copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » By Operating... » UNIX (all) » Linux (all) » Ubuntu » AA-2009.0071 -- [Linux] -- kernel: Multiple vulnerab...
 

AA-2009.0071 -- [Linux] -- kernel: Multiple vulnerabilities identified
Date: 30 March 2009
References: ESB-2009.0375  ESB-2009.0321  ESB-2009.0415  ESB-2009.0431  ESB-2009.0447  ESB-2009.0473  ESB-2009.0496  ESB-2009.1213  ASB-2010.0030  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
AA-2009.0071                  AUSCERT Advisory

                                  [Linux]
                kernel: Multiple vulnerabilities identified
                               30 March 2009
- ---------------------------------------------------------------------------

        AusCERT Advisory Summary
        ------------------------

Product:              kernel
Operating System:     Linux variants
Impact:               Access Privileged Data
                      Create Arbitrary Files
                      Denial of Service
Access:               Remote/Unauthenticated
CVE Names:            CVE-2009-0787 CVE-2009-1046 CVE-2009-1072
Member content until: Monday, April 27 2009

OVERVIEW:

       A number of vulnerabilities have been identified in the Linux kernel
       prior to version 2.6.29.
 

IMPACT:
      
       The National Vulnerability Database [1] has assigned CVE-2009-0787,
       CVE-2009-1046 and CVE-2009-1072 to these vulnerabilities:

       CVE-2009-0787: "The ecryptfs_write_metadata_to_contents function in the 
       eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses 
       an incorrect size when writing kernel memory to an eCryptfs file header, 
       which triggers an out-of-bounds read and allows local users to obtain 
       portions of kernel memory." [2]

       CVE-2009-1046: "The console selection feature in the Linux kernel 
       2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the 
       UTF-8 console is used, allows physically proximate attackers to cause a 
       denial of service (memory corruption) by selecting a small number of 
       3-byte UTF-8 characters, which triggers an "an off-by-two memory error." NOTE: 
       it is not clear whether this issue crosses privilege boundaries." [3]

       CVE-2009-1072: "nfsd in the Linux kernel before 2.6.28.9 does not drop 
       the CAP_MKNOD capability before handling a user request in a thread, 
       which allows local users to create device nodes, as demonstrated on a 
       filesystem that has been exported with the root_squash option." [4]

       Kernel.org has confirmed the fix of these vulnerabilities in the
       changelog for 2.6.29. [5]

  
MITIGATION:

       Upgrade to Linux Kernel version 2.6.29 or later to patch these
       vulnerabilities.


REFERENCES:

       [1] National Vulnerability Database
           http://nvd.nist.gov

       [2] Vulnerability Summary for CVE-2009-0787
           http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0787  

       [3] Vulnerability Summary for CVE-2009-1046
           http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1046 
 
       [4] Vulnerability Summary for CVE-2009-1072
           http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1072 

       [5] Linux Kernel ChangeLog 2.6.29
           http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFJ0CNLNVH5XJJInbgRAm2gAJ9vIc6xtawfnP743MBhGNxxMGIhXACeJ7ZU
TBb1TUw4HCp+hVPteHAIISE=
=wX9a
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=8365&it=10720