|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
    Vol. 2, Feb 2012
    Vol. 1, Oct 2011
    World CERTs
    Email Abuse
 
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 
 
 


   
 

CERT-MU AD-2009-15

Multiple Vulnerabilities in Linux Kernel

Original issue date: 30 September, 2009

Overview

Multiple vulnerabilities has been reported in Linux Kernel, which could allow attackers to potentially gain escalated privileges, cause Denial of Service conditions or execution of an arbitrary code.

Description

  • 'find_ie()' Function Remote Denial of Service Vulnerability

    This vulnerability is caused due to an Integer signedness error when processing malformed packets in the "find_ie" [net/wireless/scan.c] function in the cfg80211 subsystem in the Linux kernel before 2.6.31.1-rc1. A remote attacker could exploit this vulnerability by sending specially crafted packets to trigger an infinite loop causes denial of service condition.

    Note: This issue does not affect versions prior to 2.6.30.

  • 'perf_counter_open()' Local Buffer Overflow Vulnerability

    This vulnerability is caused by improper updation of domain name within the collapsed address bar, which could cause the previous domain to be shown instead of the domain of the present site.This could be exploited by remote attackers to spoof URLs.

    Note: This issue does not affect versions prior to 2.6.31.

  • 'O_EXCL' NFSv4 Privilege Escalation Vulnerability

    This vulnerability is caused due to improper clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits in the Linux kernel before 2.6.19-rc6. An attacker could exploit this vulnerability to execute an arbitrary code with the elevated privileges.
Software Affected

  • Linux Kernel versions 2.6.x

Impact

Severity Rating: Medium

Solution

Apply appropriate patches or Update to kernel version 2.6.31.1
http://www.kernel.org/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

kernel.org
http://www.kernel.org/

CVE Name

CVE-2009-3234
CVE-2009-3280
CVE-2009-3286

References

kernel.org
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fcc6cb0c13555e78c2d47257b6d1b5e59b0c419a
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=81ac95c5

Redhat
https://bugzilla.redhat.com/show_bug.cgi?id=524520

Openwall
http://www.openwall.com/lists/oss-security/2009/09/16/1
http://www.openwall.com/lists/oss-security/2009/09/21/2
http://www.openwall.com/lists/oss-security/2009/09/17/13

Secunia
http://secunia.com/advisories/36763/

SecurityFocus
http://www.securityfocus.com/bid/36423 http://www.securityfocus.com/bid/36472 http://www.securityfocus.com/bid/36421

VUPEN
http://www.vupen.com/english/advisories/2009/2690

Juniper
http://www.juniper.net/security/auto/vulnerabilities/vuln36421.html

 
 
News & Events
Safer Internet Day 2012
Computer Security Day 2011
Workshop on Cloud Security
Workshop on Mobile Security
Certificate Award Ceremony for Trainings in Information Security Management
  more...
 
Virus Alerts
RSS Feed
Subscribe Mailing List
 
 
 

Last Updated 20-Jul-2011
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +