Date: 12 September 2011
References: ESB-2011.0658 ESB-2011.0758 ESB-2011.0973 ESB-2011.1013 ESB-2011.1048 ESB-2012.0048 ESB-2012.0333.2 ESB-2012.0415.4
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.0923.2
linux-2.6 security update
12 September 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux-2.6
Publisher: Debian
Operating System: Debian GNU/Linux 6
Impact/Access: Access Privileged Data -- Existing Account
Denial of Service -- Existing Account
Provide Misleading Information -- Remote/Unauthenticated
Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2011-3191 CVE-2011-3188 CVE-2011-2928
CVE-2011-2918 CVE-2011-2909 CVE-2011-2905
CVE-2011-2723 CVE-2011-2700 CVE-2011-2525
CVE-2011-2517 CVE-2011-2497 CVE-2011-2496
CVE-2011-2495 CVE-2011-2492 CVE-2011-2491
CVE-2011-2484 CVE-2011-1768 CVE-2011-1576
CVE-2011-1020
Reference: ESB-2011.0758
ESB-2011.0658
Original Bulletin:
http://www.debian.org/security/2011/dsa-2303
Revision History: September 12 2011: Corrected regression
September 9 2011: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ----------------------------------------------------------------------
Debian Security Advisory DSA-2303-2 security@debian.org
http://www.debian.org/security/ Dann Frazier
September 10, 2011 http://www.debian.org/security/faq
- - ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491
CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497
CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723
CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928
CVE-2011-3188 CVE-2011-3191
Debian Bug : 640966
The linux-2.6 and user-mode-linux upgrades from DSA-2303-1 has caused a
regression that can result in an oops during invalid accesses to
/proc/<pid>/maps files.
The text of the original advisory is reproduced for reference:
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2011-1020
Kees Cook discovered an issue in the /proc filesystem that allows local
users to gain access to sensitive process information after execution of a
setuid binary.
CVE-2011-1576
Ryan Sweat discovered an issue in the VLAN implementation. Local users may
be able to cause a kernel memory leak, resulting in a denial of service.
CVE-2011-2484
Vasiliy Kulikov of Openwall discovered that the number of exit handlers that
a process can register is not capped, resulting in local denial of service
through resource exhaustion (cpu time and memory).
CVE-2011-2491
Vasily Averin discovered an issue with the NFS locking implementation. A
malicious NFS server can cause a client to hang indefinitely in an unlock
call.
CVE-2011-2492
Marek Kroemeke and Filip Palian discovered that uninitialized struct
elements in the Bluetooth subsystem could lead to a leak of sensitive kernel
memory through leaked stack memory.
CVE-2011-2495
Vasiliy Kulikov of Openwall discovered that the io file of a process' proc
directory was world-readable, resulting in local information disclosure of
information such as password lengths.
CVE-2011-2496
Robert Swiecki discovered that mremap() could be abused for local denial of
service by triggering a BUG_ON assert.
CVE-2011-2497
Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,
which could lead to denial of service or privilege escalation.
CVE-2011-2517
It was discovered that the netlink-based wireless configuration interface
performed insufficient length validation when parsing SSIDs, resulting in
buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a
denial of service.
CVE-2011-2525
Ben Pfaff reported an issue in the network scheduling code. A local user
could cause a denial of service (NULL pointer dereference) by sending a
specially crafted netlink message.
CVE-2011-2700
Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the
driver for the Si4713 FM Radio Transmitter driver used by N900 devices.
Local users could exploit this issue to cause a denial of service or
potentially gain elevated privileges.
CVE-2011-2723
Brent Meshier reported an issue in the GRO (generic receive offload)
implementation. This can be exploited by remote users to create a denial of
service (system crash) in certain network device configurations.
CVE-2011-2905
Christian Ohm discovered that the 'perf' analysis tool searches for its
config files in the current working directory. This could lead to denial of
service or potential privilege escalation if a user with elevated privileges
is tricked into running 'perf' in a directory under the control of the
attacker.
CVE-2011-2909
Vasiliy Kulikov of Openwall discovered that a programming error in
the Comedi driver could lead to the information disclosure through
leaked stack memory.
CVE-2011-2918
Vince Weaver discovered that incorrect handling of software event overflows
in the 'perf' analysis tool could lead to local denial of service.
CVE-2011-2928
Timo Warns discovered that insufficient validation of Be filesystem images
could lead to local denial of service if a malformed filesystem image is
mounted.
CVE-2011-3188
Dan Kaminsky reported a weakness of the sequence number generation in the
TCP protocol implementation. This can be used by remote attackers to inject
packets into an active session.
CVE-2011-3191
Darren Lavender reported an issue in the Common Internet File System (CIFS).
A malicious file server could cause memory corruption leading to a denial of
service.
This update also includes a fix for a regression introduced with the previous
security fix for CVE-2011-1768 (Debian: #633738)
For the stable distribution (squeeze), this problem has been fixed in version
2.6.32-35squeeze2. Updates for issues impacting the oldstable distribution
(lenny) will be available soon.
The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:
Debian 6.0 (squeeze)
user-mode-linux 2.6.32-1um-4+35squeeze2
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJOa7gPAAoJEBv4PF5U/IZAhyoP/1VRIeUGZPmOMBIIUWfPP5Vt
LJzj2kXbNmk6GpSJaO23mTZSq9XdrGP9aPpkTQY/QRsH5/nVEr6Djq4X/ld07l2U
M3M8/ufVrdht/evuS37nriTKQ3+wuN8N2e2uP6ZPV3ez+PO6r5eh2QdjotMNOA8P
CnF1VuLXOm0WguxOFFekbM6XjYCovSeFz6V2vIpdSZlDAVcBjW8Qrb/elSDY43rb
yNWt61V05ihNnlhIDZwT2Q8QJ2aR27VIsNxZbnualV3iT3f+A+pX7Mix8mgZkbvp
ZDHQ+gV2xr0D0zBO8JOa7CCkqhp0TQKiATD6ix2ZcjehmqtwB0HxQx074o2OVKA3
vL7UaEd8aY06VcUsW2KutjK3qjfWKEMmgp/aI9jP6wpJOi7GUxiUc2vK/e1Ksw95
dYe9tP1QmSKW5IFHeJauIgWWT1ERe3ofa8UGT7Z9Y3zExjDwesNzqf2OlYCuS4g4
d4wvkLZsKB+e9Xy6TDSdqLL66CIwHhOc50iI8F2fC02RJrxE3WICePmdCAJd/lrQ
2IeXkeq0hEjW3vOFKgp1/ta6fOjQNNev/1w/BZK6b/9UZf8LOmT2lKZQXlbcSoE4
Iztr47uj/w1/fjFjfBntwX93sPrDGQP1/kwppLCeWOsoTYL4Nh2cpTm5mRTH8qH9
PRLlyhdV4oDL0uqQwYo5
=ffJs
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTm1iAe4yVqjM2NGpAQIBwhAAmNMiltsXaNOmV8wNHxstMSJfFr3XbKgx
oEQN/yCssMp5U+lT+AchA4O6zKIuO9tVrL8540bIhWOVrcgdOCC+QazLq8J6FgpC
WQ2t2nH8seMB6Ik9Ucx6frgjfvIr8CDUcnKXxOQfgKsm/lqugGdWge0pNBu4UKxw
Re5cQvZ0f8QW8XFKiCTRKfCVhmz3HCtW8SUdTgYxKXqJdWpQVOTnRMZs0+sMRhRy
+QJ977eJFiWyREp5Uhes2UpqZFspi8wj2aWTR3DfMY65X4use9sVKymRIZRO4SgG
ZlMFgsMhCFfGbdNJ1mhZm8+Q3vPyT9CZ4WJYV2WGNiiV1j6RlVok/DWMNCr2cfpQ
kotMV6x9M5YQ2SBEn4mjIS5OhD9gWk9MFUBLyyAlZUqPbML5r46QcGravQg//CUd
ZtfIi6gL19n+toahpYppBwYg8f/SY30G1C4BWA7R+FzprEDpqkBmSpDWoGU5nz0e
XME50akITciDVcyLebk2OfnwZgyR8qfl12G0TuwAOy53erB5S3T+TjRgbVCck4HF
ne+7MwigSu+VYZ/xbJ+S5JmmkyhlyNtsucPo3x4ubhxx8Uscp7tFPoD7wxRk6Dh0
46sRFCfnV9YxwP4JwIOB37FY9ATW6Xrgw64FArVSPDFkHzzI9D/qti9CDEV83T63
ts/NM4VZ98M=
=jlDF
-----END PGP SIGNATURE-----
|