Debian DSA-1800-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak

NASLDB: Debian DSA-1800-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak

General

ID: 38795
Name: Debian DSA-1800-1 : linux-2.6 – denial of service/privilege escalation/sensitive memory leak

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Temporal Vector: –

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, privilege escalation or a sensitive
memory leak. The Common Vulnerabilities and Exposures project
identifies the following problems :

– CVE-2009-0028
Chris Evans discovered a situation in which a child
process can send an arbitrary signal to its parent.

– CVE-2009-0834
Roland McGrath discovered an issue on amd64 kernels that
allows local users to circumvent system call audit
configurations which filter based on the syscall numbers
or argument details.

– CVE-2009-0835
Roland McGrath discovered an issue on amd64 kernels with
CONFIG_SECCOMP enabled. By making a specially crafted
syscall, local users can bypass access restrictions.

– CVE-2009-0859
Jiri Olsa discovered that a local user can cause a
denial of service (system hang) using a SHM_INFO shmctl
call on kernels compiled with CONFIG_SHMEM disabled.
This issue does not affect prebuilt Debian kernels.

– CVE-2009-1046
Mikulas Patocka reported an issue in the console
subsystem that allows a local user to cause memory
corruption by selecting a small number of 3-byte UTF-8
characters.

– CVE-2009-1072
Igor Zhbanov reported that nfsd was not properly
dropping CAP_MKNOD, allowing users to create device
nodes on file systems exported with root_squash.

– CVE-2009-1184
Dan Carpenter reported a coding issue in the selinux
subsystem that allows local users to bypass certain
networking checks when running with compat_net=1.

– CVE-2009-1192
Shaohua Li reported an issue in the AGP subsystem they
may allow local users to read sensitive kernel memory
due to a leak of uninitialized memory.

– CVE-2009-1242
Benjamin Gilbert reported a local denial of service
vulnerability in the KVM VMX implementation that allows
local users to trigger an oops.

– CVE-2009-1265
Thomas Pollet reported an overflow in the af_rose
implementation that allows remote attackers to retrieve
uninitialized kernel memory that may contain sensitive
data.

– CVE-2009-1337
Oleg Nesterov discovered an issue in the exit_notify
function that allows local users to send an arbitrary
signal to a process by running a program that modifies
the exit_signal field and then uses an exec system call
to launch a setuid application.

– CVE-2009-1338
Daniel Hokka Zakrisson discovered that a kill(-1) is
permitted to reach processes outside of the current
process namespace.

– CVE-2009-1439
Pavan Naregundi reported an issue in the CIFS filesystem
code that allows remote users to overwrite memory via a
long nativeFileSystem field in a Tree Connect response
during mount.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2009-0028
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2009/05/15
Plugin Release: 2009/05/18

Plugin

Version: 1.7
Filename: debian_DSA-1800.nasl
Filesize: 20850 bytes
MD5 Hash: 2943b9e7778bb1263a9d9c7998d35134

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Latest Plugins

Latest Plugins

scip AG