USN-263-1: Linux kernel vulnerabilities

13 March 2006

linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 5.10
• Ubuntu 5.04
• Ubuntu 4.10

Software Description

Details

A flaw was found in the module reference counting for loadable protocol modules of netfilter. By performing particular socket operations, a local attacker could exploit this to crash the kernel. This flaw only affects Ubuntu 5.10. (CVE-2005-3359)

David Howells noticed a race condition in the add_key(), request_key() and keyctl() functions. By modifying the length of string arguments after the kernel determined their length, but before the kernel copied them into kernel memory, a local attacker could either crash the kernel or read random parts of kernel memory (which could potentially contain sensitive data). (CVE-2006-0457)

An information disclosure vulnerability was discovered in the ftruncate() function for the XFS file system. Under certain conditions, this function could expose random unallocated blocks. A local user could potentially exploit this to recover sensitive data from previously deleted files. (CVE-2006-0554)

A local Denial of Service vulnerability was found in the NFS client module. By opening a file on an NFS share with O_DIRECT and performing some special operations on it, a local attacker could trigger a kernel crash. (CVE-2006-0555)

The ELF binary loader did not sufficiently verify some addresses in the ELF headers. By attempting to execute a specially crafted program, a local attacker could exploit this to trigger a recursive loop of kernel errors, which finally ended in a kernel crash. This only affects the amd64 architecture on Intel processors (EMT64). (CVE-2006-0741)

The die_if_kernel() function was incorrectly declared as “does never return” on the ia64 platform. A local attacker could exploit this to crash the kernel. Please note that ia64 is not an officially supported platform. (CVE-2006-0742)

Oleg Nesterov discovered a race condition in the signal handling. On multiprocessor (SMP) machines, a local attacker could exploit this to create many unkillable processes, which could eventually lead to a Denial of Service.

A memory leak was discovered in the handling of files which were opened with the O_DIRECT flag. By repeatedly opening files in a special way, a local attacker could eventually drain all available kernel memory and render the machine unusable. This flaw only affects Ubuntu 4.10. (http://linux.bkbits.net:8080/linux-2.6/cset%404182a613oVsK0-8eCWpyYFrUf8rhLA)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10

linux-image-2.6.10-6-386

linux-image-2.6.10-6-686

linux-image-2.6.10-6-686-smp

linux-image-2.6.10-6-amd64-generic

linux-image-2.6.10-6-amd64-k8

linux-image-2.6.10-6-amd64-k8-smp

linux-image-2.6.10-6-amd64-xeon

linux-image-2.6.10-6-itanium

linux-image-2.6.10-6-itanium-smp

linux-image-2.6.10-6-k7

linux-image-2.6.10-6-k7-smp

linux-image-2.6.10-6-mckinley

linux-image-2.6.10-6-mckinley-smp

linux-image-2.6.10-6-power3

linux-image-2.6.10-6-power3-smp

linux-image-2.6.10-6-power4

linux-image-2.6.10-6-power4-smp

linux-image-2.6.10-6-powerpc

linux-image-2.6.10-6-powerpc-smp

linux-image-2.6.12-10-386

linux-image-2.6.12-10-686

linux-image-2.6.12-10-686-smp

linux-image-2.6.12-10-amd64-generic

linux-image-2.6.12-10-amd64-k8

linux-image-2.6.12-10-amd64-k8-smp

linux-image-2.6.12-10-amd64-xeon

linux-image-2.6.12-10-iseries-smp

linux-image-2.6.12-10-itanium

linux-image-2.6.12-10-itanium-smp

linux-image-2.6.12-10-k7

linux-image-2.6.12-10-k7-smp

linux-image-2.6.12-10-mckinley

linux-image-2.6.12-10-mckinley-smp

linux-image-2.6.12-10-powerpc

linux-image-2.6.12-10-powerpc-smp

linux-image-2.6.12-10-powerpc64-smp

linux-image-2.6.8.1-6-386

linux-image-2.6.8.1-6-686

linux-image-2.6.8.1-6-686-smp

linux-image-2.6.8.1-6-amd64-generic

linux-image-2.6.8.1-6-amd64-k8

linux-image-2.6.8.1-6-amd64-k8-smp

linux-image-2.6.8.1-6-amd64-xeon

linux-image-2.6.8.1-6-k7

linux-image-2.6.8.1-6-k7-smp

linux-image-2.6.8.1-6-power3

linux-image-2.6.8.1-6-power3-smp

linux-image-2.6.8.1-6-power4

linux-image-2.6.8.1-6-power4-smp

linux-image-2.6.8.1-6-powerpc

linux-image-2.6.8.1-6-powerpc-smp

linux-patch-debian-2.6.8.1

linux-patch-ubuntu-2.6.10

linux-patch-ubuntu-2.6.12

Ubuntu 5.04

linux-image-2.6.10-6-386

linux-image-2.6.10-6-686

linux-image-2.6.10-6-686-smp

linux-image-2.6.10-6-amd64-generic

linux-image-2.6.10-6-amd64-k8

linux-image-2.6.10-6-amd64-k8-smp

linux-image-2.6.10-6-amd64-xeon

linux-image-2.6.10-6-itanium

linux-image-2.6.10-6-itanium-smp

linux-image-2.6.10-6-k7

linux-image-2.6.10-6-k7-smp

linux-image-2.6.10-6-mckinley

linux-image-2.6.10-6-mckinley-smp

linux-image-2.6.10-6-power3

linux-image-2.6.10-6-power3-smp

linux-image-2.6.10-6-power4

linux-image-2.6.10-6-power4-smp

linux-image-2.6.10-6-powerpc

linux-image-2.6.10-6-powerpc-smp

linux-image-2.6.12-10-386

linux-image-2.6.12-10-686

linux-image-2.6.12-10-686-smp

linux-image-2.6.12-10-amd64-generic

linux-image-2.6.12-10-amd64-k8

linux-image-2.6.12-10-amd64-k8-smp

linux-image-2.6.12-10-amd64-xeon

linux-image-2.6.12-10-iseries-smp

linux-image-2.6.12-10-itanium

linux-image-2.6.12-10-itanium-smp

linux-image-2.6.12-10-k7

linux-image-2.6.12-10-k7-smp

linux-image-2.6.12-10-mckinley

linux-image-2.6.12-10-mckinley-smp

linux-image-2.6.12-10-powerpc

linux-image-2.6.12-10-powerpc-smp

linux-image-2.6.12-10-powerpc64-smp

linux-image-2.6.8.1-6-386

linux-image-2.6.8.1-6-686

linux-image-2.6.8.1-6-686-smp

linux-image-2.6.8.1-6-amd64-generic

linux-image-2.6.8.1-6-amd64-k8

linux-image-2.6.8.1-6-amd64-k8-smp

linux-image-2.6.8.1-6-amd64-xeon

linux-image-2.6.8.1-6-k7

linux-image-2.6.8.1-6-k7-smp

linux-image-2.6.8.1-6-power3

linux-image-2.6.8.1-6-power3-smp

linux-image-2.6.8.1-6-power4

linux-image-2.6.8.1-6-power4-smp

linux-image-2.6.8.1-6-powerpc

linux-image-2.6.8.1-6-powerpc-smp

linux-patch-debian-2.6.8.1

linux-patch-ubuntu-2.6.10

linux-patch-ubuntu-2.6.12

Ubuntu 4.10

linux-image-2.6.10-6-386

linux-image-2.6.10-6-686

linux-image-2.6.10-6-686-smp

linux-image-2.6.10-6-amd64-generic

linux-image-2.6.10-6-amd64-k8

linux-image-2.6.10-6-amd64-k8-smp

linux-image-2.6.10-6-amd64-xeon

linux-image-2.6.10-6-itanium

linux-image-2.6.10-6-itanium-smp

linux-image-2.6.10-6-k7

linux-image-2.6.10-6-k7-smp

linux-image-2.6.10-6-mckinley

linux-image-2.6.10-6-mckinley-smp

linux-image-2.6.10-6-power3

linux-image-2.6.10-6-power3-smp

linux-image-2.6.10-6-power4

linux-image-2.6.10-6-power4-smp

linux-image-2.6.10-6-powerpc

linux-image-2.6.10-6-powerpc-smp

linux-image-2.6.12-10-386

linux-image-2.6.12-10-686

linux-image-2.6.12-10-686-smp

linux-image-2.6.12-10-amd64-generic

linux-image-2.6.12-10-amd64-k8

linux-image-2.6.12-10-amd64-k8-smp

linux-image-2.6.12-10-amd64-xeon

linux-image-2.6.12-10-iseries-smp

linux-image-2.6.12-10-itanium

linux-image-2.6.12-10-itanium-smp

linux-image-2.6.12-10-k7

linux-image-2.6.12-10-k7-smp

linux-image-2.6.12-10-mckinley

linux-image-2.6.12-10-mckinley-smp

linux-image-2.6.12-10-powerpc

linux-image-2.6.12-10-powerpc-smp

linux-image-2.6.12-10-powerpc64-smp

linux-image-2.6.8.1-6-386

linux-image-2.6.8.1-6-686

linux-image-2.6.8.1-6-686-smp

linux-image-2.6.8.1-6-amd64-generic

linux-image-2.6.8.1-6-amd64-k8

linux-image-2.6.8.1-6-amd64-k8-smp

linux-image-2.6.8.1-6-amd64-xeon

linux-image-2.6.8.1-6-k7

linux-image-2.6.8.1-6-k7-smp

linux-image-2.6.8.1-6-power3

linux-image-2.6.8.1-6-power3-smp

linux-image-2.6.8.1-6-power4

linux-image-2.6.8.1-6-power4-smp

linux-image-2.6.8.1-6-powerpc

linux-image-2.6.8.1-6-powerpc-smp

linux-patch-debian-2.6.8.1

linux-patch-ubuntu-2.6.10

linux-patch-ubuntu-2.6.12

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References

• CVE-2005-3359
• CVE-2006-0457
• CVE-2006-0554
• CVE-2006-0555
• CVE-2006-0741
• CVE-2006-0742