Amazon Linux AMI update for kernel

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU43445

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-1833

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.

Mitigation

Update the affected packages:

i686:
    perf-2.6.35.14-97.44.amzn1.i686
    kernel-debuginfo-2.6.35.14-97.44.amzn1.i686
    kernel-debuginfo-common-i686-2.6.35.14-97.44.amzn1.i686
    kernel-headers-2.6.35.14-97.44.amzn1.i686
    kernel-2.6.35.14-97.44.amzn1.i686
    kernel-devel-2.6.35.14-97.44.amzn1.i686

noarch:
    kernel-doc-2.6.35.14-97.44.amzn1.noarch

src:
    kernel-2.6.35.14-97.44.amzn1.src

x86_64:
    kernel-2.6.35.14-97.44.amzn1.x86_64
    kernel-debuginfo-2.6.35.14-97.44.amzn1.x86_64
    kernel-headers-2.6.35.14-97.44.amzn1.x86_64
    kernel-debuginfo-common-x86_64-2.6.35.14-97.44.amzn1.x86_64
    perf-2.6.35.14-97.44.amzn1.x86_64
    kernel-devel-2.6.35.14-97.44.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2011-16.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU44753

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-2723

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic.

Mitigation

Update the affected packages:

i686:
    perf-2.6.35.14-97.44.amzn1.i686
    kernel-debuginfo-2.6.35.14-97.44.amzn1.i686
    kernel-debuginfo-common-i686-2.6.35.14-97.44.amzn1.i686
    kernel-headers-2.6.35.14-97.44.amzn1.i686
    kernel-2.6.35.14-97.44.amzn1.i686
    kernel-devel-2.6.35.14-97.44.amzn1.i686

noarch:
    kernel-doc-2.6.35.14-97.44.amzn1.noarch

src:
    kernel-2.6.35.14-97.44.amzn1.src

x86_64:
    kernel-2.6.35.14-97.44.amzn1.x86_64
    kernel-debuginfo-2.6.35.14-97.44.amzn1.x86_64
    kernel-headers-2.6.35.14-97.44.amzn1.x86_64
    kernel-debuginfo-common-x86_64-2.6.35.14-97.44.amzn1.x86_64
    perf-2.6.35.14-97.44.amzn1.x86_64
    kernel-devel-2.6.35.14-97.44.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2011-16.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU44029

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2011-2918

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: Yes

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.

Mitigation

Update the affected packages:

i686:
    perf-2.6.35.14-97.44.amzn1.i686
    kernel-debuginfo-2.6.35.14-97.44.amzn1.i686
    kernel-debuginfo-common-i686-2.6.35.14-97.44.amzn1.i686
    kernel-headers-2.6.35.14-97.44.amzn1.i686
    kernel-2.6.35.14-97.44.amzn1.i686
    kernel-devel-2.6.35.14-97.44.amzn1.i686

noarch:
    kernel-doc-2.6.35.14-97.44.amzn1.noarch

src:
    kernel-2.6.35.14-97.44.amzn1.src

x86_64:
    kernel-2.6.35.14-97.44.amzn1.x86_64
    kernel-debuginfo-2.6.35.14-97.44.amzn1.x86_64
    kernel-headers-2.6.35.14-97.44.amzn1.x86_64
    kernel-debuginfo-common-x86_64-2.6.35.14-97.44.amzn1.x86_64
    perf-2.6.35.14-97.44.amzn1.x86_64
    kernel-devel-2.6.35.14-97.44.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2011-16.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Input validation error

EUVDB-ID: #VU44030

Risk: High

CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2011-3188

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.

Mitigation

Update the affected packages:

i686:
    perf-2.6.35.14-97.44.amzn1.i686
    kernel-debuginfo-2.6.35.14-97.44.amzn1.i686
    kernel-debuginfo-common-i686-2.6.35.14-97.44.amzn1.i686
    kernel-headers-2.6.35.14-97.44.amzn1.i686
    kernel-2.6.35.14-97.44.amzn1.i686
    kernel-devel-2.6.35.14-97.44.amzn1.i686

noarch:
    kernel-doc-2.6.35.14-97.44.amzn1.noarch

src:
    kernel-2.6.35.14-97.44.amzn1.src

x86_64:
    kernel-2.6.35.14-97.44.amzn1.x86_64
    kernel-debuginfo-2.6.35.14-97.44.amzn1.x86_64
    kernel-headers-2.6.35.14-97.44.amzn1.x86_64
    kernel-debuginfo-common-x86_64-2.6.35.14-97.44.amzn1.x86_64
    perf-2.6.35.14-97.44.amzn1.x86_64
    kernel-devel-2.6.35.14-97.44.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2011-16.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU44031

Risk: High

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2011-3191

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.

Mitigation

Update the affected packages:

i686:
    perf-2.6.35.14-97.44.amzn1.i686
    kernel-debuginfo-2.6.35.14-97.44.amzn1.i686
    kernel-debuginfo-common-i686-2.6.35.14-97.44.amzn1.i686
    kernel-headers-2.6.35.14-97.44.amzn1.i686
    kernel-2.6.35.14-97.44.amzn1.i686
    kernel-devel-2.6.35.14-97.44.amzn1.i686

noarch:
    kernel-doc-2.6.35.14-97.44.amzn1.noarch

src:
    kernel-2.6.35.14-97.44.amzn1.src

x86_64:
    kernel-2.6.35.14-97.44.amzn1.x86_64
    kernel-debuginfo-2.6.35.14-97.44.amzn1.x86_64
    kernel-headers-2.6.35.14-97.44.amzn1.x86_64
    kernel-debuginfo-common-x86_64-2.6.35.14-97.44.amzn1.x86_64
    perf-2.6.35.14-97.44.amzn1.x86_64
    kernel-devel-2.6.35.14-97.44.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3

cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*

External links

https://alas.aws.amazon.com/ALAS-2011-16.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	High
Patch available	YES
Number of vulnerabilities	5
CVE-ID	CVE-2011-1833 CVE-2011-2723 CVE-2011-2918 CVE-2011-3188 CVE-2011-3191
CWE-ID	CWE-264 CWE-20 CWE-400 CWE-119
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #3 is available.
Vulnerable software	Amazon Linux AMI Operating systems & Components / Operating system
Vendor	Amazon Web Services