AusCERT - AA-2007.0111 -- [Linux] -- Multiple Linux kernel vulnerabilities

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
AA-2007.0111 -- [Linux] -- Multiple Linux kernel vulnerabilities
Date: 22 November 2007
References: ESB-2008.0233 ESB-2008.0240 ESB-2009.1430.3

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
AA-2007.0111                  AUSCERT Advisory

                                  [Linux]
                   Multiple Linux kernel vulnerabilities
                             22 November 2007
- ---------------------------------------------------------------------------

        AusCERT Advisory Summary
        ------------------------

Product:              kernel
Operating System:     Linux variants
Impact:               Denial of Service
                      Reduced Security
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-6063 CVE-2007-5501 CVE-2007-5500
                      CVE-2006-6058
Member content until: Thursday, December 20 2007


OVERVIEW:

       Multiple vulnerabilities in the Linux kernel have been reported 
       which may result in a remote or local DoS (denial of service)
       and possibly more serious impacts.


IMPACT:

       The National Vulnerability Database [1], gives the following
       information regarding these vulnerabilities:

       o CVE-2007-6063: "Buffer overflow in the isdn_net_setcfg function 
         in isdn_net.c in Linux kernel 2.6.23 allows local users to have 
         an unknown impact via a crafted argument to the isdn_ioctl 
         function." [2]

       o CVE-2007-5501: "The tcp_sacktag_write_queue function in 
         net/ipv4/tcp_input.c in Linux kernel 2.6.24-rc2 and earlier 
         allows remote attackers to cause a denial of service (crash) via 
         crafted ACK responses that trigger a NULL pointer dereference.
         [3]

       o CVE-2007-5500: "The wait_task_stopped function in the Linux 
         kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an 
         exit_state value, which allows local users to cause a denial of 
         service (machine crash) via unspecified vectors." [4]

       o CVE-2006-6058: "The minix filesystem code in Linux kernel 2.6.x 
         up to 2.6.18, and possibly other versions, allows local users to 
         cause a denial of service (hang) via a malformed minix file 
         stream that triggers an infinite loop in the minix_bmap function." 
         [5]

   
MITIGATION:

       There is currently no further information available regarding
       patches for CVE-2007-6063.

       CVE-2007-5500 and CVE-2007-5501 have been corrected in Linux kernel 
       2.6.23.8 [6]. 

       To protect against the vulnerability described in CVE-2006-6058 
       Secunia suggests "Allow only trusted users to mount images and do 
       not mount untrusted images." [7]


REFERENCES:

       [1] National Vulnerability Database
            http://nvd.nist.gov/

       [2] National Vulnerability Database CVE-2007-6063
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6063

       [3] National Vulnerability Database CVE-2007-5501
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5501

       [4] National Vulnerability Database CVE-2007-5500
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5500

       [5] National Vulnerability Database CVE-2006-6058
           http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6058

       [6] The Linux Kernel Archive
           http://www.kernel.org/

       [7] Minix File System Denial of Service Vulnerability
           http://secunia.com/advisories/23034


AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBR0UrFSh9+71yA2DNAQJSsAP+IPDuFL/c3u6hDy42C3y6LFqmP11mhBHr
B3H5NQnbu/yNK35D0fAOJE9/8ekFfjuLmFN+j5v4VuEbSc0qNJy+csSmEaudRl2L
WTac2Dyxg/IX8SSm+fJOxgqWAt4PvKquZULXPEVF7X7Ur40FrJcvPJFRLk0WrMdE
QSkWQvkmTOo=
=iPyo
-----END PGP SIGNATURE-----