HOME > ADVISORIES


   ADVISORY

CERT-In Advisory CIAD-2008-47
Multiple Vulnerabilities in Linux Kernel

Original issue date: October 03, 2008

Severity Rating: High

Systems Affected

  • Linux kernel prior to 2.6.26.3
  • Linux kernel prior to 2.6.27 rc1

Overview

Multiple vulnerabilities have been reported in Linux Kernel which could be exploited by local/remote attacker to cause denial of service attack on the affected system.

Description

1. Linux kernel “SCTP” denial of service vulnerability
    (CVE-2008-3792)

A vulnerability has been reported in Stream Control Transmission Protocol (sctp) Linux kernel due to not verify SCTP-AUTH extension is enable before proceeding with SCTP-AUTH API functions in " net/sctp/socket.c" .This vulnerability could be exploited by local attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.

2. Linux “nfsd system” buffer overflow vulnerability
    (CVE-2008-3915 , CWE-119)

A vulnerability has been reported in NFSD system. This vulnerability could be exploited by remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl to cause a Buffer overflow attack.

3. Linux kernel “tmpfs” denial of service vulnerability
    (CVE-2008-3534)

A vulnerability has been reported in the tmpfs due to error in the tmpfs shmem_delete_inode() function in mm/shmem.c . This vulnerability could be exploited by local attackers vi a the insserv program using a certain sequence of file create, remove, and overwrite operations to cause denial of service.

4. Linux kernel “ Off-by-one ” denial of service vulnerability     (CVE-2008-3535)

A vulnerability has been reported in the Linux kernel due to Off-by-one error in the iov_iter_advance function in mm/filemap.c. This vulnerability could be exploited by local attackers to cause denial of service via a certain sequence of file I/O operations with readv and writev.

Solution

Upgrade to latest versions provided by the vendor.
http://www.kernel.org/

Vendor Information

kernel.org
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1
http://www.kernel.org/pub/linux/kernel/v2.6/testing/Change
Log-2.6.27-rc2


References

 IBM ISS X-force
http://xforce.iss.net/xforce/xfdb/45189
http://xforce.iss.net/xforce/xfdb/45055
http://xforce.iss.net/xforce/xfdb/44489
http://xforce.iss.net/xforce/xfdb/44492

Security-Focus
http://www.securityfocus.com/bid/ 31121
http://www.securityfocus.com/bid/31132
http://www.securityfocus.com/bid/31133
http://www.securityfocus.com/bid/31134

CVE Name
CVE-2008-3792
CVE-2008-3915
CVE-2008-3534
CVE-2008-3535

CWE
CWE-119

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003