HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2008-01
Linux Kernel hrtimer_start(), shmem_getpage() and IPv6 Extended header vulnerability

Original issue date: January 02, 2008

Severity Rating: High

Systems Affected

  • Linux Kernel 2.6.22 and earlier
  • Linux kernel 2.6.11 through 2.6.23

Overview

Multiple vulnerabilities have been reported in Linux Kernel which could be exploited by local/remote attacker to cause denial of service attack on the affected system.

Description

1. Improper validation of hop-by-hop extended header in Linux Kernel (CVE -2007-4567, CWE-20)

A vulnerability has been reported in Linux Kernel due to improper validation of hop-by-hop IPv6 extended header. A remote attacker could exploit this vulnerability by sending a specially crafted IPv6 packet to cause denial of service on the affected system. The systems that are configured for IPv6 are exploitable.

2. Integer overflow vulnerability in hrtimer_start function (CVE-2007-5966 ,CWE-189 )

A vulnerability has been reported in Linux Kernel due to integer overflow in the hrtimer_start function in “kernel/hrtimer.c”. A local attacker could exploit the vulnerability via a large relative timeout value to execute arbitrary code or cause a denial of service .

3. Linux kernel “shmem_getpage” denial of service Vulnerability
(CVE-2007-6417 , CWE-399)

A vulnerability has been reported in Linux Kernel due to memory allocation error in the “shmem_getpage”[mm/shmem.c] function . This vulnerability could be exploited by local attackers to read sensitive kernel data or cause a denial of service (crash).

Solution

Apply appropriate upgrades as provided by vendors.

http://www.kernel.org/

Vendor Information

kernel
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.10

References

Secunia
http://secunia.com/cve_reference/CVE-2007-4567
http://secunia.com/cve_reference/CVE-2007-5966
http://secunia.com/cve_reference/CVE-2007-6417

DEBIAN
http://www.debian.org/security/2007/dsa-1436

UBUNTU
http://www.ubuntulinux.org/support/documentation/usn/usn-558-1


CVE-Name
CVE -2007-4567
CVE-2007-5966
CVE-2007-6417

CWE
CWE-20
CWE-189
CWE-399

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003