SB2012051701 - Multiple vulnerabilities in Linux kernel
Published: May 17, 2012 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Improper Initialization (CVE-ID: CVE-2011-4087)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device.
2) Out-of-bounds write (CVE-ID: CVE-2011-1180)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length.
3) Input validation error (CVE-ID: CVE-2011-1182)
The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.
4) Resource management error (CVE-ID: CVE-2011-2479)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.
5) Buffer overflow (CVE-ID: CVE-2011-3359)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame.
6) Input validation error (CVE-ID: CVE-2011-3363)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-4080)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment.
8) Input validation error (CVE-ID: CVE-2011-2521)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program.
9) Input validation error (CVE-ID: CVE-2011-4611)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled performance monitor exception) via vectors that trigger certain outcomes of performance events.
10) Resource management error (CVE-ID: CVE-2011-4326)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device.
11) NULL pointer dereference (CVE-ID: CVE-2011-3637)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.
Remediation
Install update from vendor's website.
References
- http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f8e9881c2aef1e982e5abc25c046820cd0b7cf64
- http://www.openwall.com/lists/oss-security/2011/10/28/14
- https://github.com/torvalds/linux/commit/f8e9881c2aef1e982e5abc25c046820cd0b7cf64
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d370af0ef7951188daeb15bae75db7ba57c67846
- http://www.openwall.com/lists/oss-security/2011/03/22/11
- https://github.com/torvalds/linux/commit/d370af0ef7951188daeb15bae75db7ba57c67846
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=da48524eb20662618854bb3df2db01fc65f3070c
- http://rhn.redhat.com/errata/RHSA-2011-0927.html
- http://www.openwall.com/lists/oss-security/2011/03/23/2
- https://bugzilla.redhat.com/show_bug.cgi?id=690028
- https://github.com/torvalds/linux/commit/da48524eb20662618854bb3df2db01fc65f3070c
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=78f11a255749d09025f54d4e2df4fbcb031530e2
- http://www.openwall.com/lists/oss-security/2011/06/20/14
- https://bugzilla.redhat.com/show_bug.cgi?id=714761
- https://github.com/torvalds/linux/commit/78f11a255749d09025f54d4e2df4fbcb031530e2
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c85ce65ecac078ab1a1835c87c4a6319cf74660a
- http://www.openwall.com/lists/oss-security/2011/09/14/2
- https://bugzilla.redhat.com/show_bug.cgi?id=738202
- https://github.com/torvalds/linux/commit/c85ce65ecac078ab1a1835c87c4a6319cf74660a
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=70945643722ffeac779d2529a348f99567fa5c33
- http://www.openwall.com/lists/oss-security/2011/09/14/12
- https://bugzilla.redhat.com/show_bug.cgi?id=738291
- https://github.com/torvalds/linux/commit/70945643722ffeac779d2529a348f99567fa5c33
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bfdc0b497faa82a0ba2f9dddcf109231dd519fcc
- http://www.openwall.com/lists/oss-security/2011/10/26/10
- https://github.com/torvalds/linux/commit/bfdc0b497faa82a0ba2f9dddcf109231dd519fcc
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc66c5210ec2539e800e87d7b3a985323c7be96e
- http://www.openwall.com/lists/oss-security/2011/07/06/4
- https://bugzilla.redhat.com/show_bug.cgi?id=719228
- https://github.com/torvalds/linux/commit/fc66c5210ec2539e800e87d7b3a985323c7be96e
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0837e3242c73566fc1c0196b4ec61779c25ffc93
- http://www.openwall.com/lists/oss-security/2011/12/15/2
- https://bugzilla.redhat.com/show_bug.cgi?id=767914
- https://github.com/torvalds/linux/commit/0837e3242c73566fc1c0196b4ec61779c25ffc93
- http://downloads.avaya.com/css/P8/documents/100156038
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a9cf73ea7ff78f52662c8658d93c226effbbedde
- http://www.openwall.com/lists/oss-security/2011/11/21/10
- http://www.securityfocus.com/bid/50751
- https://bugzilla.redhat.com/show_bug.cgi?id=682066
- https://bugzilla.redhat.com/show_bug.cgi?id=755584
- https://github.com/torvalds/linux/commit/a9cf73ea7ff78f52662c8658d93c226effbbedde
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=76597cd31470fa130784c78fadb4dab2e624a723
- http://www.openwall.com/lists/oss-security/2012/02/06/1
- https://bugzilla.redhat.com/show_bug.cgi?id=747848
- https://github.com/torvalds/linux/commit/76597cd31470fa130784c78fadb4dab2e624a723