[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-security] DoS attacks against Linux kernel

To: linux-security@sfu.ca
Subject: Re: [linux-security] DoS attacks against Linux kernel
From: Martin Siegert <siegert@sfu.ca>
Date: Fri, 2 Jul 2004 16:52:22 -0700
In-Reply-To: <20040702221526.GA10063@stikine.ucs.sfu.ca>
References: <20040702221526.GA10063@stikine.ucs.sfu.ca>
User-Agent: Mutt/1.4.1i

On Fri, Jul 02, 2004 at 03:15:26PM -0700, Martin Siegert wrote:
> Topic
> =====
> Several vulnerabilities in the Linux kernel allow DoS attacks
> 
> Problem Description
> ===================
> There exist several bugs in the Linux kernel that allow a local user
> (i.e., a user with an account on the machine) adn in one case a remote
> attacker to crash the machine.
> 
> 1) By using a C program it is possible to trigger a floating point
>    exception that puts the kernel into an unusable state.
>    (CAN-2004-0554)
> 
> 2) A vulnerability exists in the e1000 driver for the Linux kernel 2.4.26
>    and earlier: The e1000 driver does not properly reset memory or restrict
>    the maximum length of a data structure, which can allow a local user to
>    read portions of kernel memory (CAN-2004-0535).
> 
> 3) Numerous problems referencing userspace memory were identified in several
>    device drivers (CAN-2004-0495).
> 
> 4) The netfilter code of the 2.6 kernels allows a remote DoS attack due to
>    an incorrect type of a variable. This DoS attack is only possible, if
>    the "-p tcp --tcp-option" options in the netfilter firewall are used.
> 
> Affected Systems
> ================
> re 1): kernel versions 2.6.6 and earlier
> re 2): kernel versions 2.4.26 and earlier
> re 3): kernel versions 2.6.6 and earlier
> re 4): kernel versions 2.6.x, x < 7
> 
> Solution
> ========
> Upgrade to patched version for your distribution.
> Note: As far as I can tell not all of the patched kernels listed below
> include patches against all of these vulnerabilities.
> 
SuSE
----
the SuSE updates below contain patches against vulnerabilities 1-4.

SuSE-8.0
--------
rpm -ivh k_<type>-2.4.18-303.i386.rpm
where <type> is one of deflt, psmp, smp, or i386.

rpm -Fvh kernel-source-2.4.18.SuSE-303.i386.rpm

SuSE-8.1
--------
rpm -ivh k_<type>-2.4.21-231.src.rpm
where <type> is one of deflt, psmp, smp, or athlon.

rpm -Fvh kernel-source-2.4.21-231.i586.rpm

SuSE-8.2
--------
rpm -ivh k_<type>-2.4.20-115.src.rpm
where <type> is one of deflt, psmp, smp, or athlon.

rpm -Fvh kernel-source-2.4.20.SuSE-115.i586.rpm

SuSE-9.0
--------
rpm -ivh k_<type>-2.4.21-231.i586.rpm
where <type> is one of deflt, smp, smp4G, um, or athlon.

rpm -Fvh kernel-source-2.4.21-231.i586.rpm

SuSE-9.1
--------
rpm -ivh kernel-<type>-2.6.5-7.95.i586.rpm
where <type> is one of default, smp, or bigsmp.

rpm -Fvh kernel-source-2.6.5-7.95.i586.rpm

References:
- [linux-security] DoS attacks against Linux kernel
  - From: Martin Siegert <siegert@sfu.ca>
- [linux-security] DoS attacks against Linux kernel
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: [linux-security] DoS attacks against Linux kernel
Next by Date: [linux-security] local root exploit in Linux kernel
Prev by thread: [linux-security] DoS attacks against Linux kernel
Next by thread: [linux-security] RedHat 9 support dropped; SuSE-9.1 support added
Index(es):
- Date
- Thread