English

Calendar Discussions Polls

RSS feeds Subscriptions Contacts

The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service.

Internet threat level: 1

Watch us on

Home→Descriptions→SA37590

Linux Kernel Multiple Vulnerabilities

Secunia ID	SA37590
CVE-ID	CVE-2009-3939, CVE-2009-4020, CVE-2009-4306, CVE-2009-4895
Release Date	04 Dec 2009
Last Change	16 Jun 2010
Criticality	Less Critical
Solution Status	Partial Fix
Where	Local system
Impact	DoS (Denial of Service) This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. Manipulation of data This includes vulnerabilities where a user or a remote attacker can manipulate local data on a system, but not necessarily be able to gain escalated privileges or system access. The most frequent type of vulnerabilities with this impact are SQL-injection vulnerabilities, where a malicious user or person can manipulate SQL queries. Privilege escalation This covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users. This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system.
Description	A security issue and some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to manipulate certain data and cause a DoS (Denial of Service), and by malicious people to potentially compromise a vulnerable system. 1) The security issue is caused due to insecure permissions being set to driver attributes in sysfs ("/sys/bus/pci/drivers/megaraid_sas/poll_mode_io") and can be exploited to manipulate driver behaviour. 2) A locking error within the TTY subsystem can be exploited to cause a NULL pointer dereference. 3) A boundary error within the "hfs_bnode_read()" function in fs/hfs/bnode.c can be exploited to cause a buffer overflow by e.g. tricking a user into mounting and accessing a specially crafted HFS file system. 4) A vulnerability is caused due to an unspecified error when handling the EXT4_IOC_MOVE_EXT IOCTL. This can be exploited to e.g. cause a file system corruption by sending a specially crafted IOCTL.
Solution	Update to version 2.6.33, which fixes vulnerabilities #1, #2, and #3. Restrict access to trusted users only. Do not mount untrusted file systems.
Reported by	1) Bryn M. Reeves, reported in a Red Hat bugreport. 2) Kyle Bader 3) Amerigo Wan, Red Hat 4) Brad Spengler
Original Advisory	1) https://bugzilla.redhat.com/show_bug.cgi?id=526068 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=bb7d3f24c71e528989501617651b669fbed798cb 2) http://bugzilla.kernel.org/show_bug.cgi?id=14605 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=80e1e823989ec44d8e35bdfddadbddcffec90424 3) https://bugzilla.redhat.com/show_bug.cgi?id=540736 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ec81aecb29668ad71f699f4e7b96ec46691895b6 4) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://twitter.com/spendergrsec/status/6567167692 http://twitter.com/spendergrsec/status/6569596339