Debian DSA-1636-1 : linux-2.6.24 - denial of service/information leak

high Nessus Plugin ID 34171
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or leak sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2008-3272 Tobias Klein reported a locally exploitable data leak in the snd_seq_oss_synth_make_info() function. This may allow local users to gain access to sensitive information.

- CVE-2008-3275 Zoltan Sogor discovered a coding error in the VFS that allows local users to exploit a kernel memory leak resulting in a denial of service.

- CVE-2008-3276 Eugene Teo reported an integer overflow in the DCCP subsystem that may allow remote attackers to cause a denial of service in the form of a kernel panic.

- CVE-2008-3526 Eugene Teo reported a missing bounds check in the SCTP subsystem. By exploiting an integer overflow in the SCTP_AUTH_KEY handling code, remote attackers may be able to cause a denial of service in the form of a kernel panic.

- CVE-2008-3534 Kel Modderman reported an issue in the tmpfs filesystem that allows local users to crash a system by triggering a kernel BUG() assertion.

- CVE-2008-3535 Alexey Dobriyan discovered an off-by-one-error in the iov_iter_advance function which can be exploited by local users to crash a system, resulting in a denial of service.

- CVE-2008-3792 Vlad Yasevich reported several NULL pointer reference conditions in the SCTP subsystem that can be triggered by entering sctp-auth codepaths when the AUTH feature is inactive. This may allow attackers to cause a denial of service condition via a system panic.

- CVE-2008-3915 Johann Dahm and David Richter reported an issue in the nfsd subsystem that may allow remote attackers to cause a denial of service via a buffer overflow.

Solution

Upgrade the linux-2.6.24 packages.

For the stable distribution (etch), these problems have been fixed in version 2.6.24-6~etchnhalf.5.

See Also

https://security-tracker.debian.org/tracker/CVE-2008-3272

https://security-tracker.debian.org/tracker/CVE-2008-3275

https://security-tracker.debian.org/tracker/CVE-2008-3276

https://security-tracker.debian.org/tracker/CVE-2008-3526

https://security-tracker.debian.org/tracker/CVE-2008-3534

https://security-tracker.debian.org/tracker/CVE-2008-3535

https://security-tracker.debian.org/tracker/CVE-2008-3792

https://security-tracker.debian.org/tracker/CVE-2008-3915

https://www.debian.org/security/2008/dsa-1636

Plugin Details

Severity: High

ID: 34171

File Name: debian_DSA-1636.nasl

Version: 1.18

Type: local

Agent: unix

Published: 9/12/2008

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux-2.6.24, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 9/11/2008

Reference Information

CVE: CVE-2008-3272, CVE-2008-3275, CVE-2008-3276, CVE-2008-3526, CVE-2008-3534, CVE-2008-3535, CVE-2008-3792, CVE-2008-3915

DSA: 1636

CWE: 119, 189, 399