1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
|
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200407-02">
<title>Linux Kernel: Multiple vulnerabilities</title>
<synopsis>
Multiple vulnerabilities have been found in the Linux kernel used by
GNU/Linux systems. Patched, or updated versions of these kernels have been
released and details are included in this advisory.
</synopsis>
<product type="ebuild">Kernel</product>
<announced>July 03, 2004</announced>
<revised>March 27, 2011: 04</revised>
<bug>47881</bug>
<bug>49637</bug>
<bug>53804</bug>
<bug>54976</bug>
<bug>55698</bug>
<access>local</access>
<affected>
<package name="sys-kernel/aa-sources" auto="no" arch="*">
<unaffected range="eq">2.4.23-r2</unaffected>
<vulnerable range="lt">2.4.23-r2</vulnerable>
</package>
<package name="sys-kernel/alpha-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.21-r8</unaffected>
<vulnerable range="lt">2.4.21-r8</vulnerable>
</package>
<package name="sys-kernel/ck-sources" auto="no" arch="*">
<unaffected range="eq">2.4.26-r1</unaffected>
<unaffected range="ge">2.6.7-r1</unaffected>
<vulnerable range="lt">2.6.7-r1</vulnerable>
</package>
<package name="sys-kernel/compaq-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.9.32.7-r7</unaffected>
<vulnerable range="lt">2.4.9.32.7-r7</vulnerable>
</package>
<package name="sys-kernel/development-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.7</unaffected>
<vulnerable range="lt">2.6.7</vulnerable>
</package>
<package name="sys-kernel/gaming-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.20-r14</unaffected>
<vulnerable range="lt">2.4.20-r14</vulnerable>
</package>
<package name="sys-kernel/gentoo-dev-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.7</unaffected>
<vulnerable range="lt">2.6.7</vulnerable>
</package>
<package name="sys-kernel/gentoo-sources" auto="yes" arch="*">
<unaffected range="rge">2.4.19-r17</unaffected>
<unaffected range="rge">2.4.20-r20</unaffected>
<unaffected range="rge">2.4.22-r12</unaffected>
<unaffected range="rge">2.4.25-r5</unaffected>
<unaffected range="ge">2.4.26-r3</unaffected>
<vulnerable range="lt">2.4.26-r3</vulnerable>
</package>
<package name="sys-kernel/grsec-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.26.2.0-r5</unaffected>
<vulnerable range="lt">2.4.26.2.0-r5</vulnerable>
</package>
<package name="sys-kernel/gs-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.25_pre7-r7</unaffected>
<vulnerable range="lt">2.4.25_pre7-r7</vulnerable>
</package>
<package name="sys-kernel/hardened-dev-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.7</unaffected>
<vulnerable range="lt">2.6.7</vulnerable>
</package>
<package name="sys-kernel/hardened-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.26-r2</unaffected>
<vulnerable range="lt">2.4.26-r2</vulnerable>
</package>
<package name="sys-kernel/hppa-dev-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.7</unaffected>
<vulnerable range="lt">2.6.7</vulnerable>
</package>
<package name="sys-kernel/hppa-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.26_p6</unaffected>
<vulnerable range="lt">2.4.26_p6</vulnerable>
</package>
<package name="sys-kernel/ia64-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24-r5</unaffected>
<vulnerable range="lt">2.4.24-r5</vulnerable>
</package>
<package name="sys-kernel/mips-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.26-r3</unaffected>
<vulnerable range="lt">2.4.26-r3</vulnerable>
</package>
<package name="sys-kernel/mm-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.7-r1</unaffected>
<vulnerable range="lt">2.6.7-r1</vulnerable>
</package>
<package name="sys-kernel/openmosix-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.22-r10</unaffected>
<vulnerable range="lt">2.4.22-r10</vulnerable>
</package>
<package name="sys-kernel/pac-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.23-r8</unaffected>
<vulnerable range="lt">2.4.23-r8</vulnerable>
</package>
<package name="sys-kernel/pegasos-dev-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.7</unaffected>
<vulnerable range="lt">2.6.7</vulnerable>
</package>
<package name="sys-kernel/pegasos-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.26-r2</unaffected>
<vulnerable range="lt">2.4.26-r2</vulnerable>
</package>
<package name="sys-kernel/planet-ccrma-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.21-r10</unaffected>
<vulnerable range="lt">2.4.21-r10</vulnerable>
</package>
<package name="sys-kernel/ppc-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.26-r2</unaffected>
<vulnerable range="lt">2.4.26-r2</vulnerable>
</package>
<package name="sys-kernel/ppc64-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.7</unaffected>
<vulnerable range="lt">2.6.7</vulnerable>
</package>
<package name="sys-kernel/rsbac-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.26-r2</unaffected>
<vulnerable range="lt">2.4.26-r2</vulnerable>
</package>
<package name="sys-kernel/rsbac-dev-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.7-r1</unaffected>
<vulnerable range="lt">2.6.7-r1</vulnerable>
</package>
<package name="sys-kernel/selinux-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.26-r2</unaffected>
<vulnerable range="lt">2.4.26-r2</vulnerable>
</package>
<package name="sys-kernel/sparc-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.26-r2</unaffected>
<vulnerable range="lt">2.4.26-r2</vulnerable>
</package>
<package name="sys-kernel/uclinux-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.26_p0-r2</unaffected>
<vulnerable range="lt">2.4.26_p0-r2</vulnerable>
</package>
<package name="sys-kernel/usermode-sources" auto="yes" arch="*">
<unaffected range="rge">2.4.24-r5</unaffected>
<unaffected range="ge">2.4.26-r2</unaffected>
<vulnerable range="lt">2.4.26-r2</vulnerable>
</package>
<package name="sys-kernel/vserver-sources" auto="yes" arch="*">
<unaffected range="ge">2.0</unaffected>
<vulnerable range="lt">2.0</vulnerable>
<vulnerable range="ge">2.4</vulnerable>
<vulnerable range="lt">2.4.26.1.3.9-r2</vulnerable>
</package>
<package name="sys-kernel/win4lin-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.26-r2</unaffected>
<vulnerable range="lt">2.4.26-r2</vulnerable>
</package>
<package name="sys-kernel/wolk-sources" auto="yes" arch="*">
<unaffected range="rge">4.9-r9</unaffected>
<unaffected range="rge">4.11-r6</unaffected>
<unaffected range="ge">4.14-r3</unaffected>
<vulnerable range="lt">4.14-r3</vulnerable>
</package>
<package name="sys-kernel/xbox-sources" auto="yes" arch="*">
<unaffected range="ge">2.6.7</unaffected>
<vulnerable range="lt">2.6.7</vulnerable>
</package>
<package name="sys-kernel/xfs-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.24-r8</unaffected>
<vulnerable range="lt">2.4.24-r8</vulnerable>
</package>
<package name="sys-kernel/vanilla-sources" auto="yes" arch="*">
<unaffected range="ge">2.4.27</unaffected>
<vulnerable range="le">2.4.26</vulnerable>
</package>
</affected>
<background>
<p>
The Linux kernel is responsible for managing the core aspects of a
GNU/Linux system, providing an interface for core system applications
as well as providing the essential structure and capability to access
hardware that is needed for a running system.
</p>
</background>
<description>
<p>
Multiple flaws have been discovered in the Linux kernel. This advisory
corrects the following issues:
</p>
<ul>
<li>
CAN-2004-0109: This vulnerability allows privilege escalation using
ISO9660 file systems through a buffer overflow via a malformed file
system containing a long symbolic link entry. This can allow arbitrary
code execution at kernel level.
</li>
<li>
CAN-2004-0133: The XFS file system in 2.4 series kernels has an
information leak by which data in the memory can be written to the
device hosting the file system, allowing users to obtain portions of
kernel memory by reading the raw block device.
</li>
<li>
CAN-2004-0177: The ext3 file system in 2.4 series kernels does not
properly initialize journal descriptor blocks, causing an information
leak by which data in the memory can be written to the device hosting
the file system, allowing users to obtain portions of kernel memory by
reading the raw device.
</li>
<li>
CAN-2004-0181: The JFS file system in 2.4 series kernels has an
information leak by which data in the memory can be written to the
device hosting the file system, allowing users to obtain portions of
kernel memory by reading the raw device.
</li>
<li>
CAN-2004-0178: The OSS Sound Blaster [R] Driver has a Denial of Service
vulnerability since it does not handle certain sample sizes properly.
This allows local users to hang the kernel.
</li>
<li>
CAN-2004-0228: Due to an integer signedness error in the CPUFreq /proc
handler code in 2.6 series Linux kernels, local users can escalate
their privileges.
</li>
<li>
CAN-2004-0229: The framebuffer driver in 2.6 series kernel drivers does
not use the fb_copy_cmap method of copying structures. The impact of
this issue is unknown, however.
</li>
<li>
CAN-2004-0394: A buffer overflow in the panic() function of 2.4 series
Linux kernels exists, but it may not be exploitable under normal
circumstances due to its functionality.
</li>
<li>
CAN-2004-0427: The do_fork() function in both 2.4 and 2.6 series Linux
kernels does not properly decrement the mm_count counter when an error
occurs, triggering a memory leak that allows local users to cause a
Denial of Service by exhausting other applications of memory; causing
the kernel to panic or to kill services.
</li>
<li>
CAN-2004-0495: Multiple vulnerabilities found by the Sparse source
checker in the kernel allow local users to escalate their privileges or
gain access to kernel memory.
</li>
<li>
CAN-2004-0535: The e1000 NIC driver does not properly initialize memory
structures before using them, allowing users to read kernel memory.
</li>
<li>
CAN-2004-0554: 2.4 and 2.6 series kernels running on an x86 or an AMD64
architecture allow local users to cause a Denial of Service by a total
system hang, due to an infinite loop that triggers a signal handler
with a certain sequence of fsave and frstor instructions.
</li>
<li>
Local DoS in PaX: If ASLR is enabled as a GRSecurity PaX feature, a
Denial of Service can be achieved by putting the kernel into an
infinite loop. Only 2.6 series GRSecurity kernels are affected by this
issue.
</li>
<li>
RSBAC 1.2.3 JAIL issues: A flaw in the RSBAC JAIL implementation allows
suid/sgid files to be created inside the jail since the relevant module
does not check the corresponding mode values. This can allow privilege
escalation inside the jail. Only rsbac-(dev-)sources are affected by
this issue.
</li>
</ul>
</description>
<impact type="high">
<p>
Arbitrary code with normal non-super-user privileges may be able to
exploit any of these vulnerabilities; gaining kernel level access to
memory structures and hardware devices. This may be used for further
exploitation of the system, to leak sensitive data or to cause a Denial
of Service on the affected kernel.
</p>
</impact>
<workaround>
<p>
Although users may not be affected by certain vulnerabilities, all
kernels are affected by the CAN-2004-0394, CAN-2004-0427 and
CAN-2004-0554 issues which have no workaround. As a result, all users
are urged to upgrade their kernels to patched versions.
</p>
</workaround>
<resolution>
<p>
Users are encouraged to upgrade to the latest available sources for
their system:
</p>
<code>
# emerge sync
# emerge -pv your-favorite-sources
# emerge your-favorite-sources
# # Follow usual procedure for compiling and installing a kernel.
# # If you use genkernel, run genkernel as you would do normally.</code>
</resolution>
<references>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0109">CVE-2004-0109</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0133">CVE-2004-0133</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0177">CVE-2004-0177</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0178">CVE-2004-0178</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0181">CVE-2004-0181</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0228">CVE-2004-0228</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0229">CVE-2004-0229</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0394">CVE-2004-0394</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0427">CVE-2004-0427</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0495">CVE-2004-0495</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0535">CVE-2004-0535</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0554">CVE-2004-0554</uri>
<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1983">CVE-2004-1983</uri>
</references>
<metadata tag="submitter">
plasmaroo
</metadata>
</glsa>
|
GitWeb