rPath alert rPSA-2006-0122-2 (kernel)
| From: | "Justin M. Forbes" <jmforbes@rpath.com> | |
| To: | security-announce@lists.rpath.com, update-announce@lists.rpath.com | |
| Subject: | rPSA-2006-0122-2 kernel | |
| Date: | Thu, 13 Jul 2006 16:28:29 -0400 | |
| Cc: | full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net |
rPath Security Advisory: 2006-0122-2 Published: 2006-07-07 Updated: 2006-07-13 Upgraded to Critical status with additional information Products: rPath Linux 1 Rating: Critical Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: kernel=/conary.rpath.com@rpl:devel//1/2.6.16.24-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200... https://issues.rpath.com/browse/RPL-488 Description: Previous versions of the kernel package have two specific vulnerablities that are addressed in this version. The first vulnerability allows any local user to fill up file systems by causing core dumps to write to directories to which they do not have write access permissions, and on most systems (including any system that provides a generally-accessible "cron" or "at" service) to escalate to run arbitrary code as the root user. An exploit for this privilege escalation vulnerability is publically available and in active use. The second vulnerability applies only to systems using the SCTP protocol, which is not enabled by default, and the tools required to configure it (lksctp-tools) are not included in rPath Linux. This vulnerability, which cannot apply to systems without lksctp-tools installed, enables a remote denial of service attack in which specially-crafted packets can crash the system. A system reboot is required to make the update to resolve these vulnerabilities effective. rPath strongly recommends that all users apply this update.