Oval Definition:oval:org.mitre.oval:def:7532
Revision Date:2014-06-23Version:22
Title:DSA-2005 linux-2.6.24 -- privilege escalation/denial of service/sensitive memory leak
Description:NOTE: This kernel update marks the final planned kernel security update for the 2.6.24 kernel in the Debian release "etch". Although security support for "etch" officially ended on Feburary 15th, 2010, this update was already in preparation before that date. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Steve Beattie and Kees Cook reported an information leak in the maps and smaps files available under /proc. Local users may be able to read this data for setuid processes while the ELF binary is being loaded. Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. Dave Jones reported an issue in the gdth SCSI driver. A missing check for negative offsets in an ioctl call could be exploited by local users to create a denial of service or potentially gain elevated privileges. Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call. Joe Malicki discovered an issue in the megaraid_sas driver. Insufficient permissions on the sysfs dbg_lvl interface allow local users to modify the debug logging behavior. Roel Kluin discovered an issue in the hfc_usb driver, an ISDN driver for Colognechip HFC-S USB chip. A potential read overflow exists which may allow remote users to cause a denial of service condition. Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem. Anana V. Avati discovered an issue in the fuse subsystem. If the system is sufficiently low on memory, a local user can cause the kernel to dereference an invalid pointer resulting in a denial of service and potentially an escalation of privileges. Jay Fenlason discovered an issue in the firewire stack that allows local users to cause a denial of service by making a specially crafted ioctl call. Ted Ts’o discovered an issue in the ext4 filesystem that allows local users to cause a denial of service. For this to be exploitable, the local user must have sufficient privileges to mount a filesystem. Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted Ethernet frames. Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service or obtain elevated privileges. Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service. Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service or gain access to sensitive kernel memory. Jermome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service .
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-2691
CVE-2009-2695
CVE-2009-3080
CVE-2009-3726
CVE-2009-3889
CVE-2009-4005
CVE-2009-4020
CVE-2009-4021
CVE-2009-4138
CVE-2009-4308
CVE-2009-4536
CVE-2009-4538
CVE-2010-0003
CVE-2010-0007
CVE-2010-0291
CVE-2010-0410
CVE-2010-0415
CVE-2010-0622
DSA-2005
Platform(s):Debian GNU/Linux 4.0
Product(s):linux-2.6.24
Definition Synopsis
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • linux-patch-debian-2.6.24 is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-support-2.6.24-etchnhalf.1 is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-doc-2.6.24 is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-tree-2.6.24 is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-source-2.6.24 is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-manual-2.6.24 is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR Architecture dependent section
  • Installed architecture is s390
  • AND Packages section
  • linux-image-2.6.24-etchnhalf.1-s390x is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-s390 is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-all-s390 is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-image-2.6.24-etchnhalf.1-s390 is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-image-2.6.24-etchnhalf.1-s390-tape is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-all is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-common is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-s390x is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is amd64
  • OR Installed architecture is i386
  • AND Packages section
  • linux-headers-2.6.24-etchnhalf.1-amd64 is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-common is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-image-2.6.24-etchnhalf.1-amd64 is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-all is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR Supported platform section
  • Installed architecture is hppa
  • AND Packages section
  • linux-image-2.6.24-etchnhalf.1-parisc64 is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-image-2.6.24-etchnhalf.1-parisc-smp is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-parisc-smp is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-parisc64 is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-image-2.6.24-etchnhalf.1-parisc is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-all-hppa is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-image-2.6.24-etchnhalf.1-parisc64-smp is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-parisc64-smp is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-all is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-common is earlier than 2.6.24-6~etchnhalf.9etch3
  • OR linux-headers-2.6.24-etchnhalf.1-parisc is earlier than 2.6.24-6~etchnhalf.9etch3
  • BACK