English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsSA41263

Linux Kernel Multiple Vulnerabilities


Secunia ID

SA41263
CVE-ID

CVE-2010-2960, CVE-2010-3080, CVE-2010-4074, CVE-2010-4082
Release Date

02 Sep 2010
Last Change

08 Dec 2010
Criticality

Less Critical
Solution Status

Vendor Patch
Where

Local system
Impact
DoS (Denial of Service)

This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.

Exposure of sensitive information

Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.

Privilege escalation

This covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users.

This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system.
Description

Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose sensitive information, and potentially gain escalated privileges.

1) An error exists within the "keyctl_session_to_parent()" function in security/keys/keyctl.c, which can be exploited to cause a NULL pointer dereference by e.g. calling "keyctl()" with KEYCTL_SESSION_TO_PARENT.

Note: Successful exploitation may require that the distribution does not use pam_keyinit.

2) A use-after-free error exists within the "snd_seq_oss_open()" function in sound/core/seq/oss/seq_oss_init.c, which can be exploited to e.g. cause a kernel crash.

Note: Successful exploitation may require access to the sequencer device.

3) The "mos7720_ioctl()" function in drivers/usb/serial/mos7720.c, the "mos7840_ioctl()" function in drivers/usb/serial/mos7840.c, and the "viafb_ioctl_get_viafb_info()" function in drivers/video/via/ioctl.c are not properly initializing all members of certain structures before copying them to userspace, which can be exploited to disclose kernel stack memory by sending certain IOCTLs.
Solution

Update to version 2.6.32.23 or 2.6.35.6.
Reported by

1, 2) Tavis Ormandy
3) Dan Rosenberg
Original Advisory

Kernel.org:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.23
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.6

1) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2960
http://www.openwall.com/lists/oss-security/2010/09/02/1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3d96406c7da1ed5811ea52a3b0905f4f0e295376

2) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=27f7ad53829f79e799a253285318bff79ece15bd
http://www.openwall.com/lists/oss-security/2010/09/08/7

3) https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4082
http://www.openwall.com/lists/oss-security/2010/10/25/3
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b4aaa78f4c2f9cde2f335b14f4ca30b01f9651ca

© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search