Next Page >>
64/bit Linux
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always
follow NFS automount symlinks, which allows attackers to have an
unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088)
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem
in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always
follow NFS automount symlinks, which allows attackers to have an
unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088)
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem
in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
The do_anonymous_page function in mm/memory.c in the Linux kernel
does not properly separate the stack and the heap, which allows
context-dependent attackers to execute arbitrary code by writing
to the bottom page of a shared memory segment, as demonstrated by a
memory-exhaustion attack against the X.Org X server. (CVE-2010-2240)
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The Datagram Congestion Control Protocol (DCCP) subsystem in the
Linux kernel 2.6.18, and probably other versions, does not properly
check feature lengths, which might allow remote attackers to execute
arbitrary code, related to an unspecified overflow. (CVE-2008-2358)
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before
2.6.23.14, performs tests of access mode by using the flag variable
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the
Linux kernel before 2.6.25.3 allows remote attackers to cause a
denial of service (memory consumption) via network traffic to a
Simple Internet Transition (SIT) tunnel interface, related to the
pskb_may_pull and kfree_skb functions, and management of an skb
reference count. (CVE-2008-2136)
Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability
iDefense Security Advisory 09.25.07
http://labs.idefense.com/intelligence/vulnerabilities/
Sep 25, 2007
I. BACKGROUND
Linux is a clone of the UNIX operating system, written from scratch by
Linus Torvalds with assistance from a loosely-knit team of hackers
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The selinux_ip_postroute_iptables_compat function in
security/selinux/hooks.c in the SELinux subsystem in the Linux kernel
before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is
enabled, omits calls to avc_has_perm for the (1) node and (2) port,
which allows local users to bypass intended restrictions on network
traffic. NOTE: this was incorrectly reported as an issue fixed in
2.6.27.21. (CVE-2009-1184)
Linux Kernel 2.6.38 Remote NULL Pointer Dereference
====================================================
[Advisory Information]
Title: Linux kernel 2.6.38: Remote NULL pointer dereference
Release date: 11/05/2011
Last update: 11/05/2011
Credits:
Aristide Fattori, Universit degli Studi di Milano (joystick@security.dico.unimi.it)
Affected: 2007.1
_______________________________________________________________________
Problem Description:
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix
extension support is enabled, does not honor the umask of a process,
which allows local users to gain privileges. (CVE-2007-3740)
The drm/i915 component in the Linux kernel before 2.6.22.2, when
used with i965G and later chipsets, allows local users with access
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Memory leak in the appletalk subsystem in the Linux kernel 2.4.x
through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and
ipddp modules are loaded but the ipddpN device is not found, allows
remote attackers to cause a denial of service (memory consumption)
via IP-DDP datagrams. (CVE-2009-2903)
Affected: 2007.1
_______________________________________________________________________
Problem Description:
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix
extension support is enabled, does not honor the umask of a process,
which allows local users to gain privileges. (CVE-2007-3740)
The drm/i915 component in the Linux kernel before 2.6.22.2, when
used with i965G and later chipsets, allows local users with access
Affected: 2007.1
_______________________________________________________________________
Problem Description:
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix
extension support is enabled, does not honor the umask of a process,
which allows local users to gain privileges. (CVE-2007-3740)
The drm/i915 component in the Linux kernel before 2.6.22.2, when
used with i965G and later chipsets, allows local users with access
Affected: 2007.1
_______________________________________________________________________
Problem Description:
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix
extension support is enabled, does not honor the umask of a process,
which allows local users to gain privileges. (CVE-2007-3740)
The drm/i915 component in the Linux kernel before 2.6.22.2, when
used with i965G and later chipsets, allows local users with access
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
Tavis Ormandy discovered that the Linux kernel did not properly implement
exception fixup. A local attacker could exploit this to crash the kernel,
leading to a denial of service. (CVE-2010-3086)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Memory leak in the appletalk subsystem in the Linux kernel 2.4.x
through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and
ipddp modules are loaded but the ipddpN device is not found, allows
remote attackers to cause a denial of service (memory consumption)
via IP-DDP datagrams. (CVE-2009-2903)
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The snd_seq_oss_synth_make_info function in
sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux
kernel before 2.6.27-rc2 does not verify that the device number is
within the range defined by max_synthdev before returning certain
data to the caller, which allows local users to obtain sensitive
information. (CVE-2008-3272)
Unspecified vulnerability in the 32-bit and 64-bit emulation in the
- Ubuntu 10.10
Summary:
Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4 devices
Details:
The CIFS filesystem, when Unix extension support is enabled, does
not honor the umask of a process, which allows local users to gain
privileges. (CVE-2007-3740)
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
units, which allows local users to cause a denial of service (panic)
via unspecified vectors. (CVE-2007-4133)
The IA32 system call emulation functionality in Linux kernel 2.4.x
It was discovered that KVM did not correctly initialize certain CPU
registers. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2010-3698)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Thomas Pollet discovered that the RDS network protocol did not
check certain iovec buffers. A local attacker could exploit this
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c)
in the Linux
kernel before 2.6.30 allows remote attackers to cause a denial
of service
(kernel memory corruption and crash) via a long packet. (CVE-2009-1389)
The inode double locking code in fs/ocfs2/file.c in the Linux kernel
2.6.30
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Linux kernel before 2.6.22.17, when using certain drivers that register
a fault handler that does not perform range checks, allows local users
to access kernel memory via an out-of-range offset. (CVE-2008-0007)
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and
2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules;
Affected: 2008.0
_______________________________________________________________________
Problem Description:
The wait_task_stopped function in the Linux kernel before 2.6.23.8
checks a TASK_TRACED bit instead of an exit_state value, which
allows local users to cause a denial of service (machine crash) via
unspecified vectors. NOTE: some of these details are obtained from
third party information. (CVE-2007-5500)
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The ATI Rage 128 (aka r128) driver in the Linux kernel before
2.6.31-git11 does not properly verify Concurrent Command Engine (CCE)
state initialization, which allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly gain
privileges via unspecified ioctl calls. (CVE-2009-3620)
Brad Spengler discovered that stack memory for new a process was not
correctly calculated. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2010-3858)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Kees Cook discovered that the ethtool interface did not correctly clear
kernel memory. A local attacker could read kernel heap memory, leading to a
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The gfs2_lock function in the Linux kernel before
2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux
kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly
remove POSIX locks on files that are setgid without group-execute
permission, which allows local users to cause a denial of service
(BUG and system crash) by locking a file on a (1) GFS or (2) GFS2
Problem Description:
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The exit_notify function in kernel/exit.c in the Linux kernel
before 2.6.30-rc1 does not restrict exit signals when the
CAP_KILL capability is held, which allows local users to send an
arbitrary signal to a process by running a program that modifies the
exit_signal field and then uses an exec system call to launch a setuid
application. (CVE-2009-1337)
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Buffer overflow in the ecryptfs_uid_hash macro in
fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux
kernel before 2.6.35 might allow local users to gain privileges
or cause a denial of service (system crash) via unspecified
vectors. (CVE-2010-2492)
The DNS resolution functionality in the CIFS implementation in the
Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled,
Problem Description:
A vulnerability was discovered and corrected in the Linux 2.6 kernel:
The setup_arg_pages function in fs/exec.c in the Linux kernel before
2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict
the stack memory consumption of the (1) arguments and (2) environment
for a 32-bit application on a 64-bit platform, which allows local
users to cause a denial of service (system crash) via a crafted exec
system call, a related issue to CVE-2010-2240. (CVE-2010-3858)
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
Details follow:
USN-1080-1 fixed vulnerabilities in the Linux kernel. This update provides
the corresponding updates for the Linux kernel for use with EC2.
Original advisory details:
Thomas Pollet discovered that the RDS network protocol did not check
Next Page>>
|
