exploit the possibilities

Debian Security Advisory 2310-1

Debian Security Advisory 2310-1
Posted Sep 23, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2310-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2009-4067, CVE-2011-0712, CVE-2011-1020, CVE-2011-2209, CVE-2011-2211, CVE-2011-2213, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2525, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
SHA-256 | 0ade6375df4fb18e4bf4cc0f6541e056556cbe078ca3ef9db083dea13e260836

Debian Security Advisory 2310-1

Change Mirror Download
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2310-1 security@debian.org
http://www.debian.org/security/ dann frazier
September 22, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2009-4067 CVE-2011-0712 CVE-2011-1020 CVE-2011-2209
CVE-2011-2211 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491
CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497
CVE-2011-2525 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191
Debian Bug : 633738

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:


Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald
module, a driver for Auerswald PBX/System Telephone USB devices. Attackers
with physical access to a system's USB ports could obtain elevated
privileges using a specially crafted USB device.


Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq
module, a USB driver for Native Instruments USB audio devices. Attackers
with physical access to a system's USB ports could obtain elevated
privileges using a specially crafted USB device.


Kees Cook discovered an issue in the /proc filesystem that allows local
users to gain access to sensitive process information after execution of a
setuid binary.


Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the
alpha architecture. Local users could obtain access to sensitive kernel


Dan Rosenberg discovered an issue in the osf_wait4() system call on the
alpha architecture permitting local users to gain elevated privileges.


Dan Rosenberg discovered an issue in the INET socket monitoring interface.
Local users could cause a denial of service by injecting code and causing
the kernel to execute an infinite loop.


Vasiliy Kulikov of Openwall discovered that the number of exit handlers that
a process can register is not capped, resulting in local denial of service
through resource exhaustion (cpu time and memory).


Vasily Averin discovered an issue with the NFS locking implementation. A
malicious NFS server can cause a client to hang indefinitely in an unlock


Marek Kroemeke and Filip Palian discovered that uninitialized struct
elements in the Bluetooth subsystem could lead to a leak of sensitive kernel
memory through leaked stack memory.


Vasiliy Kulikov of Openwall discovered that the io file of a process' proc
directory was world-readable, resulting in local information disclosure of
information such as password lengths.


Robert Swiecki discovered that mremap() could be abused for local denial of
service by triggering a BUG_ON assert.


Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,
which could lead to denial of service or privilege escalation.


Ben Pfaff reported an issue in the network scheduling code. A local user
could cause a denial of service (NULL pointer dereference) by sending a
specially crafted netlink message.


Timo Warns discovered that insufficient validation of Be filesystem images
could lead to local denial of service if a malformed filesystem image is


Dan Kaminsky reported a weakness of the sequence number generation in the
TCP protocol implementation. This can be used by remote attackers to inject
packets into an active session.


Darren Lavender reported an issue in the Common Internet File System (CIFS).
A malicious file server could cause memory corruption leading to a denial of

This update also includes a fix for a regression introduced with the previous
security fix for CVE-2011-1768 (Debian: #633738)

For the oldstable distribution (lenny), this problem has been fixed in version
2.6.26-26lenny4. Updates for arm and alpha are not yet available, but will be
released as soon as possible. Updates for the hppa and ia64 architectures will
be included in the upcoming 5.0.9 point release.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+26lenny4

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
These updates will not become active until after your system is rebooted.

Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
Version: GnuPG v1.4.11 (GNU/Linux)

Login or Register to add favorites

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By