[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [linux-security] DoS attacks against Linux kernel
On Fri, Jul 02, 2004 at 03:15:26PM -0700, Martin Siegert wrote:
> Topic
> =====
> Several vulnerabilities in the Linux kernel allow DoS attacks
>
> Problem Description
> ===================
> There exist several bugs in the Linux kernel that allow a local user
> (i.e., a user with an account on the machine) adn in one case a remote
> attacker to crash the machine.
>
> 1) By using a C program it is possible to trigger a floating point
> exception that puts the kernel into an unusable state.
> (CAN-2004-0554)
>
> 2) A vulnerability exists in the e1000 driver for the Linux kernel 2.4.26
> and earlier: The e1000 driver does not properly reset memory or restrict
> the maximum length of a data structure, which can allow a local user to
> read portions of kernel memory (CAN-2004-0535).
>
> 3) Numerous problems referencing userspace memory were identified in several
> device drivers (CAN-2004-0495).
>
> 4) The netfilter code of the 2.6 kernels allows a remote DoS attack due to
> an incorrect type of a variable. This DoS attack is only possible, if
> the "-p tcp --tcp-option" options in the netfilter firewall are used.
>
> Affected Systems
> ================
> re 1): kernel versions 2.6.6 and earlier
> re 2): kernel versions 2.4.26 and earlier
> re 3): kernel versions 2.6.6 and earlier
> re 4): kernel versions 2.6.x, x < 7
>
> Solution
> ========
> Upgrade to patched version for your distribution.
> Note: As far as I can tell not all of the patched kernels listed below
> include patches against all of these vulnerabilities.
>
SuSE
----
the SuSE updates below contain patches against vulnerabilities 1-4.
SuSE-8.0
--------
rpm -ivh k_<type>-2.4.18-303.i386.rpm
where <type> is one of deflt, psmp, smp, or i386.
rpm -Fvh kernel-source-2.4.18.SuSE-303.i386.rpm
SuSE-8.1
--------
rpm -ivh k_<type>-2.4.21-231.src.rpm
where <type> is one of deflt, psmp, smp, or athlon.
rpm -Fvh kernel-source-2.4.21-231.i586.rpm
SuSE-8.2
--------
rpm -ivh k_<type>-2.4.20-115.src.rpm
where <type> is one of deflt, psmp, smp, or athlon.
rpm -Fvh kernel-source-2.4.20.SuSE-115.i586.rpm
SuSE-9.0
--------
rpm -ivh k_<type>-2.4.21-231.i586.rpm
where <type> is one of deflt, smp, smp4G, um, or athlon.
rpm -Fvh kernel-source-2.4.21-231.i586.rpm
SuSE-9.1
--------
rpm -ivh kernel-<type>-2.6.5-7.95.i586.rpm
where <type> is one of default, smp, or bigsmp.
rpm -Fvh kernel-source-2.6.5-7.95.i586.rpm