Debian DSA-1749-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak

critical Nessus Plugin ID 35987

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges.

- CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory.

- CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users.

- CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption).

- CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 bytes from a sysfs entry.

- CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory.

- CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics.

- CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation.

- CVE-2009-0746 Sami Liedes reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when accessing a specially crafted corrupt filesystem.

- CVE-2009-0747 David Maciejak reported an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem.

- CVE-2009-0748 David Maciejak reported an additional issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) when mounting a specially crafted corrupt filesystem.

Solution

Upgrade the linux-2.6 packages.

For the oldstable distribution (etch), these problems, where applicable, will be fixed in future updates to linux-2.6 and linux-2.6.24.

For the stable distribution (lenny), these problems have been fixed in version 2.6.26-13lenny2.

See Also

https://security-tracker.debian.org/tracker/CVE-2009-0029

https://security-tracker.debian.org/tracker/CVE-2009-0031

https://security-tracker.debian.org/tracker/CVE-2009-0065

https://security-tracker.debian.org/tracker/CVE-2009-0269

https://security-tracker.debian.org/tracker/CVE-2009-0322

https://security-tracker.debian.org/tracker/CVE-2009-0676

https://security-tracker.debian.org/tracker/CVE-2009-0675

https://security-tracker.debian.org/tracker/CVE-2009-0745

https://security-tracker.debian.org/tracker/CVE-2009-0746

https://security-tracker.debian.org/tracker/CVE-2009-0747

https://security-tracker.debian.org/tracker/CVE-2009-0748

https://www.debian.org/security/2009/dsa-1749

Plugin Details

Severity: Critical

ID: 35987

File Name: debian_DSA-1749.nasl

Version: 1.16

Type: local

Agent: unix

Published: 3/23/2009

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux-2.6, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/20/2009

Reference Information

CVE: CVE-2009-0029, CVE-2009-0031, CVE-2009-0065, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748

BID: 33113, 33846

CWE: 119, 189, 20, 264, 399

DSA: 1749