aru Posted February 21, 2006 Report Share Posted February 21, 2006 Mandriva Advisories MDKSA-2006:044 : kernel Updated kernel packages fix multiple vulnerabilities February 21st, 2006 A number of vulnerabilities have been discovered and corrected in the Linux 2.4 kernel: A numeric casting discrepancy in sdla_xfer could allow a local user to read portions of kernel memory via a large len argument (CVE-2004-2607). The traps.c file executes stack segment faults on an exception stack, which could allow a local user to cause an oops and stack fault exception (CVE-2005-1767). The find_target function in ptrace32.c does not properly handle a NULL return value from another function, allowing local users to cause a kernel crash/oops by running a 32-bit ltrace program with the -i option on a 64-bit executable program (CVE-2005-2553). A race condition in ip_vs_conn_flush, when running on SMP systems, could allow a local attacker to cause null dereference DoS by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired (CVE-2005-3274). The NAT code in ip_nat_proto_tcp.c and ip_nat_proto_udp.c incorrectly declares a variable to be static, which could allow a remote attacker to cause a Denial of Service via memory corruption by causing two packets for the same protocol to be NATed at the same time (CVE-2005-3275). The IPv6 flowlabel handling code modified the wrong variable in certain circumstances, which could allow a local user to corrupt kernel memory or cause a Denial of Service (crash) by triggering a free of non- allocated memory (CVE-2005-3806). The wan/sdla.c file does not require CAP_SYS_RAWIO privilege for an SDLA firmware upgrade with unknown impact and local attack vectors (CVE-2006-0096). The provided packages are patched to fix these vulnerabilities.All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate The released versions of Mandriva GNU/Linux affected are: CS2.1 CS3.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0096 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts