[linux-source] several local vulnerabilities

Bug #187275 reported by disabled.user on 2008-01-30
256
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Ubuntu Security Team

Bug Description

Binary package hint: linux-source

References:
DSA-1479-1 (http://www.debian.org/security/2008/dsa-1479)

Quoting:
"Several local vulnerabilities have been discovered in the Linux kernel
that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems: [...]

CVE-2007-4571

    Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module.
    Local users could exploit this issue to obtain sensitive information from
    the kernel.

CVE-2007-6151

    ADLAB discovered a possible memory overrun in the ISDN subsystem that
    may permit a local user to overwrite kernel memory leading by issuing
    ioctls with unterminated data.

CVE-2008-0001

    Bill Roman of Datalight noticed a coding error in the linux VFS subsystem
    that, under certain conditions, can allow local users to remove
    directories for which they should not have removal privileges."

Hi hk47,

Thank you for the report. I just wanted to give you a quick update. I've spoken with the Ubuntu Security Team and was informed that two of the CVE's are fixed in dapper-gutsy and that they'd be sure to take care of the rest. Thanks!

Changed in linux:
assignee: nobody → ubuntu-security
importance: Undecided → Medium
status: New → Triaged

Thanks for the info.

Since nobody has complained that I've been "spamming" Ubuntu's bugtracker with security advisories from other distributions (well, mostly Debian) , I'll continue to do so as available time permits.

Especially for kernel-related advisories with multiple CVEs, I hope it's allright to ignore the rule saying "one report for one issue", since the bugs usually already have been CVEd, so that the reports should be seen as a humble "could someone please have a look at this and see if Ubuntu is also affected".

Adding CVE-2008-0007 from SUSE-SA:2008:006 (http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html).

Quoting SUSE-SA:2008:006:
"Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory."

Quoting CVE-2008-0007:
"Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset."

Oops, CVE-2008-0007 was already listed under CVE references. Well, so I've just added some additional info.

The Ubuntu Kernel Team is planning to move to the 2.6.27 kernel for the upcoming Intrepid Ibex 8.10 release. As a result, the kernel team would appreciate it if you could please test this newer 2.6.27 Ubuntu kernel. There are one of two ways you should be able to test:

1) If you are comfortable installing packages on your own, the linux-image-2.6.27-* package is currently available for you to install and test.

--or--

2) The upcoming Alpha5 for Intrepid Ibex 8.10 will contain this newer 2.6.27 Ubuntu kernel. Alpha5 is set to be released Thursday Sept 4. Please watch http://www.ubuntu.com/testing for Alpha5 to be announced. You should then be able to test via a LiveCD.

Please let us know immediately if this newer 2.6.27 kernel resolves the bug reported here or if the issue remains. More importantly, please open a new bug report for each new bug/regression introduced by the 2.6.27 kernel and tag the bug report with 'linux-2.6.27'. Also, please specifically note if the issue does or does not appear in the 2.6.26 kernel. Thanks again, we really appreicate your help and feedback.

Jamie Strandboge (jdstrand) wrote :
Changed in linux:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers