HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2008-11
Linux Kernel “vmsplice” system call, vserver-enabled, fault handler range check Vulnerabilities

Original issue date: Februrary 15, 2008

Severity Rating: High

Systems Affected

•  Linux kernel 2.6.17 through 2.6.24.1
•  Linux kernel 2.6.x
•  Linux Kernel 2.6.22.16 and previous

Overview

Multiple vulnerabilities have been reported in Adobe Reader/Acrobat product while handling PDF files that could be exploited by the remote attacker to cause execution of arbitrary code.

Description

1.Linux kernel “vmsplice” system call vulnerability
(CVE-2008-0600, CWE-94)

A vulnerability has been reported in Linux kernel due to an error in "vmsplice_to_user()" function in fs/splice.c while invalid checking is performed on user-supplied-data before being used for memory operations. This vulnerability could be exploited by local attackers to gain root privileges via crafted arguments in a “vmsplice()” system call.

2.Linux-VServer vulnerability (CVE-2008-0163, CWE-59)

Linux-VServer provides virtualization for GNU/Linux systems.

A vulnerability has been reported in vserver-enabled Linux kernel which could be exploited by local attackers to access resources of other vservers via a symlink attack in /proc.

3.Linux kernel fault handler range check vulnerability
(CVE-2008-0007, CWE-399)

A vulnerability has been reported in Linux kernel when using certain drivers that register a fault handler that does not perform range checks. This could be exploited by local attacker to access kernel memory for reading and writing via an out-of-range offset.

Solution

Upgrade to latest versions provided by the vendor.
http://www.kernel.org/

Vendor Information

Kernel
http://www.kernel.org

References

FrSIRT
http://www.frsirt.com/english/advisories/2008/0487
http://www.frsirt.com/english/advisories/2008/0445/references

Secuina
http://secunia.com/advisories/28835/

Security-Focus
http://www.securityfocus.com/bid/27704/info

CVE-Name
CVE-2008-0600
CVE-2008-0163
CVE-2008-0007

CWE
CWE-94
CWE-59
CWE-399

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003