USN-793-1: Linux kernel vulnerabilities
2 July 2009
linux, linux-source-2.6.15 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
Software Description
- linux
- linux-source-2.6.15
Details
Igor Zhbanov discovered that NFS clients were able to create device nodes even when root_squash was enabled. An authenticated remote attacker could create device nodes with open permissions, leading to a loss of privacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1072)
Dan Carpenter discovered that SELinux did not correctly handle certain network checks when running with compat_net=1. A local attacker could exploit this to bypass network checks. Default Ubuntu installations do not enable SELinux, and only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1184)
Shaohua Li discovered that memory was not correctly initialized in the AGP subsystem. A local attacker could potentially read kernel memory, leading to a loss of privacy. (CVE-2009-1192)
Benjamin Gilbert discovered that the VMX implementation of KVM did not correctly handle certain registers. An attacker in a guest VM could exploit this to cause a host system crash, leading to a denial of service. This only affected 32bit hosts. Ubuntu 6.06 was not affected. (CVE-2009-1242)
Thomas Pollet discovered that the Amateur Radio X.25 Packet Layer Protocol did not correctly validate certain fields. A remote attacker could exploit this to read kernel memory, leading to a loss of privacy. (CVE-2009-1265)
Trond Myklebust discovered that NFS did not correctly handle certain long filenames. An authenticated remote attacker could exploit this to cause a system crash, leading to a denial of service. Only Ubuntu 6.06 was affected. (CVE-2009-1336)
Oleg Nesterov discovered that the kernel did not correctly handle CAP_KILL. A local user could exploit this to send signals to arbitrary processes, leading to a denial of service. (CVE-2009-1337)
Daniel Hokka Zakrisson discovered that signal handling was not correctly limited to process namespaces. A local user could bypass namespace restrictions, possibly leading to a denial of service. Only Ubuntu 8.04 was affected. (CVE-2009-1338)
Pavel Emelyanov discovered that network namespace support for IPv6 was not correctly handled. A remote attacker could send specially crafted IPv6 traffic that would cause a system crash, leading to a denial of service. Only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1360)
Neil Horman discovered that the e1000 network driver did not correctly validate certain fields. A remote attacker could send a specially crafted packet that would cause a system crash, leading to a denial of service. (CVE-2009-1385)
Pavan Naregundi discovered that CIFS did not correctly check lengths when handling certain mount requests. A remote attacker could send specially crafted traffic to cause a system crash, leading to a denial of service. (CVE-2009-1439)
Simon Vallet and Frank Filz discovered that execute permissions were not correctly handled by NFSv4. A local user could bypass permissions and run restricted programs, possibly leading to an escalation of privileges. (CVE-2009-1630)
Jeff Layton and Suresh Jayaraman discovered buffer overflows in the CIFS client code. A malicious remote server could exploit this to cause a system crash or execute arbitrary code as root. (CVE-2009-1633)
Mikulas Patocka discovered that /proc/iomem was not correctly initialized on Sparc. A local attacker could use this file to crash the system, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-1914)
Miklos Szeredi discovered that OCFS2 did not correctly handle certain splice operations. A local attacker could exploit this to cause a system hang, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-1961)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 9.04
- linux-image-2.6.28-13-generic - 2.6.28-13.45
- linux-image-2.6.28-13-imx51 - 2.6.28-13.45
- linux-image-2.6.28-13-iop32x - 2.6.28-13.45
- linux-image-2.6.28-13-ixp4xx - 2.6.28-13.45
- linux-image-2.6.28-13-lpia - 2.6.28-13.45
- linux-image-2.6.28-13-server - 2.6.28-13.45
- linux-image-2.6.28-13-versatile - 2.6.28-13.45
- linux-image-2.6.28-13-virtual - 2.6.28-13.45
- Ubuntu 8.10
- linux-image-2.6.27-14-generic - 2.6.27-14.35
- linux-image-2.6.27-14-server - 2.6.27-14.35
- linux-image-2.6.27-14-virtual - 2.6.27-14.35
- Ubuntu 8.04 LTS
- linux-image-2.6.24-24-386 - 2.6.24-24.55
- linux-image-2.6.24-24-generic - 2.6.24-24.55
- linux-image-2.6.24-24-hppa32 - 2.6.24-24.55
- linux-image-2.6.24-24-hppa64 - 2.6.24-24.55
- linux-image-2.6.24-24-itanium - 2.6.24-24.55
- linux-image-2.6.24-24-lpia - 2.6.24-24.55
- linux-image-2.6.24-24-lpiacompat - 2.6.24-24.55
- linux-image-2.6.24-24-mckinley - 2.6.24-24.55
- linux-image-2.6.24-24-openvz - 2.6.24-24.55
- linux-image-2.6.24-24-powerpc - 2.6.24-24.55
- linux-image-2.6.24-24-powerpc-smp - 2.6.24-24.55
- linux-image-2.6.24-24-powerpc64-smp - 2.6.24-24.55
- linux-image-2.6.24-24-rt - 2.6.24-24.55
- linux-image-2.6.24-24-server - 2.6.24-24.55
- linux-image-2.6.24-24-sparc64 - 2.6.24-24.55
- linux-image-2.6.24-24-sparc64-smp - 2.6.24-24.55
- linux-image-2.6.24-24-virtual - 2.6.24-24.55
- linux-image-2.6.24-24-xen - 2.6.24-24.55
- Ubuntu 6.06 LTS
- linux-image-2.6.15-54-386 - 2.6.15-54.77
- linux-image-2.6.15-54-686 - 2.6.15-54.77
- linux-image-2.6.15-54-amd64-generic - 2.6.15-54.77
- linux-image-2.6.15-54-amd64-k8 - 2.6.15-54.77
- linux-image-2.6.15-54-amd64-server - 2.6.15-54.77
- linux-image-2.6.15-54-amd64-xeon - 2.6.15-54.77
- linux-image-2.6.15-54-hppa32 - 2.6.15-54.77
- linux-image-2.6.15-54-hppa32-smp - 2.6.15-54.77
- linux-image-2.6.15-54-hppa64 - 2.6.15-54.77
- linux-image-2.6.15-54-hppa64-smp - 2.6.15-54.77
- linux-image-2.6.15-54-itanium - 2.6.15-54.77
- linux-image-2.6.15-54-itanium-smp - 2.6.15-54.77
- linux-image-2.6.15-54-k7 - 2.6.15-54.77
- linux-image-2.6.15-54-mckinley - 2.6.15-54.77
- linux-image-2.6.15-54-mckinley-smp - 2.6.15-54.77
- linux-image-2.6.15-54-powerpc - 2.6.15-54.77
- linux-image-2.6.15-54-powerpc-smp - 2.6.15-54.77
- linux-image-2.6.15-54-powerpc64-smp - 2.6.15-54.77
- linux-image-2.6.15-54-server - 2.6.15-54.77
- linux-image-2.6.15-54-server-bigiron - 2.6.15-54.77
- linux-image-2.6.15-54-sparc64 - 2.6.15-54.77
- linux-image-2.6.15-54-sparc64-smp - 2.6.15-54.77
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to reboot your computer to effect the necessary changes.
ATTENTION: Due to an unavoidable ABI change for Ubuntu 8.04, 8.10 and 9.04 the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well.