRNlmk
dM2LgH/zQB56+fienRiTVAj0qFht6sbBmgRyh9s4zEGTbmuEBxOHpgzZ4okZOkf2
zu2NeQN4ErFSXw8ydYj0krdM+BO7MOMQx+ag6ZjqMxjyuF2X5iOAem8AJZ5cBqXT
+VSrLdufj41S0NEcPGhCvkNOaNXunuuKiNgMxlQCTJ8dh3GA3GWwOe5zFQoapRfi
HOAlSsJNGfvebTAuZJV/kXEUw6rdGPtMejlNDHCvGv5ANfr6EplVhg==
=3khi
-----END PGP SIGNATURE-----
No comments:
Post a Comment