HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-51
Multiple Vulnerabilities in Linux Kernel

Original issue date: October 1, 2007

Severity Rating: Medium

Systems Affected

  • Linux Kernel versions prior to 2.4.35.3
  • Linux Kernel versions prior to 2.6.22.7
  • Linux kernel 2.6.17 through 2.6.17.6

Overview

Multiple vulnerabilities have been reported in Linux Kernel which could be exploited by local attacker to gain elevated privileges or cause denial of service on the affected system .

Description

1. Privilege Escalation in Linux Kernel
( CVE -2007-4573, CWE-264 )

A vulnerability has been reported in IA32 system call emulation functionality in Linux kernel when running on the x86_64 architecture. This exists due to certain x86_64 (%RAX) registers not being zero-extended after “ptrace” in the 32bit entry path. A local attacker could exploit the vulnerability to gain elevated privileges by triggering an out-of-bounds access to the system call table using the %RAX register .

2. Race condition in the tee (sys_tee) system call in the Linux kernel ( CVE-2007-0997, CWE-362 )

A vulnerability has been reported within the tee (sys_tee) system call included in the Linux Kernel due to an error in the " sys_tee() " function while handling dropped ipipe lock during a race condition between two pipe readers. This vulnerability could be exploited by local attackers to cause denial of service which may results into system crashing and also disclose sensitve information related to the kernel memory.

3. Privilege escalation in Linux Kernel ATM Module ( CVE-2007-5087 , CWE-264 )

A vulnerability has been reported in Linux kernel due to an error in the ATM module when loaded with CLIP support while the CLIP module is not loaded yet. This vulnerability could be exploited by local attackers to cause privilege escalation and denial of service (kernel panic) on the affected system.

Solution

Upgrade to Linux Kernel versions as provided by vendor.
http://www.kernel.org

Vendor Information

Kernel

http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.7
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.20
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18

References

FrSirt
http://www.frsirt.com/english/advisories/2007/3246


CVE-Name
CVE -2007-4573
CVE-2007-0997
CVE-2007-5087

CWE
CWE-264
CWE-362
CWE-264

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003