what you don't know can hurt you

Mandriva Linux Security Advisory 2013-194

Mandriva Linux Security Advisory 2013-194
Posted Jul 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-194 - Multiple vulnerabilities has been found and corrected in the Linux kernel. net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.

tags | advisory, remote, denial of service, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2012-5517, CVE-2013-0231, CVE-2013-1059, CVE-2013-1774, CVE-2013-2147, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2850, CVE-2013-2851, CVE-2013-2852, CVE-2013-3301
MD5 | 25d525391a2ce9a5792be99f27172d9f

Mandriva Linux Security Advisory 2013-194

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:194
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : kernel
Date : July 11, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in the Linux
kernel:

net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote
attackers to cause a denial of service (NULL pointer dereference
and system crash) or possibly have unspecified other impact via
an auth_reply message that triggers an attempted build_request
operation. (CVE-2013-1059)

The HP Smart Array controller disk-array driver and Compaq SMART2
controller disk-array driver in the Linux kernel through 3.9.4
do not initialize certain data structures, which allows local
users to obtain sensitive information from kernel memory via (1)
a crafted IDAGETPCIINFO command for a /dev/ida device, related
to the ida_locked_ioctl function in drivers/block/cpqarray.c
or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss
device, related to the cciss_ioctl32_passthru function in
drivers/block/cciss.c. (CVE-2013-2147)

The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c
in the Linux kernel through 3.9.4 does not initialize a certain
structure member, which allows local users to obtain sensitive
information from kernel memory via a read operation on the fanotify
descriptor. (CVE-2013-2148)

Format string vulnerability in the register_disk function in
block/genhd.c in the Linux kernel through 3.9.4 allows local users to
gain privileges by leveraging root access and writing format string
specifiers to /sys/module/md_mod/parameters/new_array in order to
create a crafted /dev/md device name. (CVE-2013-2851)

The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in
the Linux kernel through 3.10 allows local users to obtain sensitive
information from kernel memory via a read operation on a malfunctioning
CD-ROM drive. (CVE-2013-2164)

The key_notify_policy_flush function in net/key/af_key.c in the Linux
kernel before 3.9 does not initialize a certain structure member,
which allows local users to obtain sensitive information from kernel
heap memory by reading a broadcast message from the notify_policy
interface of an IPSec key_socket. (CVE-2013-2237)

The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions
in net/key/af_key.c in the Linux kernel before 3.10 do not initialize
certain structure members, which allows local users to obtain sensitive
information from kernel heap memory by reading a broadcast message
from the notify interface of an IPSec key_socket. (CVE-2013-2234)

The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux
kernel before 3.10 allows local users to cause a denial of service
(system crash) by using an AF_INET6 socket for a connection to an
IPv4 interface. (CVE-2013-2232)

The online_pages function in mm/memory_hotplug.c in the Linux kernel
before 3.6 allows local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified
other impact in opportunistic circumstances by using memory that was
hot-added by an administrator. (CVE-2012-5517)

Format string vulnerability in the b43_request_firmware function in
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
the Linux kernel through 3.9.4 allows local users to gain privileges
by leveraging root access and including format string specifiers in
an fwpostfix modprobe parameter, leading to improper construction of
an error message. (CVE-2013-2852)

The ftrace implementation in the Linux kernel before 3.8.8 allows
local users to cause a denial of service (NULL pointer dereference
and system crash) or possibly have unspecified other impact by
leveraging the CAP_SYS_ADMIN capability for write access to the (1)
set_ftrace_pid or (2) set_graph_function file, and then making an
lseek system call. (CVE-2013-3301)

The pciback_enable_msi function in the PCI backend driver
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the
Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device
access to cause a denial of service via a large number of kernel log
messages. NOTE: some of these details are obtained from third party
information. (CVE-2013-0231)

The chase_port function in drivers/usb/serial/io_ti.c in the
Linux kernel before 3.7.4 allows local users to cause a denial of
service (NULL pointer dereference and system crash) via an attempted
/dev/ttyUSB read or write operation on a disconnected Edgeport USB
serial converter. (CVE-2013-1774)

Heap-based buffer overflow in the iscsi_add_notunderstood_response
function in drivers/target/iscsi/iscsi_target_parameters.c in the
iSCSI target subsystem in the Linux kernel through 3.9.4 allows
remote attackers to cause a denial of service (memory corruption
and OOPS) or possibly execute arbitrary code via a long key that
is not properly handled during construction of an error-response
packet. (CVE-2013-2850)

The updated packages provides a solution for these security issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3301
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
435865a49ae270fc37e81d1a03a7b574 mbs1/x86_64/cpupower-3.4.52-1.1.mbs1.x86_64.rpm
ff1f8cf01c899a47b02f8257aa531026 mbs1/x86_64/kernel-firmware-3.4.52-1.1.mbs1.noarch.rpm
88f35a2dd3da9fa54c80689e9867edc7 mbs1/x86_64/kernel-headers-3.4.52-1.1.mbs1.x86_64.rpm
1d49db696ff5b5c75c8dc63f87bc02bc mbs1/x86_64/kernel-server-3.4.52-1.1.mbs1.x86_64.rpm
d718fabb7c5503d536aa815535f44294 mbs1/x86_64/kernel-server-devel-3.4.52-1.1.mbs1.x86_64.rpm
7aa979aa1c26d51a8e1c3fdf22a6f076 mbs1/x86_64/kernel-source-3.4.52-1.mbs1.noarch.rpm
871b5453e7e2f65330c9748c4368886b mbs1/x86_64/lib64cpupower0-3.4.52-1.1.mbs1.x86_64.rpm
0826823b3c0ca675b5762df19171fd05 mbs1/x86_64/lib64cpupower-devel-3.4.52-1.1.mbs1.x86_64.rpm
8b859bb8ef426ab1d810bf238e3695df mbs1/x86_64/perf-3.4.52-1.1.mbs1.x86_64.rpm
f89854b0909910f6d6e1c7a7153bec08 mbs1/SRPMS/cpupower-3.4.52-1.1.mbs1.src.rpm
a4f26a06789df750207a45b9750978e5 mbs1/SRPMS/kernel-firmware-3.4.52-1.1.mbs1.src.rpm
761cd4ef33ea2e9de5c06812720c9ea1 mbs1/SRPMS/kernel-headers-3.4.52-1.1.mbs1.src.rpm
59cacb9eb2a781df3e7785078d6fd129 mbs1/SRPMS/kernel-server-3.4.52-1.1.mbs1.src.rpm
f170b5ef3f2afe9ef213c981f82a47cd mbs1/SRPMS/kernel-source-3.4.52-1.mbs1.src.rpm
8058f28e41b2e7c05c5719853463cf34 mbs1/SRPMS/perf-3.4.52-1.1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFR3o0wmqjQ0CJFipgRAo6CAKCWv16hAfjsyxOxBaLJrtDqI0YIawCdEFxp
DKoOAlhqIBT4C0AuyxWYlIw=
=beBr
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    3 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    33 Files
  • 26
    Oct 26th
    27 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close