You are not logged in.

#1 2006-01-20 11:41:44

codemac
Member
From: Cliche Tech Place
Registered: 2005-05-13
Posts: 794
Website

Risky Kernel Vulnerability

http://www.frsirt.com/english/advisories/2006/0220

Advisory ID : FrSIRT/ADV-2006-0220
CVE ID : CVE-2006-0035 - CVE-2006-0036 - CVE-2006-0037
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-01-16

Technical Description

Multiple vulnerabilities were identified in Linux Kernel, which could be exploited by remote or local attackers to cause a denial of service.

The first issue is due to an infinite loop in the "netlink_rcv_skb" [af_netlink.c] function when handling a specially crafted "nlmsg_len" value, which could be exploited by local attackers to cause a denial of service.

The second flaw is due to an error in the PPTP NAT helper that does not properly calculate the offset when handling an inbound "PPTP_IN_CALL_REQUEST" packet, which could be exploited by attackers to crash a vulnerable system.

The third vulnerability is due to an error in the PPTP NAT helper that does not properly calculate the offset based on the difference between two pointers to the header, which could be exploited by attackers to cause a kernel crash.

Affected Products

Linux Kernel version 2.6.15 and prior

Solution

Upgrade to Linux Kernel 2.6.15.1 :
http://www.kernel.org/

References

http://www.frsirt.com/english/advisories/2006/0220
http://www.kernel.org/pub/linux/kernel/ … g-2.6.15.1

Credits

Vulnerabilities reported by Martin Murray and the vendor

ChangeLog

2006-01-16 : Initial release

Seems scary to me.

Offline

#2 2006-01-20 11:56:59

Gullible Jones
Member
Registered: 2004-12-29
Posts: 4,863

Re: Risky Kernel Vulnerability

Yep, I posted a bug report on that yesterday. The upgrade will come quite soon.

Offline

#3 2006-01-20 13:23:54

iphitus
Forum Fellow
From: Melbourne, Australia
Registered: 2004-10-09
Posts: 4,927

Re: Risky Kernel Vulnerability

ArchCK already has this (fixed).

Offline

#4 2006-01-20 18:51:16

codemac
Member
From: Cliche Tech Place
Registered: 2005-05-13
Posts: 794
Website

Re: Risky Kernel Vulnerability

Awesome.  Good to see how on top people are.  I just heard about it, and didn't see anyone talking about it around here.

Offline

#5 2006-01-22 10:15:29

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: Risky Kernel Vulnerability

I just ran pacman -Syu and the stock Kernel 2.6.15.1 is now in current and on the mirrors.


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#6 2006-01-22 21:07:42

mmccaskill
Member
From: NC
Registered: 2005-02-21
Posts: 163

Re: Risky Kernel Vulnerability

MS claims Windows is better than Linux. I'm sure MS is this fast about admitting security vulnerabilities, much less fixing them this fast.

Offline

Board footer

Powered by FluxBB