Linux Security
Linux Security
Linux Security

Debian: New Kernel 2.4.27 packages fix several vulnerabilities

Date 14 Jun 2006
Posted By LinuxSecurity Advisories
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-0038 CVE-2006-0039 CVE-2006-0741 CVE-2006-0742 CVE-2006-1056 CVE-2006-1242 CVE-2006-1343 CVE-2006-1368 CVE-2006-1524 CVE-2006-1525 CVE-2006-1857 CVE-2006-1858 CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1097-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                   Dann Frazier, Troy Heber
June 14th, 2006               
- --------------------------------------------------------------------------

Package        : kernel-source-2.4.27
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE ID         : CVE-2006-0038 CVE-2006-0039 CVE-2006-0741 CVE-2006-0742
                 CVE-2006-1056 CVE-2006-1242 CVE-2006-1343 CVE-2006-1368
                 CVE-2006-1524 CVE-2006-1525 CVE-2006-1857 CVE-2006-1858
                 CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274
Debian Bug     : 

Several local and remote vulnerabilities have been discovered in the Linux
kernel that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:


    "Solar Designer" discovered that arithmetic computations in netfilter's
    do_replace() function can lead to a buffer overflow and the execution of
    arbitrary code. However, the operation requires CAP_NET_ADMIN privileges,
    which is only an issue in virtualization systems or fine grained access
    control systems.


    "Solar Designer" discovered a race condition in netfilter's
    do_add_counters() function, which allows information disclosure of
    kernel memory by exploiting a race condition. Like CVE-2006-0038,
    it requires CAP_NET_ADMIN privileges.


    Intel EM64T systems were discovered to be susceptible to a local
    DoS due to an endless recursive fault related to a bad ELF entry


    incorrectly declared die_if_kernel() function as "does never
    return" which could be exploited by a local attacker resulting in
    a kernel crash.


    AMD64 machines (and other 7th and 8th generation AuthenticAMD
    processors) were found to be vulnerable to sensitive information
    leakage, due to how they handle saving and restoring the FOP, FIP,
    and FDP x87 registers in FXSAVE/FXRSTOR when an exception is
    pending. This allows a process to determine portions of the state
    of floating point instructions of other processes.


    Marco Ivaldi discovered that there was an unintended information
    disclosure allowing remote attackers to bypass protections against
    Idle Scans (nmap -sI) by abusing the ID field of IP packets and
    bypassing the zero IP ID in DF packet countermeasure. This was a
    result of the ip_push_pending_frames function improperly
    incremented the IP ID field when sending a RST after receiving
    unsolicited TCP SYN-ACK packets.


    Pavel Kankovsky reported the existance of a potential information leak
    resulting from the failure to initialize sin.sin_zero in the IPv4 socket


    Shaun Tancheff discovered a buffer overflow (boundry condition
    error) in the USB Gadget RNDIS implementation allowing remote
    attackers to cause a DoS. While creating a reply message, the
    driver allocated memory for the reply data, but not for the reply
    structure. The kernel fails to properly bounds-check user-supplied
    data before copying it to an insufficiently sized memory
    buffer. Attackers could crash the system, or possibly execute
    arbitrary machine code.


    Hugh Dickins discovered an issue in the madvise_remove() function wherein
    file and mmap restrictions are not followed, allowing local users to
    bypass IPC permissions and replace portions of readonly tmpfs files with


    Alexandra Kossovsky reported a NULL pointer dereference condition in
    ip_route_input() that can be triggered by a local user by requesting
    a route for a multicast IP address, resulting in a denial of service


    Vlad Yasevich reported a data validation issue in the SCTP subsystem
    that may allow a remote user to overflow a buffer using a badly formatted
    HB-ACK chunk, resulting in a denial of service.


    Vlad Yasevich reported a bug in the bounds checking code in the SCTP
    subsystem that may allow a remote attacker to trigger a denial of service
    attack when rounded parameter lengths are used to calculate parameter
    lengths instead of the actual values.


    Mark Mosely discovered that chroots residing on an SMB share can be
    escaped with specially crafted "cd" sequences.


    The "Mu security team" discovered that carefully crafted ECNE chunks can
    cause a kernel crash by accessing incorrect state stable entries in the
    SCTP networking subsystem, which allows denial of service.


    The "Mu security team" discovered that fragmented SCTP control
    chunks can trigger kernel panics, which allows for denial of
    service attacks.


    It was discovered that SCTP packets with two initial bundled data
    packets can lead to infinite recursion, which allows for denial of
    service attacks.

The following matrix explains which kernel version for which architecture
fix the problems mentioned above:

                                 Debian 3.1 (sarge)
     Source                      2.4.27-10sarge3
     Alpha architecture          2.4.27-10sarge3
     ARM architecture            2.4.27-2sarge3
     Intel IA-32 architecture    2.4.27-10sarge3
     Intel IA-64 architecture    2.4.27-10sarge3
     Motorola 680x0 architecture 2.4.27-3sarge3
     Big endian MIPS             2.4.27-10.sarge3.040815-1
     Little endian MIPS          2.4.27-10.sarge3.040815-1
     PowerPC architecture        2.4.27-10sarge3
     IBM S/390 architecture      2.4.27-2sarge3
     Sun Sparc architecture      2.4.27-9sarge3

The following matrix lists additional packages that were rebuilt for
compatibility with or to take advantage of this update:

                                 Debian 3.1 (sarge)
     fai-kernels                 1.9.1sarge2
     kernel-image-2.4.27-speakup 2.4.27-1.1sarge2
     mindi-kernel                2.4.27-2sarge2
     systemimager                3.2.3-6sarge2

We recommend that you upgrade your kernel package immediately and reboot
the machine. If you have built a custom kernel from the kernel source
package, you will need to rebuild to take advantage of these fixes.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      831 fac953b669c78c37ea181597402b1c1b
      Size/MD5 checksum:    98672 717a42fcf8a6b67690a756b9f3f00aa1
      Size/MD5 checksum:     3962 fc1912f815afb314558fbadae87e43fc
      Size/MD5 checksum:    26319 368860bca1219d5777ab12dbc0713985
      Size/MD5 checksum:     1139 47ebcb365d37d7321eeee65b23920a29
      Size/MD5 checksum:      621 096115eaec61120211e0ba317b92def9
      Size/MD5 checksum:    31646 1673537490a1af1a72ff1d65cd73139d
      Size/MD5 checksum:      876 2340c14db87e56a98e01dd17b095b7d4
      Size/MD5 checksum:    21264 932ad64503240eedef626a0856fe5665
      Size/MD5 checksum:     1143 60abbaf01fa8d0f6ac0992eb08cb965e
      Size/MD5 checksum:      732 738178383acc2853cf8bd8b15861dc52
      Size/MD5 checksum: 15975839 9d7e6b12846c71e4d530375aacd1390b
      Size/MD5 checksum:     9362 52942076ea9989d63ec619d0be8f324c
      Size/MD5 checksum:      900 6a5fd70b803f4a0996b994d72d30c65e
      Size/MD5 checksum:     9501 a4ad085824ade5641f1c839d945dd301
      Size/MD5 checksum:     1051 e28f324bd15f8825721c36d2ad685f8a
      Size/MD5 checksum:    11080 2813b0290efcd984fef6a69d9ca3c8e7
      Size/MD5 checksum:  1463783 1df6018893f9772d156ccf8e3080fb2b
      Size/MD5 checksum:   309066 ccf2db5585e30dd27b9eaf8d74285e70
      Size/MD5 checksum:      839 2f9746e3d73001a774607a2e8460dec8
      Size/MD5 checksum:      750 621fb9f1f76dc3fae5ed69f393ded2cb
      Size/MD5 checksum:    54501 650afb6ddf33bd3c55d036c6e163f8d1
      Size/MD5 checksum:   741011 dc1085a42970fbb6f5174f8dae7f5bb2
      Size/MD5 checksum:     1581 a0f54f9d6f61b4a31bdf49b2efa6a2ca
      Size/MD5 checksum:    17809 946929349518ac3d91c42825bfb6cabc
      Size/MD5 checksum:    31177 2d05a7a176dba04f37719199efa494b7
      Size/MD5 checksum: 38470181 56df34508cdc47a53d15bc02ffe4f42d
      Size/MD5 checksum:      831 4aa4330d08a7829fbe9a548d1d8bab2f
      Size/MD5 checksum:     1074 ef1ed7e19152004e160a48d320fed490
      Size/MD5 checksum:     1012 271d488ce319e95d567143228330e9a1

  Architecture independent components:
      Size/MD5 checksum:    30482 64658643dc4a9554a722ff1b724c916f
      Size/MD5 checksum:  4759092 15c5bd7f61d7291f1267c12733ffcb5b
      Size/MD5 checksum: 31033502 47eb2bd29ad34555156eac2ec8160cd4
      Size/MD5 checksum:    26664 88c43bac04065e47b6486bed94692e9e
      Size/MD5 checksum:  3580108 9542a6368e1668c0b3dd5529ba9c80f0
      Size/MD5 checksum:   116802 a73dc8e6bb5119c7679d97d13b94cbc8
      Size/MD5 checksum:    30730 7cafd2b593e33cd0cb1ed5577a63142a
      Size/MD5 checksum:  2419762 5e9e5072a78be7f12f2a499ee1116268
      Size/MD5 checksum:    15944 00be5d0f60f2e89dec74ec2a76310638
      Size/MD5 checksum:   689772 9054c12e58f6b8c6d7f6055e94e3e2b3
      Size/MD5 checksum:   631336 01476ba30e300b6b91a9a1a5d5c7f16b
      Size/MD5 checksum:  9545000 c225981a19829b44b8b2e61beea177c2

  Alpha architecture:
      Size/MD5 checksum:   272284 56ec516e9425c915a04a2a7184d15192
      Size/MD5 checksum: 16521602 4975ec76eb158179d36de7746cab88ba      Size/MD5 checksum: 16966302 9bb2d088907ead2c2e689c139e945ef9
      Size/MD5 checksum:  4573588 ad755c6e0a640be87f44d0eeb3cb0b9d
      Size/MD5 checksum:     6930 5af591a1a57ca5b7b5ce7af39d0c30f8
      Size/MD5 checksum:   274064 b675644b9520620077d740f5033e311c

  ARM architecture:
      Size/MD5 checksum:  3145470 0e5c53017bbb7a84d554c1b6e60a0f6a
      Size/MD5 checksum:  3668438 2c00f060b5f4a599b1509e5625d766c1
      Size/MD5 checksum:  7331276 8ded6d50afd88d04fd9b601586509d32
      Size/MD5 checksum:   465160 61a35d05b6e9617ea9cec7ecc3ada43c
      Size/MD5 checksum:  1692044 73cb9319b752cc5eaca4849e20edf6ed
      Size/MD5 checksum:  4658994 b790e6512cd56ac98a1d9b5539c9d5b6
      Size/MD5 checksum:  1056874 a03e9282e21db6a8094c8f2432a88e09

  Intel IA-32 architecture:
      Size/MD5 checksum: 12087676 c53fd67452bade39a41a4d07b1ddbd26
      Size/MD5 checksum:   268890 b867a4d295e544fff9f5f0aa2a660762
      Size/MD5 checksum: 11713818 a039669989458b154e77063b9f2cd05e
      Size/MD5 checksum:   305120 bcbd70a2fc6c58ecf1ff373e398069bd      Size/MD5 checksum:   300776 cba2acbaa7a11221bf20476dec02cc2c
      Size/MD5 checksum: 12340196 bb4547bd7a55cf5a863faf0eb787af72
      Size/MD5 checksum:     9460 a52b72284e9b2ac4ea7249b9889dae97
      Size/MD5 checksum:   293320 0cfddb9db531337f9220c787e2916002      Size/MD5 checksum:   299132 cf2755d7c9628bf753d4f9fc59df37f6
      Size/MD5 checksum: 12682330 64e091ae35b42450a3f0af1af1b1cc17      Size/MD5 checksum:   298354 03343347f66f3ebae64348769a8e7085      Size/MD5 checksum:   298796 d5474dcad0aa041fa1bebffa5531a4cb
      Size/MD5 checksum:   298168 29f6f0af6edcc6fdc7b34fd33b4b45a6
      Size/MD5 checksum:   298236 251b20906cabdabc2689f8fad6238485
      Size/MD5 checksum: 11049672 7c1d176724d5af7ef5d92cf91a4b3a24
      Size/MD5 checksum:   300914 012fa2195bea70f63022c38ee8ece1b8
      Size/MD5 checksum: 11992030 37b9f69b34c25ffd7f79c3dccb1c2b86
      Size/MD5 checksum:  1824238 b412dad8e3fa8ffbb88f9e24b720682c
      Size/MD5 checksum:   293678 293d14c82e8f2dc12d75d9ffbf07a497
      Size/MD5 checksum:  4771964 810af192d449f6437de9c7b92bfc8f70
      Size/MD5 checksum: 12420578 5699a644c8305231c6ff00ca615bc79a
      Size/MD5 checksum:   299016 8269e91daebb2aca7b360c15a41fa060
      Size/MD5 checksum: 12024800 595b16fd83e6ca0ca9b3b4df82934f72
      Size/MD5 checksum:   287484 80953396a754c47e76dc9c034fb2caab
      Size/MD5 checksum:  7766984 0f4f4f9d1a0bc59ae4a2bf51734cfdfa
      Size/MD5 checksum:   299566 6165de4b3a2f79b3983d826f490f6c58
      Size/MD5 checksum: 11303960 3519c2d9f88bcbbe6cd1a793bc21a092

  Intel IA-64 architecture:
      Size/MD5 checksum:   241990 1de0bc8938c45fdc763edc8b5be16dbb
      Size/MD5 checksum:   240416 d711a15e48958eaf0b0cffdb9afbe33b      Size/MD5 checksum: 16623356 6f87ed371e352b5ef736eeb9aea9b1e3
      Size/MD5 checksum: 17020414 9748928c4403f7d1f708e4f1659ee56b
      Size/MD5 checksum:   241792 3f041268f31bbc7c13bb41f4b9b254d5
      Size/MD5 checksum: 16980154 c21794a39eae3611d166574bc4d6c946
      Size/MD5 checksum:     6188 510517c085a54b7f62b21fa549a28254
      Size/MD5 checksum:     6154 0ffa2668983b76eb117180f4127f443f
      Size/MD5 checksum: 16670542 5a5fc027a7ed1ea22de65134816ac27e
      Size/MD5 checksum:     6372 9091687f1ccdd0a95238d4d8bf7a36b4
      Size/MD5 checksum:     6150 6862682a204020d9be7c3c7a24b58022
      Size/MD5 checksum:  4688294 fec3cf9e850845e1339b39eaadbfe411
      Size/MD5 checksum:   240852 525e38de6f834e7112097c26da92b929
      Size/MD5 checksum:     6178 c756f53c98ab21e53f097b2859433591

  Motorola 680x0 architecture:
      Size/MD5 checksum:  2395830 74f11a8ca02e8a1cc776bf950e1d346b
      Size/MD5 checksum:  2476584 4baad67d5c9bac3ee608a1f5b1d4dce0
      Size/MD5 checksum:  2638370 76fcbcdc52016ae4feeafa765a3fc761
      Size/MD5 checksum:  2261274 baacace88b258a02d89ee5158269dc90
      Size/MD5 checksum:  2324432 202215777ec6ddca992a02551578bd20
      Size/MD5 checksum:  2543516 00b54f06d0e048692fec00cc8f888cf3      Size/MD5 checksum:  2395344 9326ce159e507c20e26fc4aa4ec9fa61

  Big endian MIPS architecture:
      Size/MD5 checksum:  3852294 0b6ccfb76fed8400f453953d7421c2a6
      Size/MD5 checksum:  3849540 57d70bee7ad3a52c2e41296a4b660748
      Size/MD5 checksum:  4681678 76bfca90e34781e213f64d92e412f7d2
      Size/MD5 checksum:  7177648 16b29faa543ea16b0f0b1e4b79bcca92
      Size/MD5 checksum:    19330 f81dbe5f0089f55ccffdb5160fc14529

  Little endian MIPS architecture:
      Size/MD5 checksum:  7040154 219d79c89034cc245aaedcc09c077253
      Size/MD5 checksum:    19372 f882ee84e76926b99370922778731da6
      Size/MD5 checksum:  3031408 2e21dc55f4e6c7d8e31485cab88b52a9
      Size/MD5 checksum:  2991822 83720b4706c20d32513fdc764e19a3db
      Size/MD5 checksum:  4686362 1e70d957d920f262ad64af693ead756d
      Size/MD5 checksum:  4102944 4dcc900ca58f7d7e69f0020bb3237dda
      Size/MD5 checksum:  2137112 45fe0699fea23090cc4bc9368c6060e9
      Size/MD5 checksum:  4670600 64746373b5c99a31c486fb360ec9048c

  PowerPC architecture:
      Size/MD5 checksum:   155366 c357bb9b9fe6ce282b9bba63a0bdaec4
      Size/MD5 checksum: 13478728 3e7a96afb9b6bb0618a69d490d3df3e6
      Size/MD5 checksum:  4800960 668fb5a82d4ac36e66da1abff65e531f
      Size/MD5 checksum: 12750476 7f6aa3d1cc7c8990cf5ca2d8f5d5c128
      Size/MD5 checksum:     9868 61edb2922c82b932b5a51aabd4e3e962      Size/MD5 checksum:    66712 0f1a666913413ccac067b519949b64be
      Size/MD5 checksum:  4683234 1dc1ed36b3052d676aece64519c79067
      Size/MD5 checksum:   141276 627427945710a84e25f9a6e81cf52871
      Size/MD5 checksum:  1817290 168aae93e0888603a192acfb55c17ea4      Size/MD5 checksum:  2499398 6c3464992e5fd4f0c76bd6e456603b69
      Size/MD5 checksum:   155380 29ef8c314e3ff4ad80a159e336f30cdd      Size/MD5 checksum:   141508 23beb8633e1bc6c71cd7c85549ddc547
      Size/MD5 checksum:  4693350 489de2e942db258045c9a759940ae7a7
      Size/MD5 checksum:     9944 b5f469592bb45ae907c251aa762e5cdb
      Size/MD5 checksum: 13785644 b44ad17d6469962e8ad89a36e0069b0a
      Size/MD5 checksum:   155614 df66fe84dfcd04edc663ecfc295d5a60

  IBM S/390 architecture:      Size/MD5 checksum:   993502 707589c970f190bed95035dad442b9d3
      Size/MD5 checksum:  4578888 53c705bdfebbd3e6985807f041e94612
      Size/MD5 checksum:  2970498 9c2e84a24bb629db2544929cf19f2087
      Size/MD5 checksum:  2778530 d7d6115aa9292ff635476cd2b17bf499

  Sun Sparc architecture:
      Size/MD5 checksum:  2024732 192d85db979604781d849025a1f44ef2
      Size/MD5 checksum:  6546074 5865128021dbbc98f9a6c20e6fc574d9      Size/MD5 checksum:  6379672 b308de13ac8b140e4a4d06ccd500b9e6
      Size/MD5 checksum:  3787334 543e98f2a917fbc57bf8a02c580491eb
      Size/MD5 checksum:   165654 db2c3fd02eb51afbc1ccc98152a25784
      Size/MD5 checksum:   202328 7df862f501733bef8450ba2bacc97b2a
      Size/MD5 checksum:   203806 5f0bc79951ced443e6ef009010b679f2
      Size/MD5 checksum:   163860 ccb65e6e653600dfdbe81fb9f0839789
      Size/MD5 checksum:     9496 00a3aaa8a2c3cb84274e1155d0663fd1      Size/MD5 checksum:  3601802 050ad637bd78c94c8819e553a50b51ae

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"50","type":"x","order":"1","pct":80.65,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"7","type":"x","order":"2","pct":11.29,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":8.06,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.