HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2009-22
'dell_rbu' Local Denial of Service Vulnerabilities in Linux Kernel

Original Issue Date:January 30, 2009

Severity Rating: Medium

Systems Affected

  • Linux Kernel Versions prior to 2.6.27.13
  • Linux Kernel 2.6.28.x prior to 2.6.28.2

Overview

Two vulnerabilities have been reported in Linux Kernel which allow a local attacker to cause denial of service conditions.

Description

 These vulnerabilities are caused due to errors in the "read_rbu_image_type()" and "read_rbu_packet_size()" functions in drivers/firmware/dell_rbu.c file. A local, unauthenticated attacker could exploit these vulnerabilities by reading zero bytes from /sys/devices/platform/dell_rbu/image_type or /sys/devices/platform/dell_rbu/packet_size to cause a denial of service (DoS)

Solution

Update to version 2.6.27.13 or 2.6.28.2
Linux 2.6.27.13
Linux 2.6.28.2

Vendor Information

kernel.org
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.13
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.2

References

 kernel.org
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.13
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.2

SecurityFocus
http://www.securityfocus.com/bid/33428/

Secunia
http://secunia.com/advisories/33656

CVE Name
CVE-2009-0322


Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003