|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
    Vol. 2, Feb 2012
    Vol. 1, Oct 2011
    World CERTs
    Email Abuse
 
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 
 
 


   
 

CERT-MU AD-2010-4

Linux Kernel Multiple Vulnerabilities

Original issue date: 11 March, 2010

Overview

Multiple vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a Denial of Service, disclose potentially sensitive information, manipulate certain data, bypass certain security issues, and gain escalated privileges.

Description

  • Linuxkernel 'print_fatal_signal' function Local Denial of Service Vulnerability
    This information leakage vulnerability occurs when print-fatal-signals is enabled, (disabled by default)and allows dumping any memoryreachable by the kernel to the log by simply jumping to that address from user space is possible.

  • Linux Kernel Local ebtables Rules Manipulation Vulnerability
    This vulnerability is due to the improper restrictions on valid users with CAP_NET_ADMIN capability by the do_ebt_set_ctl() and do_ebt_get_ctl() functions in ebtables modules inthe netfilter subsystem (net/bridge/netfilter/ebtables.c). By modifying the ebtables application local users can bypass access restrictions and configure arbitrary network traffic filtering.

  • Linux Kernel 'mmap()' and 'mremap()' Denial Of Service Vulnerabilities
    This vulnerability exists in the mmap/mremap function when mapping memory addresses leading to denial of service condition or privilege escalation.
Software Affected

  • Linux Kernel versions 2.6.32.x

Impact

Severity Rating: Medium

Solution

Upgrade to Kernel version 2.6.33
http://www.kernel.org/

Or apply appropriate patches from the concerned vendors :

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

Kernel.org
http://www.kernel.org/

CVE Name

CVE-2010-0003
CVE-2010-0007
CVE-2010-0291

References

Kernel.org
http://www.kernel.org/

SecurityFocus
http://www.securityfocus.com/bid/37906 http://www.securityfocus.com/bid/38027 http://www.securityfocus.com/bid/38058 http://www.securityfocus.com/bid/37762

Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=556703 https://bugzilla.redhat.com/show_bug.cgi?id=555238 https://bugzilla.redhat.com/show_bug.cgi?id=554578 https://bugzilla.redhat.com/show_bug.cgi?id=560547 https://bugzilla.redhat.com/show_bug.cgi?id=561682

Debian
http://www.debian.org/security/2010/dsa-1996

  
 
News & Events
Safer Internet Day 2012
Computer Security Day 2011
Workshop on Cloud Security
Workshop on Mobile Security
Certificate Award Ceremony for Trainings in Information Security Management
  more...
 
Virus Alerts
RSS Feed
Subscribe Mailing List
 
 
 

Last Updated 20-Jul-2011
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +
09-Jul-2011