CERT-In Vulnerability Note CIVN-2008-54
Multiple Vulnerabilities in Linux Kernel
Original Issue Date:
May 06, 2008
Severity Rating:
High
System Affected
- Linux kernel versions prior to 2.6.25.1
Overview
Multiple vulnerabilities have been reported in Linux kernel , which can be exploited by local attackers to cause a denial of service or potentially gain escalated privileges.
Description
1. Linux kernel 'dnotify.c' Privilege Escalation Vulnerability (CVE-2008-1375 , CWE-362)
A vulnerability has been reported in the directory notification subsystem (dnotify) in Linux kernel due to race condition error between calls to "fcntl()" and "close()". This can be exploited by local attacker to cause a denial of service and possible gain privileges via unspecified vectors.
2. Linux kernel ' BDX _OP_WRITE' Memory Corruption Vulnerability (CVE-2008-1675 , CWE-399)
A vulnerability has been reported in Linux kernel due to an improper check for CAP_NET_ADMIN permissions when processing crafted " BDX _OP_WRITE" IOCTL calls in the "bdx_ioctl_priv()" function within the Tehuti Network Driver. This can be exploited by local attacker to corrupt kernel memory and gain elevated privileges.
Solution
Update to Linux Kernel versions 2.6.25.1
http://www.kernel.org
Vendor Information
Kernel
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1
References
SecurityFocus
http://www.securityfocus.com/archive/1/491566
Secunia
http://secunia.com/advisories/30044/
Secwatch
http://secwatch.org/advisories/1021084/
Securitytracker http://securitytracker.com/alerts/2008/May/1019960.html
CVE Name
CVE-2008-1675
CVE-2008-1375
CWE Name
CWE-362
CWE-399
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
