CERT-In Advisory CIAD-2009-22
Multiple Vulnerabilities in Linux Kernel
Original issue date:
April 29, 2009
Severity Rating: High
Systems Affected
Overview
Multiple vulnerabilities have been reported in Linux Kernel which could allow attackers to obtain sensitive information, to bypass certain security restrictions or to cause Denial of Service conditions.
Description
1. “inet6_hashtables.c" NULL Pointer Dereference Denial of Service (CVE-2009-1360)
This issue is caused due to NULL-pointer dereference exception of a recycled TIMEWAIT pointer in the "ipv6/inet6_hashtables.c" file in Linux kernel version 2.6.7 and prior. This allows remote attackers to cause a denial of service condition on the systems having the affected version of the kernel.
This issue is fixed in Linux Kernel version 2.6.29.2
2. Frame Size Integer Overflow Remote Information Disclosure Vulnerability (CVE-2009-1265)
This vulnerability is caused by integer overflow errors in the "rose_sendmsg()" [sys/net/af_rose.c], "nr_sendmsg()" [net/netrom/af_netrom.c], and "x25_sendmsg()" [net/x25/af_x25.c] functions. A remote attacker could exploit this vulnerability to disclose certain information via a large length value, which causes "garbage" memory to be sent.
This issue is fixed in Linux Kernel version 2.6.30-rc1
3. 'kill_something_info()' Local Denial of Service Vulnerability (CVE-2009-1338)
The Linux kernel 2.6.24 introduced "PID namespaces", a mechanism for creating sets of tasks with isolated process IDs.
This vulnerability is caused due to failure in restricting signals sent using the "kill" command with the process ID parameter "-1" to processes within the current PID namespace in Linux Kernel.
A local attacker could exploit this vulnerability to cause a denial of service condition by sending signals to all processes on the affected computer.
This issue is fixed in Linux Kernel version 2.6.28
Solution
Upgrade to appropriate version of Linux Kernel
http://www.kernel.org/
Vendor Information
kernel.org
http://www.kernel.org/
References
kernel.org
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog
-2.6.30-rc1
LKML
http://lkml.org/lkml/2008/7/23/148
VUPEN
http://www.vupen.com/english/advisories/2009/0975
SecurityFocus
http://www.securityfocus.com/bid/34602
http://www.securityfocus.com/bid/34558
http://www.securityfocus.com/bid/34654
CVE Name
CVE-2009-1265
CVE-2009-1360
CVE-2009-1338
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
