J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: Linux Kernel SMBFS Multiple Remote Vulnerabilities

Severity: CRITICAL

Description:

The Linux kernel is reported prone to multiple remote vulnerabilities in the SMBFS network filesystem.

The following specific issues were identified:

2.4 versions of the kernel are reported prone to a kernel buffer-overflow vulnerability when attempting to handle 'smb_proc_read()' requests. 'read' syscalls on SMBFS-mounted filesystems may result in an overflow if an SMB server returns more data than requested. This vulnerability may crash the kernel or possibly allow remote code execution.

2.4 versions of the kernel are reported prone to a vulnerability in 'smb_proc_readX' requests. A data offset supplied by a malicious SMB server is improperly bounds-checked, potentially resulting in a local information-disclosure vulnerability. The kernel may return data outside of the proper SMB packet buffer in a 'read' syscall, disclosing potentially sensitive kernel memory to a local attacker. This may also result in a kernel crash if an attacker-supplied offset causes the kernel to try to access unallocated memory.

2.4 versions of the kernel are reported prone to a buffer-overflow vulnerability in the 'smb_receive_trans2' defragmentation process. In certain conditions, memory is copied without proper bounds-checking. In conjunction with other issues, this may result in kernel memory being overwritten with attacker-supplied data, potentially facilitating remote code execution.

2.6 versions of the kernel are reported prone to an integer-underflow vulnerability in the 'smb_proc_readX_data' function. Reportedly, an offset is decremented by a server-supplied value without proper bounds-checking. This may result in the value underflowing and may cause further operations to try to access unallocated memory, resulting in a kernel crash.

2.4 and 2.6 versions of the kernel are reported prone to a vulnerability in the 'smb_receive_trans2' function. A data offset supplied by a malicious SMB server is improperly bounds-checked, potentially resulting in a local information-disclosure vulnerability. The kernel may return data outside of the proper SMB packet buffer, disclosing potentially sensitive kernel memory. This may also result in a kernel crash if an attacker-supplied offset causes the kernel to try to access unallocated memory.

2.4 and 2.6 versions of the kernel are reported susceptible to an information-disclosure vulnerability when attempting to process TRANS2 SMB packets. Reportedly, a receive buffer isn't properly initialized prior to its use, allowing attackers to read potentially sensitive data from kernel memory. By sending several thousand requests with only one byte of data, the resulting buffer returned to the attacker may contain the contents of previously used kernel memory.

2.4 and 2.6 versions of the kernel are reported susceptible to a vulnerability that allows remote attackers to corrupt counters when attempting to defragment TRANS2 SMB packets. This may reportedly be combined with other vulnerabilities to cause a buffer overflow in the kernel.

These vulnerabilities may lead to the execution of attacker-supplied machine code, information disclosure of kernel memory, or kernel crashes, denying service to legitimate users.

Affected Products:

  • Astaro Security Linux 2.0.0 16
  • Astaro Security Linux 2.0.0 23
  • Avaya Modular Messaging (MSS) 1.1.0
  • Avaya Modular Messaging (MSS) 2.0.0
  • CRUX CRUX Linux 1.0.0
  • Caldera OpenLinux Server 3.1.0
  • Caldera OpenLinux Server 3.1.1
  • Caldera OpenLinux Workstation 3.1.0
  • Caldera OpenLinux Workstation 3.1.1
  • Conectiva Linux 7.0.0
  • Conectiva Linux 8.0.0
  • Conectiva Linux 9.0.0
  • Conectiva Linux Enterprise Edition 1.0.0
  • Debian Linux 3.0.0
  • Debian Linux 3.0.0 alpha
  • Debian Linux 3.0.0 arm
  • Debian Linux 3.0.0 hppa
  • Debian Linux 3.0.0 ia-32
  • Debian Linux 3.0.0 ia-64
  • Debian Linux 3.0.0 m68k
  • Debian Linux 3.0.0 mips
  • Debian Linux 3.0.0 mipsel
  • Debian Linux 3.0.0 ppc
  • Debian Linux 3.0.0 s/390
  • Debian Linux 3.0.0 sparc
  • Devil-Linux Devil-Linux 1.0.4
  • Devil-Linux Devil-Linux 1.0.5
  • Easy Software Products CUPS 1.1.20
  • Gentoo Linux 1.2.0
  • Gentoo Linux 1.4.0
  • Linux kernel 2.4.0
  • Linux kernel 2.4.0 .0-test1
  • Linux kernel 2.4.0 .0-test10
  • Linux kernel 2.4.0 .0-test11
  • Linux kernel 2.4.0 .0-test12
  • Linux kernel 2.4.0 .0-test2
  • Linux kernel 2.4.0 .0-test3
  • Linux kernel 2.4.0 .0-test4
  • Linux kernel 2.4.0 .0-test5
  • Linux kernel 2.4.0 .0-test6
  • Linux kernel 2.4.0 .0-test7
  • Linux kernel 2.4.0 .0-test8
  • Linux kernel 2.4.0 .0-test9
  • Linux kernel 2.4.1
  • Linux kernel 2.4.10
  • Linux kernel 2.4.11
  • Linux kernel 2.4.12
  • Linux kernel 2.4.13
  • Linux kernel 2.4.14
  • Linux kernel 2.4.15
  • Linux kernel 2.4.16
  • Linux kernel 2.4.17
  • Linux kernel 2.4.18
  • Linux kernel 2.4.18 pre-1
  • Linux kernel 2.4.18 pre-2
  • Linux kernel 2.4.18 pre-3
  • Linux kernel 2.4.18 pre-4
  • Linux kernel 2.4.18 pre-5
  • Linux kernel 2.4.18 pre-6
  • Linux kernel 2.4.18 pre-7
  • Linux kernel 2.4.18 pre-8
  • Linux kernel 2.4.18 x86
  • Linux kernel 2.4.19
  • Linux kernel 2.4.19 -pre1
  • Linux kernel 2.4.19 -pre2
  • Linux kernel 2.4.19 -pre3
  • Linux kernel 2.4.19 -pre4
  • Linux kernel 2.4.19 -pre5
  • Linux kernel 2.4.19 -pre6
  • Linux kernel 2.4.2
  • Linux kernel 2.4.20
  • Linux kernel 2.4.21
  • Linux kernel 2.4.21 pre1
  • Linux kernel 2.4.21 pre4
  • Linux kernel 2.4.21 pre7
  • Linux kernel 2.4.22
  • Linux kernel 2.4.23
  • Linux kernel 2.4.23 -ow2
  • Linux kernel 2.4.23 -pre9
  • Linux kernel 2.4.24
  • Linux kernel 2.4.24 -ow1
  • Linux kernel 2.4.25
  • Linux kernel 2.4.26
  • Linux kernel 2.4.27
  • Linux kernel 2.4.27 -pre1
  • Linux kernel 2.4.27 -pre2
  • Linux kernel 2.4.27 -pre3
  • Linux kernel 2.4.27 -pre4
  • Linux kernel 2.4.27 -pre5
  • Linux kernel 2.4.3
  • Linux kernel 2.4.4
  • Linux kernel 2.4.5
  • Linux kernel 2.4.6
  • Linux kernel 2.4.7
  • Linux kernel 2.4.8
  • Linux kernel 2.4.9
  • Linux kernel 2.6.0
  • Linux kernel 2.6.0 -test1
  • Linux kernel 2.6.0 -test10
  • Linux kernel 2.6.0 -test11
  • Linux kernel 2.6.0 -test2
  • Linux kernel 2.6.0 -test3
  • Linux kernel 2.6.0 -test4
  • Linux kernel 2.6.0 -test5
  • Linux kernel 2.6.0 -test6
  • Linux kernel 2.6.0 -test7
  • Linux kernel 2.6.0 -test8
  • Linux kernel 2.6.0 -test9
  • Linux kernel 2.6.0 -test9-CVS
  • Linux kernel 2.6.1
  • Linux kernel 2.6.1 -rc1
  • Linux kernel 2.6.1 -rc2
  • Linux kernel 2.6.2
  • Linux kernel 2.6.3
  • Linux kernel 2.6.4
  • Linux kernel 2.6.5
  • Linux kernel 2.6.6
  • Linux kernel 2.6.6 rc1
  • Linux kernel 2.6.7
  • Linux kernel 2.6.7 rc1
  • Linux kernel 2.6.8
  • Linux kernel 2.6.8 rc1
  • Linux kernel 2.6.8 rc2
  • Linux kernel 2.6.8 rc3
  • Linux kernel 2.6.9
  • MandrakeSoft Corporate Server 2.1.0
  • MandrakeSoft Corporate Server 2.1.0 x86_64
  • MandrakeSoft Corporate Server 3.0.0
  • MandrakeSoft Linux Mandrake 10.0.0
  • MandrakeSoft Linux Mandrake 10.0.0 amd64
  • MandrakeSoft Linux Mandrake 10.1.0
  • MandrakeSoft Linux Mandrake 10.1.0 x86_64
  • MandrakeSoft Linux Mandrake 8.0.0
  • MandrakeSoft Linux Mandrake 8.0.0 ppc
  • MandrakeSoft Linux Mandrake 8.1.0
  • MandrakeSoft Linux Mandrake 8.2.0
  • MandrakeSoft Linux Mandrake 9.0.0
  • MandrakeSoft Linux Mandrake 9.1.0
  • MandrakeSoft Linux Mandrake 9.1.0 ppc
  • MandrakeSoft Linux Mandrake 9.2.0
  • MandrakeSoft Linux Mandrake 9.2.0 amd64
  • MandrakeSoft Multi Network Firewall 2.0.0
  • RedHat Advanced Workstation for the Itanium Processor 2.1.0
  • RedHat Advanced Workstation for the Itanium Processor 2.1.0 IA64
  • RedHat Desktop 3.0.0
  • RedHat Enterprise Linux AS 2.1
  • RedHat Enterprise Linux AS 2.1 IA64
  • RedHat Enterprise Linux AS 3
  • RedHat Enterprise Linux ES 2.1
  • RedHat Enterprise Linux ES 2.1 IA64
  • RedHat Enterprise Linux ES 3
  • RedHat Enterprise Linux WS 2.1
  • RedHat Enterprise Linux WS 2.1 IA64
  • RedHat Enterprise Linux WS 3
  • RedHat Fedora Core1
  • RedHat Fedora Core2
  • RedHat Fedora Core3
  • RedHat Linux 7.1.0
  • RedHat Linux 7.1.0 alpha
  • RedHat Linux 7.1.0 i386
  • RedHat Linux 7.1.0 ia64
  • RedHat Linux 7.2.0
  • RedHat Linux 7.2.0 alpha
  • RedHat Linux 7.2.0 i386
  • RedHat Linux 7.2.0 ia64
  • RedHat Linux 7.3.0
  • RedHat Linux 7.3.0 i386
  • RedHat Linux 8.0.0
  • RedHat Linux 9.0.0 i386
  • S.u.S.E. Linux 7.1.0
  • S.u.S.E. Linux 7.2.0
  • S.u.S.E. Linux 7.3.0
  • S.u.S.E. Linux 8.0.0
  • S.u.S.E. Linux 8.1.0
  • S.u.S.E. Linux Connectivity Server
  • S.u.S.E. Linux Database Server
  • S.u.S.E. Linux Desktop 1.0.0
  • S.u.S.E. Linux Enterprise Server 7
  • S.u.S.E. Linux Enterprise Server 8
  • S.u.S.E. Linux Enterprise Server 9
  • S.u.S.E. Linux Firewall on CD
  • S.u.S.E. Linux Office Server
  • S.u.S.E. Linux Openexchange Server
  • S.u.S.E. Linux Personal 8.2.0
  • S.u.S.E. Linux Personal 9.0.0
  • S.u.S.E. Linux Personal 9.0.0 x86_64
  • S.u.S.E. Linux Personal 9.1.0
  • S.u.S.E. Linux Personal 9.1.0 x86_64
  • S.u.S.E. Linux Personal 9.2.0
  • S.u.S.E. Linux Personal 9.2.0 x86_64
  • S.u.S.E. Novell Linux Desktop 9.0.0
  • S.u.S.E. SuSE eMail Server 3.1.0
  • S.u.S.E. SuSE eMail Server III
  • Slackware Linux -current
  • Slackware Linux 8.0.0
  • Slackware Linux 9.0.0
  • Slackware Linux 9.1.0
  • Sun Cobalt RaQ 550
  • Sun Linux 5.0.0
  • Sun Linux 5.0.3
  • Sun Linux 5.0.5
  • Trustix Secure Enterprise Linux 2.0.0
  • Trustix Secure Linux 1.5.0
  • Trustix Secure Linux 2.0.0
  • Trustix Secure Linux 2.1.0
  • Trustix Secure Linux 2.2.0
  • Turbolinux Turbolinux Server 7.0.0
  • Turbolinux Turbolinux Server 8.0.0
  • Turbolinux Turbolinux Workstation 7.0.0
  • Turbolinux Turbolinux Workstation 8.0.0
  • Ubuntu Ubuntu Linux 4.1.0 ia32
  • Ubuntu Ubuntu Linux 4.1.0 ia64
  • Ubuntu Ubuntu Linux 4.1.0 ppc
  • WOLK WOLK 4.4.0 s
  • Xpdf Xpdf 3.0.0 0
  • libpng libpng 1.0.15
  • libpng libpng3 1.2.5

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.