HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-11
Multiple Vulnerabilities in Linux Kernel

Original Issue Date:January 21, 2009

Severity Rating: Medium

Systems Affected

  • Linux Kernel Versions prior to 2.6.26

Overview

Multiple vulnerabilities have been reported in Linux kernel which allows local users to cause a Denial of Service condition or potentially gain escalated privileges.

Description

 1. 'locks_remove_flock()' Local Race Condition Vulnerability
     (CVE-2008-4307)

This vulnerability is caused due to an incorrect lock in the "do_setlk()" function in fs/nfs/file.c in the Linux kernel. A local attacker can exploit this vulnerability via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock to cause a denial of service condition .

2. 'sys_remap_file_pages()' Local Privilege Escalation      Vulnerability (CVE-2009-0024)

This vulnerability is caused due to improper accounting for certain variables in sys_remap_file_pages()" function in mm/fremap.c in the Linux kernel. A local attacker could exploit this vulnerability via vectors relating to the vm_file structure member, and the mmap_region and do_munmap functions.

Successful exploitation of this vulnerability would allow a local attacker to execute an arbitrary code with super user privileges or to cause a denial of service condition.

Note: Linux Kernel Versions 2.6.24.x and later are not vulnerable to          this issue.

Solution

Update to kernel version 2.6.26.
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26

Vendor Information

kernel.org
http://www.kernel.org/

References

 kernel.org
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26

SecurityFocus
http://www.securityfocus.com/bid/33237
http://www.securityfocus.com/bid/33211

Secunia
http://secunia.com/advisories/30719/
http://secunia.com/advisories/28696/

Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=456282
https://bugzilla.redhat.com/show_bug.cgi?id=396751

 Openwall
http://openwall.com/lists/oss-security/2009/01/13/1
http://openwall.com/lists/oss-security/2009/01/12/1

CVE Name
CVE-2008-4307
CVE-2009-0024

CWE
CWE-362

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003