USN-281-1: Linux kernel vulnerabilities
4 May 2006
Linux kernel vulnerabilities
Releases
Details
The sys_mbind() function did not properly verify the validity of the
'maxnod' argument. A local user could exploit this to trigger a buffer
overflow, which caused a kernel crash. (CVE-2006-0557)
The SELinux module did not correctly handle the tracer SID when a
process was already being traced. A local attacker could exploit this
to cause a kernel crash. (CVE-2006-1052)
Al Viro discovered a local Denial of Service in the sysfs write buffer
handling. By writing a block with a length exactly equal to the
processor's page size to any writable file in /sys, a local attacker
could cause a kernel crash. (CVE-2006-1055)
John Blackwood discovered a race condition with single-step debugging
multiple processes at the same time. A local attacker could exploit
this to crash the system. This only affects the amd64 platform.
(CVE-2006-1066)
Marco Ivaldi discovered a flaw in the handling of the ID number of IP
packets. This number was incremented after receiving unsolicited TCP
SYN-ACK packets. A remote attacker could exploit this to conduct port
scans with the 'Idle scan' method (nmap -sI), which bypassed intended
port scan protections. (CVE-2006-1242)
Pavel Kankovsky discovered that the getsockopt() function, when called
with an SO_ORIGINAL_DST argument, does not properly clear the returned
structure, so that a random piece of kernel memory is exposed to the
user. This could potentially reveal sensitive data like passwords or
encryption keys. (CVE-2006-1343)
A buffer overflow was discovered in the USB Gadget RNDIS
implementation. While creating a reply message, the driver did not
allocate enough memory for the reply structure. A remote attacker
could exploit this to cause a kernel crash. (CVE-2006-1368)
Alexandra Kossovsky discovered an invalid memory access in the
ip_route_input() function. By using the 'ip' command in a particular
way to retrieve multicast routes, a local attacker could exploit this
to crash the kernel. (CVE-2006-1525)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 5.10
-
linux-patch-ubuntu-2.6.10
-
-
linux-image-2.6.12-10-hppa64-smp
-
-
linux-patch-ubuntu-2.6.12
-
-
linux-image-2.6.12-10-hppa32
-
-
linux-image-2.6.12-10-itanium-smp
-
-
linux-image-2.6.10-6-686
-
-
linux-image-2.6.10-6-powerpc
-
-
linux-image-2.6.10-6-itanium
-
-
linux-image-2.6.10-6-power4-smp
-
-
linux-image-2.6.12-10-powerpc64-smp
-
-
linux-image-2.6.12-10-powerpc-smp
-
-
linux-image-2.6.12-10-amd64-generic
-
-
linux-image-2.6.12-10-iseries-smp
-
-
linux-image-2.6.12-10-k7-smp
-
-
linux-image-2.6.12-10-amd64-xeon
-
-
linux-image-2.6.10-6-386
-
-
linux-image-2.6.12-10-itanium
-
-
linux-image-2.6.12-10-hppa32-smp
-
-
linux-image-2.6.12-10-powerpc
-
-
linux-image-2.6.10-6-k7-smp
-
-
linux-image-2.6.10-6-amd64-xeon
-
-
linux-image-2.6.12-10-mckinley
-
-
linux-image-2.6.10-6-itanium-smp
-
-
linux-image-2.6.10-6-powerpc-smp
-
-
linux-image-2.6.10-6-power3-smp
-
-
linux-image-2.6.10-6-power3
-
-
linux-image-2.6.12-10-hppa64
-
-
linux-image-2.6.10-6-k7
-
-
linux-image-2.6.12-10-amd64-k8-smp
-
-
linux-image-2.6.10-6-power4
-
-
linux-image-2.6.12-10-686
-
-
linux-image-2.6.10-6-mckinley
-
-
linux-image-2.6.12-10-686-smp
-
-
linux-image-2.6.10-6-686-smp
-
-
linux-image-2.6.10-6-amd64-k8-smp
-
-
linux-image-2.6.12-10-k7
-
-
linux-image-2.6.10-6-amd64-generic
-
-
linux-image-2.6.10-6-amd64-k8
-
-
linux-image-2.6.12-10-mckinley-smp
-
-
linux-image-2.6.12-10-386
-
-
linux-image-2.6.10-6-mckinley-smp
-
-
linux-image-2.6.12-10-amd64-k8
-
Ubuntu 5.04
-
linux-patch-ubuntu-2.6.10
-
-
linux-image-2.6.12-10-hppa64-smp
-
-
linux-patch-ubuntu-2.6.12
-
-
linux-image-2.6.12-10-hppa32
-
-
linux-image-2.6.12-10-itanium-smp
-
-
linux-image-2.6.10-6-686
-
-
linux-image-2.6.10-6-powerpc
-
-
linux-image-2.6.10-6-itanium
-
-
linux-image-2.6.10-6-power4-smp
-
-
linux-image-2.6.12-10-powerpc64-smp
-
-
linux-image-2.6.12-10-powerpc-smp
-
-
linux-image-2.6.12-10-amd64-generic
-
-
linux-image-2.6.12-10-iseries-smp
-
-
linux-image-2.6.12-10-k7-smp
-
-
linux-image-2.6.12-10-amd64-xeon
-
-
linux-image-2.6.10-6-386
-
-
linux-image-2.6.12-10-itanium
-
-
linux-image-2.6.12-10-hppa32-smp
-
-
linux-image-2.6.12-10-powerpc
-
-
linux-image-2.6.10-6-k7-smp
-
-
linux-image-2.6.10-6-amd64-xeon
-
-
linux-image-2.6.12-10-mckinley
-
-
linux-image-2.6.10-6-itanium-smp
-
-
linux-image-2.6.10-6-powerpc-smp
-
-
linux-image-2.6.10-6-power3-smp
-
-
linux-image-2.6.10-6-power3
-
-
linux-image-2.6.12-10-hppa64
-
-
linux-image-2.6.10-6-k7
-
-
linux-image-2.6.12-10-amd64-k8-smp
-
-
linux-image-2.6.10-6-power4
-
-
linux-image-2.6.12-10-686
-
-
linux-image-2.6.10-6-mckinley
-
-
linux-image-2.6.12-10-686-smp
-
-
linux-image-2.6.10-6-686-smp
-
-
linux-image-2.6.10-6-amd64-k8-smp
-
-
linux-image-2.6.12-10-k7
-
-
linux-image-2.6.10-6-amd64-generic
-
-
linux-image-2.6.10-6-amd64-k8
-
-
linux-image-2.6.12-10-mckinley-smp
-
-
linux-image-2.6.12-10-386
-
-
linux-image-2.6.10-6-mckinley-smp
-
-
linux-image-2.6.12-10-amd64-k8
-
In general, a standard system update will make all the necessary changes.
Related notices
- USN-302-1: linux-source-2.6.10, linux-image-2.6.12-10-amd64-xeon, linux-image-2.6.15-25-powerpc, linux-image-2.6.10-6-k7, linux-restricted-modules-common, linux-amd64-server, linux-restricted-modules-2.6.15-25-amd64-xeon, linux-restricted-modules-2.6.15-25-386, linux-image-powerpc, linux-image-2.6.10-6-powerpc, linux-image-2.6.10-6-power3, linux-image-2.6.12-10-powerpc-smp, linux-image-server, linux-restricted-modules-386, linux-image-2.6.12-10-amd64-k8-smp, linux-image-power4-smp, linux-restricted-modules-amd64-generic, nvidia-glx-legacy-dev, linux-power4-smp, linux-image-2.6.10-6-686-smp, linux-source-2.6.15, linux-image-2.6.10-6-amd64-generic, linux-image-server-bigiron, linux-restricted-modules-2.6.15-25-686, linux-image-amd64-server, linux-restricted-modules-686, linux-image-2.6.12-10-amd64-k8, linux-restricted-modules-amd64-xeon, linux-image-2.6.15-25-server-bigiron, linux-restricted-modules-2.6.15-25-powerpc, avm-fritz-kernel-source, linux-powerpc-smp, nvidia-glx, linux-image-powerpc64-smp, linux-restricted-modules-2.6.15-25-amd64-k8, linux-image-686, linux-image-2.6.12-10-686-smp, linux-image-2.6.10-6-686, linux-restricted-modules-2.6.15-25-amd64-generic, linux-image-2.6.10-6-386, avm-fritz-firmware, linux-image-power4, linux-image-amd64-k8, linux-server-bigiron, linux-amd64-xeon, nvidia-glx-legacy, linux-restricted-modules-powerpc-smp, linux-image-2.6.15-25-powerpc-smp, linux-image-2.6.12-10-amd64-generic, linux-image-2.6.15-25-amd64-server, linux-686-smp, linux-amd64-k8, linux-image-2.6.12-10-powerpc, linux-image-2.6.15-25-powerpc64-smp, linux-image-2.6.10-6-amd64-k8-smp, linux-image-2.6.15-25-686, linux-image-amd64-xeon, linux-image-2.6.10-6-power4, linux-image-2.6.15-25-amd64-generic, linux-image-2.6.15-25-server, linux-386, linux-powerpc, linux-686, linux-image-power3-smp, linux-k7, xorg-driver-fglrx-dev, linux-image-386, linux-image-2.6.10-6-power3-smp, linux-image-2.6.12-10-k7-smp, linux-image-2.6.10-6-powerpc-smp, linux-image-power3, linux-patch-ubuntu-2.6.12, linux-image-2.6.10-6-k7-smp, linux-image-2.6.15-25-amd64-xeon, linux-image-2.6.12-10-k7, linux-powerpc64-smp, fglrx-control, linux-image-2.6.12-10-powerpc64-smp, fglrx-kernel-source, linux-restricted-modules-amd64-k8, linux-image-2.6.12-10-686, linux-image-k7, linux-restricted-modules-powerpc, linux-tree-2.6.12, linux-image-2.6.10-6-power4-smp, linux-amd64-generic, linux-image-amd64-generic, linux-image-2.6.10-6-amd64-xeon, linux-amd64-k8-smp, linux-restricted-modules-2.6.15-25-powerpc-smp, linux-k7-smp, linux-power3-smp, xorg-driver-fglrx, linux-restricted-modules-2.6.15-25-k7, linux-power4, linux-image-2.6.15-25-386, linux-power3, nvidia-glx-dev, linux-server, linux-patch-ubuntu-2.6.10, linux-tree-2.6.10, linux-image-2.6.12-10-386, linux-image-2.6.15-25-amd64-k8, avm-fritz-firmware-2.6.15-25, linux-source-2.6.12, linux-restricted-modules-k7, linux-image-2.6.15-25-k7, linux-image-2.6.10-6-amd64-k8, linux-image-powerpc-smp