LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: multiple vulnerabilities

Package(s):linux, linux-source-2.6.15 CVE #(s):CVE-2009-3080 CVE-2009-3623 CVE-2009-3624 CVE-2009-3722 CVE-2009-3725 CVE-2009-3888 CVE-2009-4005 CVE-2009-4026 CVE-2009-4027
Created:December 7, 2009 Updated:March 21, 2011
Description:

From the Ubuntu advisory:

Dave Jones discovered that the gdth SCSI driver did not correctly validate array indexes in certain ioctl calls. A local attacker could exploit this to crash the system or gain elevated privileges. (CVE-2009-3080)

J. Bruce Fields discovered that NFSv4 did not correctly use the credential cache. A local attacker using a mount with AUTH_NULL authentication could exploit this to crash the system or gain root privileges. Only Ubuntu 9.10 was affected. (CVE-2009-3623)

Alexander Zangerl discovered that the kernel keyring did not correctly reference count. A local attacker could issue a series of specially crafted keyring calls to crash the system or gain root privileges. Only Ubuntu 9.10 was affected. (CVE-2009-3624)

Avi Kivity discovered that KVM did not correctly check privileges when accessing debug registers. A local attacker could exploit this to crash a host system from within a guest system, leading to a denial of service. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3722)

Philip Reisner discovered that the connector layer for uvesafb, pohmelfs, dst, and dm did not correctly check capabilties. A local attacker could exploit this to crash the system or gain elevated privileges. Ubuntu 6.06 was not affected. (CVE-2009-3725)

Robin Getz discovered that NOMMU systems did not correctly validate NULL pointers in do_mmap_pgoff calls. A local attacker could attempt to allocate large amounts of memory to crash the system, leading to a denial of service. Only Ubuntu 6.06 and 9.10 were affected. (CVE-2009-3888)

Roel Kluin discovered that the Hisax ISDN driver did not correctly check the size of packets. A remote attacker could send specially crafted packets to cause a system crash, leading to a denial of service. (CVE-2009-4005)

Lennert Buytenhek discovered that certain 802.11 states were not handled correctly. A physically-proximate remote attacker could send specially crafted wireless traffic that would crash the system, leading to a denial of service. Only Ubuntu 9.10 was affected. (CVE-2009-4026, CVE-2009-4027)

Alerts:
Mandriva MDVSA-2011:051 2011-03-18
Red Hat RHSA-2010:0882-01 2010-11-12
Mandriva MDVSA-2010:198 2010-10-07
Mandriva MDVSA-2010:188 2010-09-23
Red Hat RHSA-2010:0380-01 2010-04-27
Red Hat RHSA-2010:0178-02 2010-03-30
Debian DSA-2012-1 2010-03-11
Red Hat RHSA-2010:0041-01 2010-01-21
Debian DSA-2004-1 2010-02-27
Debian DSA-2003-1 2010-02-22
SuSE SUSE-SA:2010:013 2010-02-18
Mandriva MDVSA-2010:034-1 2010-02-18
Debian DSA-1996-1 2010-02-12
CentOS CESA-2010:0046 2010-01-20
Red Hat RHSA-2010:0046-01 2010-01-19
SuSE SUSE-SA:2010:005 2010-01-15
Mandriva MDVSA-2010:034-2 2010-02-18
Mandriva MDVSA-2010:034 2010-02-08
CentOS CESA-2010:0076 2010-02-04
SuSE SUSE-SA:2010:001 2010-01-07
Debian DSA-1962 2009-12-23
Mandriva MDVSA-2010:030 2009-01-01
SuSE SUSE-SA:2009:064 2009-12-22
SuSE SUSE-SA:2009:061 2009-12-14
Fedora FEDORA-2009-13098 2009-12-11
Ubuntu USN-864-1 2009-12-05
CentOS CESA-2010:0126 2010-03-02
Red Hat RHSA-2010:0126-01 2010-03-01
Red Hat RHSA-2010:0076-01 2010-02-02
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds