Debian DSA-3170-1 : linux - security update

Critical Nessus Plugin ID 81449

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation.

- CVE-2013-7421 / CVE-2014-9644 It was discovered that the Crypto API allowed unprivileged users to load arbitrary kernel modules. A local user can use this flaw to exploit vulnerabilities in modules that would not normally be loaded.

- CVE-2014-7822 Akira Fujita found that the splice() system call did not validate the given file offset and length. A local unprivileged user can use this flaw to cause filesystem corruption on ext4 filesystems, or possibly other effects.

- CVE-2014-8160 Florian Westphal discovered that a netfilter (iptables/ip6tables) rule accepting packets to a specific SCTP, DCCP, GRE or UDPlite port/endpoint could result in incorrect connection tracking state. If only the generic connection tracking module (nf_conntrack) was loaded, and not the protocol-specific connection tracking module, this would allow access to any port/endpoint of the specified protocol.

- CVE-2014-8559 It was found that kernel functions that iterate over a directory tree can dead-lock or live-lock in case some of the directory entries were recently deleted or dropped from the cache. A local unprivileged user can use this flaw for denial of service.

- CVE-2014-9585 Andy Lutomirski discovered that address randomisation for the vDSO in 64-bit processes is extremely biased. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism.

- CVE-2014-9683 Dmitry Chernenkov discovered that eCryptfs writes past the end of the allocated buffer during encrypted filename decoding, resulting in local denial of service.

- CVE-2015-0239 It was found that KVM did not correctly emulate the x86 SYSENTER instruction. An unprivileged user within a guest system that has not enabled SYSENTER, for example because the emulated CPU vendor is AMD, could potentially use this flaw to cause a denial of service or privilege escalation in that guest.

- CVE-2015-1420 It was discovered that the open_by_handle_at() system call reads the handle size from user memory a second time after validating it. A local user with the CAP_DAC_READ_SEARCH capability could use this flaw for privilege escalation.

- CVE-2015-1421 It was found that the SCTP implementation could free an authentication state while it was still in use, resulting in heap corruption. This could allow remote users to cause a denial of service or privilege escalation.

- CVE-2015-1593 It was found that address randomisation for the initial stack in 64-bit processes was limited to 20 rather than 22 bits of entropy. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism.

Solution

Upgrade the linux packages.

For the stable distribution (wheezy), these problems have been fixed in version 3.2.65-1+deb7u2. Additionally this update fixes regressions introduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.

For the upcoming stable distribution (jessie), these problems will be fixed soon (a subset is fixed already).

See Also

https://security-tracker.debian.org/tracker/CVE-2013-7421

https://security-tracker.debian.org/tracker/CVE-2014-9644

https://security-tracker.debian.org/tracker/CVE-2014-7822

https://security-tracker.debian.org/tracker/CVE-2014-8160

https://security-tracker.debian.org/tracker/CVE-2014-8559

https://security-tracker.debian.org/tracker/CVE-2014-9585

https://security-tracker.debian.org/tracker/CVE-2014-9683

https://security-tracker.debian.org/tracker/CVE-2015-0239

https://security-tracker.debian.org/tracker/CVE-2015-1420

https://security-tracker.debian.org/tracker/CVE-2015-1421

https://security-tracker.debian.org/tracker/CVE-2015-1593

https://packages.debian.org/source/wheezy/linux

https://www.debian.org/security/2015/dsa-3170

Plugin Details

Severity: Critical

ID: 81449

File Name: debian_DSA-3170.nasl

Version: 1.10

Type: local

Agent: unix

Published: 2015/02/24

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/02/23

Reference Information

CVE: CVE-2013-7421, CVE-2014-7822, CVE-2014-8160, CVE-2014-8559, CVE-2014-9585, CVE-2014-9644, CVE-2014-9683, CVE-2015-0239, CVE-2015-1420, CVE-2015-1421, CVE-2015-1593

DSA: 3170