• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Linux Kernel Multiple Security Vulnerabilities

Severity: MODERATE

Description:

Linux kernel is prone to multiple vulnerabilities. These issues may allow local and remote attackers to trigger denial-of-service conditions or to access sensitive kernel memory.

The following issues were identified:

- Denial-of-service vulnerability. An attacker calls the 'sys_set_mempolicy()' function with a negative value as the first argument.

- Denial-of-service vulnerability. Due to improper handling of shared-memory mappings with CLONE_VM. a local attacker can cause a crash by triggering a coredump after a thread carries out an 'exec()' system call. This vulnerability occurs because of a race condition.

- Denial-of-service vulnerability. A local attacker can force a coredump when a traced thread is in the 'TASK_TRACED' state. This vulnerability occurs because of a race condition: one thread is tracing another thread that shares the same memory map.

-Information-disclosure or denial-of-service vulnerability. The 'ioremap' module is prone to this issue. An attacker can carry out certain unspecified I/O mapping operations that can disclose memory or cause a crash. This issue affects only the amd64 architecture.

- Denial-of-service vulnerability. This issue affects the HFS and HFS+ filesystem drivers due to improper verification of the mounted filesystem. The application fails to properly verify whether the mounted filesystem really is HFS/HFS+. If users can mount arbitrary removable devices as HFS or HFS+ with an '/etc/fstab' entry, this issue could present a local denial-of-service threat.

- Denial-of-service vulnerability. The 'ebtables' netfilter module is affected by a race condition. A remote attacker could exploit this vulnerability by issuing specially crafted packets that cause an unspecified value to be changed after it is read but before being locked. This issue affects only multiprocessor machines (SMP).

- Denial-of-service vulnerability. The kernel's system call auditing code is affected by a memory leak that can result in a crash. An attacker can trigger a crash due to memory exhaustion on a kernel that has the 'CONFIG_AUDITSYSCALL' option enabled.

Linux kernel 2.6.x versions are known to be vulnerable at the moment. Other versions may be affected as well.

Affected Products:

• Avaya S8300 CM 3.1
• Avaya S8300 R2.0.0
• Avaya S8300 R2.0.1
• Avaya S8500
• Avaya S8500 CM 3.1
• Avaya S8500 R2.0.0
• Avaya S8500 R2.0.1
• Avaya S8700 CM 3.1
• Avaya S8700 R2.0.0
• Avaya S8700 R2.0.1
• Avaya S8710 CM 3.1
• Avaya S8710 R2.0.0
• Avaya S8710 R2.0.1
• Conectiva Linux 10.0.0
• Debian Linux 3.1.0
• Debian Linux 3.1.0 alpha
• Debian Linux 3.1.0 amd64
• Debian Linux 3.1.0 arm
• Debian Linux 3.1.0 hppa
• Debian Linux 3.1.0 ia-32
• Debian Linux 3.1.0 ia-64
• Debian Linux 3.1.0 m68k
• Debian Linux 3.1.0 mips
• Debian Linux 3.1.0 mipsel
• Debian Linux 3.1.0 ppc
• Debian Linux 3.1.0 s/390
• Debian Linux 3.1.0 sparc
• Linux kernel 2.4.19
• Linux kernel 2.4.21
• Linux kernel 2.6.0
• Linux kernel 2.6.0 -test1
• Linux kernel 2.6.0 -test10
• Linux kernel 2.6.0 -test11
• Linux kernel 2.6.0 -test2
• Linux kernel 2.6.0 -test3
• Linux kernel 2.6.0 -test4
• Linux kernel 2.6.0 -test5
• Linux kernel 2.6.0 -test6
• Linux kernel 2.6.0 -test7
• Linux kernel 2.6.0 -test8
• Linux kernel 2.6.0 -test9
• Linux kernel 2.6.0 -test9-CVS
• Linux kernel 2.6.0 .10
• Linux kernel 2.6.1
• Linux kernel 2.6.1 -rc1
• Linux kernel 2.6.1 -rc2
• Linux kernel 2.6.10
• Linux kernel 2.6.10 rc2
• Linux kernel 2.6.11
• Linux kernel 2.6.11 -rc2
• Linux kernel 2.6.11 -rc3
• Linux kernel 2.6.11 -rc4
• Linux kernel 2.6.11 .11
• Linux kernel 2.6.11 .5
• Linux kernel 2.6.11 .6
• Linux kernel 2.6.11 .7
• Linux kernel 2.6.11 .8
• Linux kernel 2.6.12 -rc1
• Linux kernel 2.6.12 -rc4
• Linux kernel 2.6.12 -rc5
• Linux kernel 2.6.12 .1
• Linux kernel 2.6.12 .2
• Linux kernel 2.6.12 .3
• Linux kernel 2.6.12 .4
• Linux kernel 2.6.12 .5
• Linux kernel 2.6.13
• Linux kernel 2.6.13 -rc1
• Linux kernel 2.6.13 -rc4
• Linux kernel 2.6.13 -rc6
• Linux kernel 2.6.13 -rc7
• Linux kernel 2.6.13 .1
• Linux kernel 2.6.13 .2
• Linux kernel 2.6.14 -rc2
• Linux kernel 2.6.2
• Linux kernel 2.6.3
• Linux kernel 2.6.4
• Linux kernel 2.6.5
• Linux kernel 2.6.6
• Linux kernel 2.6.6 rc1
• Linux kernel 2.6.7
• Linux kernel 2.6.7 rc1
• Linux kernel 2.6.8
• Linux kernel 2.6.8 rc1
• Linux kernel 2.6.8 rc2
• Linux kernel 2.6.8 rc3
• Linux kernel 2.6.9
• MandrakeSoft Corporate Server 3.0.0
• MandrakeSoft Corporate Server 3.0.0 x86_64
• MandrakeSoft Linux Mandrake 10.1.0
• MandrakeSoft Linux Mandrake 10.1.0 x86_64
• MandrakeSoft Linux Mandrake 10.2.0
• MandrakeSoft Linux Mandrake 10.2.0 x86_64
• MandrakeSoft Multi Network Firewall 2.0.0
• RedHat Desktop 3.0.0
• RedHat Desktop 4.0.0
• RedHat Enterprise Linux AS 3
• RedHat Enterprise Linux AS 4
• RedHat Enterprise Linux ES 3
• RedHat Enterprise Linux ES 4
• RedHat Enterprise Linux WS 3
• RedHat Enterprise Linux WS 4
• RedHat Fedora Core2
• RedHat Fedora Core3
• RedHat Fedora Core4
• S.u.S.E. Linux Desktop 1.0.0
• S.u.S.E. Linux Enterprise Server 8
• S.u.S.E. Linux Enterprise Server 9
• S.u.S.E. Linux Personal 9.0.0
• S.u.S.E. Linux Personal 9.0.0 x86_64
• S.u.S.E. Linux Personal 9.1.0
• S.u.S.E. Linux Personal 9.1.0 x86_64
• S.u.S.E. Linux Personal 9.2.0
• S.u.S.E. Linux Personal 9.2.0 x86_64
• S.u.S.E. Linux Personal 9.3.0
• S.u.S.E. Linux Personal 9.3.0 x86_64
• S.u.S.E. Linux Professional 9.0.0
• S.u.S.E. Linux Professional 9.0.0 x86_64
• S.u.S.E. Linux Professional 9.1.0
• S.u.S.E. Linux Professional 9.1.0 x86_64
• S.u.S.E. Linux Professional 9.2.0
• S.u.S.E. Linux Professional 9.2.0 x86_64
• S.u.S.E. Linux Professional 9.3.0
• S.u.S.E. Linux Professional 9.3.0 x86_64
• S.u.S.E. UnitedLinux 1.0.0
• Trustix Secure Enterprise Linux 2.0.0
• Trustix Secure Linux 2.2.0
• Trustix Secure Linux 3.0.0
• Ubuntu Ubuntu Linux 4.1.0 ia32
• Ubuntu Ubuntu Linux 4.1.0 ia64
• Ubuntu Ubuntu Linux 4.1.0 ppc
• Ubuntu Ubuntu Linux 5.0.0 4 amd64
• Ubuntu Ubuntu Linux 5.0.0 4 i386
• Ubuntu Ubuntu Linux 5.0.0 4 powerpc

References:

• Avaya: ASA-2006-180 - Updated kernel packages for Red Hat Enterprise Linux 3 Update 8 (
• BitKeeper: Changes for fs/exec.c@1.155
• BitKeeper: Changes for fs/exec.c@1.156
• BitKeeper: Changeset details for 1.3787.1.47
• Red Hat: RHSA-2006:0437-22 - Updated kernel packages for Red Hat Enterprise Linux 3 Updat
• RedHat: RHSA-2005:808-14 - kernel security update
• RedHat: RHSA-2006:0101-9 - kernel security update
• Steve Herrell <steve_herrell@ya...>: SMP/ebtables crash under load.
• kernel.org: [PATCH] hfs, hfsplus: don't leak s_fs_info and fix an oops
• kernel.org: [PATCH] x86_64: Don't look up struct page pointer of physical address in iounma

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.