Debian DSA-1653-1 : linux-2.6 - denial of service/privilege escalation

high Nessus Plugin ID 34392

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2007-6716 Joe Jin reported a local denial of service vulnerability that allows system users to trigger an oops due to an improperly initialized data structure.

- CVE-2008-1514 Jan Kratochvil reported a local denial of service vulnerability in the ptrace interface for the s390 architecture. Local users can trigger an invalid pointer dereference, leading to a system panic.

- CVE-2008-3276 Eugene Teo reported an integer overflow in the DCCP subsystem that may allow remote attackers to cause a denial of service in the form of a kernel panic.

- CVE-2008-3525 Eugene Teo reported a lack of capability checks in the kernel driver for Granch SBNI12 leased line adapters (sbni), allowing local users to perform privileged operations.

- CVE-2008-3833 The S_ISUID/S_ISGID bits were not being cleared during an inode splice, which, under certain conditions, can be exploited by local users to obtain the privileges of a group for which they are not a member. Mark Fasheh reported this issue.

- CVE-2008-4210 David Watson reported an issue in the open()/creat() system calls which, under certain conditions, can be exploited by local users to obtain the privileges of a group for which they are not a member.

- CVE-2008-4302 A coding error in the splice subsystem allows local users to attempt to unlock a page structure that has not been locked, resulting in a system crash.

Solution

Upgrade the linux-2.6, fai-kernels, and user-mode-linux packages.

For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-22etch3.

See Also

https://security-tracker.debian.org/tracker/CVE-2007-6716

https://security-tracker.debian.org/tracker/CVE-2008-1514

https://security-tracker.debian.org/tracker/CVE-2008-3276

https://security-tracker.debian.org/tracker/CVE-2008-3525

https://security-tracker.debian.org/tracker/CVE-2008-3833

https://security-tracker.debian.org/tracker/CVE-2008-4210

https://security-tracker.debian.org/tracker/CVE-2008-4302

https://www.debian.org/security/2008/dsa-1653

Plugin Details

Severity: High

ID: 34392

File Name: debian_DSA-1653.nasl

Version: 1.17

Type: local

Agent: unix

Published: 10/14/2008

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.6

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux-2.6, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/13/2008

Reference Information

CVE: CVE-2007-6716, CVE-2008-1514, CVE-2008-3276, CVE-2008-3525, CVE-2008-3833, CVE-2008-4210, CVE-2008-4302

BID: 31177, 31368, 31515

CWE: 189, 264, 399

DSA: 1653