Executive Summary
Summary | |
---|---|
Title | New Linux 2.4.27 packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1237 | First vendor Publication | 2006-12-17 |
Vendor | Debian | Last vendor Modification | 2006-12-17 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-4093 Olof Johansson reported a local DoS (Denial of Service) vulnerability on the PPC970 platform. Unpriveleged users can hang the system by executing the "attn" instruction, which was not being disabled at boot. CVE-2006-4538 Kirill Korotaev reported a local DoS (Denial of Service) vulnerability on the ia64 and sparc architectures. A user could cause the system to crash by executing a malformed ELF binary due to insufficient verification of the memory layout. CVE-2006-4997 ADLab Venustech Info Ltd reported a potential remote DoS (Denial of Service) vulnerability in the IP over ATM subsystem. A remote system could cause the system to crash by sending specially crafted packets that would trigger an attempt to free an already-freed pointer resulting in a system crash. CVE-2006-5174 Martin Schwidefsky reported a potential leak of sensitive information on s390 systems. The copy_from_user function did not clear the remaining bytes of the kernel buffer after receiving a fault on the userspace address, resulting in a leak of uninitialized kernel memory. A local user could exploit this by appending to a file from a bad address. CVE-2006-5649 Fabio Massimo Di Nitto reported a potential remote DoS (Denial of Service) vulnerability on powerpc systems. The alignment exception only checked the exception table for -EFAULT, not for other errors. This can be exploited by a local user to cause a system crash (panic). CVE-2006-5871 Bill Allombert reported that various mount options are ignored by smbfs when UNIX extensions are enabled. This includes the uid, gid and mode options. Client systems would silently use the server-provided settings instead of honoring these options, changing the security model. This update includes a fix from Haroldo Gamal that forces the kernel to honor these mount options. Note that, since the current versions of smbmount always pass values for these options to the kernel, it is not currently possible to activate unix extensions by omitting mount options. However, this behavior is currently consistent with the current behavior of the next Debian release, 'etch'. The following matrix explains which kernel version for which architecture fix the problems mentioned above: Debian 3.1 (sarge) Source 2.4.27-10sarge5 Alpha architecture 2.4.27-10sarge5 ARM architecture 2.4.27-2sarge5 Intel IA-32 architecture 2.4.27-10sarge5 Intel IA-64 architecture 2.4.27-10sarge5 Motorola 680x0 architecture 2.4.27-3sarge5 Big endian MIPS 2.4.27-10.sarge4.040815-2 Little endian MIPS 2.4.27-10.sarge4.040815-2 PowerPC architecture 2.4.27-10sarge5 IBM S/390 architecture 2.4.27-2sarge5 Sun Sparc architecture 2.4.27-9sarge5 The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update: Debian 3.1 (sarge) fai-kernels 1.9.1sarge5 kernel-image-2.4.27-speakup 2.4.27-1.1sarge4 mindi-kernel 2.4.27-2sarge4 systemimager 3.2.3-6sarge4 We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. |
Original Source
Url : http://www.debian.org/security/2006/dsa-1237 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-416 | Use After Free |
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10171 | |||
Oval ID: | oval:org.mitre.oval:def:10171 | ||
Title: | smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings. | ||
Description: | smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-5871 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10388 | |||
Oval ID: | oval:org.mitre.oval:def:10388 | ||
Title: | The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference). | ||
Description: | The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4997 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10666 | |||
Oval ID: | oval:org.mitre.oval:def:10666 | ||
Title: | Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." | ||
Description: | Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4093 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9885 | |||
Oval ID: | oval:org.mitre.oval:def:9885 | ||
Title: | The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer. | ||
Description: | The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-5174 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5011429.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5012650.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5019905.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:012 (kernel) File : nvt/gb_mandriva_MDKSA_2007_012.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:060 (kernel) File : nvt/gb_mandriva_MDKSA_2007_060.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2007:1049-01 File : nvt/gb_RHSA-2007_1049-01_kernel.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2007:1049 centos3 i386 File : nvt/gb_CESA-2007_1049_kernel_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for kernel CESA-2007:1049 centos3 x86_64 File : nvt/gb_CESA-2007_1049_kernel_centos3_x86_64.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:035 File : nvt/gb_suse_2007_035.nasl |
2009-01-07 | Name : RedHat Security Advisory RHSA-2008:0787 File : nvt/RHSA_2008_0787.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1184-1 (kernel-source-2.6.8) File : nvt/deb_1184_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1184-2 (kernel-source-2.6.8) File : nvt/deb_1184_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1233-1 (kernel-source-2.6.8) File : nvt/deb_1233_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1237-1 (kernel-source-2.4.27) File : nvt/deb_1237_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
31374 | Linux Kernel smbfs Mount Option Bypass |
31373 | Linux PowerPC kernel Alignment Check Exception Handling DoS |
29539 | Linux Kernel clip_mkip() Function Unspecified Remote DoS |
29537 | Linux Kernel on s390 copy_from_user Function Local Memory Disclosure |
28936 | Linux Kernel ELF File Handling Cross-Region Mapping Local DoS |
28034 | Linux Kernel Uncleared HID0[31] Bit DoS |
21527 | Check Point VPN-1 SecureClient Security Policy Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1049.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0014.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0710.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0617.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071203_kernel_on_SL3.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-debug-2393.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-2096.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0014.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-bigsmp-2399.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-2097.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1049.nasl - Type : ACT_GATHER_INFO |
2007-12-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1049.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-347-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-346-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-395-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-2397.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-2099.nasl - Type : ACT_GATHER_INFO |
2007-03-12 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-060.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-197.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-012.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_057.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0014.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0013.nasl - Type : ACT_GATHER_INFO |
2006-12-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1237.nasl - Type : ACT_GATHER_INFO |
2006-12-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1233.nasl - Type : ACT_GATHER_INFO |
2006-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO |
2006-10-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1184.nasl - Type : ACT_GATHER_INFO |
2006-10-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0689.nasl - Type : ACT_GATHER_INFO |
2006-10-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0689.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:25 |
|