Debian DSA-2110-1 : linux-2.6 - privilege escalation/denial of service/information leak

High Nessus Plugin ID 49276

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2010-2492 Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer overflow condition may allow local users to cause a denial of service or gain elevated privileges.

- CVE-2010-2954 Tavis Ormandy reported an issue in the irda subsystem which may allow local users to cause a denial of service via a NULL pointer dereference.

- CVE-2010-3078 Dan Rosenberg discovered an issue in the XFS file system that allows local users to read potentially sensitive kernel memory.

- CVE-2010-3080 Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation layer. Local users with sufficient privileges to open /dev/sequencer (by default on Debian, this is members of the 'audio' group) can cause a denial of service via a NULL pointer dereference.

- CVE-2010-3081 Ben Hawkes discovered an issue in the 32-bit compatibility code for 64-bit systems. Local users can gain elevated privileges due to insufficient checks in compat_alloc_user_space allocations.

Solution

Upgrade the linux-2.6 and user-mode-linux packages.

For the stable distribution (lenny), this problem has been fixed in version 2.6.26-25lenny1.

The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update :

Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+25lenny1

See Also

https://security-tracker.debian.org/tracker/CVE-2010-2492

https://security-tracker.debian.org/tracker/CVE-2010-2954

https://security-tracker.debian.org/tracker/CVE-2010-3078

https://security-tracker.debian.org/tracker/CVE-2010-3080

https://security-tracker.debian.org/tracker/CVE-2010-3081

https://www.debian.org/security/2010/dsa-2110

Plugin Details

Severity: High

ID: 49276

File Name: debian_DSA-2110.nasl

Version: 1.22

Type: local

Agent: unix

Published: 2010/09/20

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux-2.6, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/09/17

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-2492, CVE-2010-2954, CVE-2010-3078, CVE-2010-3080, CVE-2010-3081

BID: 42237, 42900, 43022, 43062, 43239

DSA: 2110