/*
It looks like there were several Linux kernel-level vulnerabilities released yesterday and today.
Let's take a look...
*/
Linux Kernel PTraced Child Auto-Reap Local Denial of Service
/*
According to the discussion, it looks like this boils down to a simple NULL pointer reference. Kernels < 2.6.15 are vulnerable.
*/
Linux Kernel ATM Module Inconsistent Reference Counts Denial of Service
/*
Since this only affects users using the ATM code, it appears to be fairly limited. Kernels < 2.6.14 are vulnerable.
*/
Linux Kernel IP6_Input_Finish Remote Denial Of Service
/*
This one can cause the kernel to leak memory, eventually leading to a panic. Affected kernels are 2.6 kernels <= 2.6.12.5.
*/
Linux Kernel Sysctl_String Local Buffer Overflow
/*
An off-by-one buffer-overflow with potential to execute arbitrary code in the context of the local kernel (ring0). Affected kernels are 2.6 kernels < 2.6.15.
*/
Linux Kernel IP_ROUTE_INPUT Local Denial of Service
/*
Local denial of service due to bug in the 'ip_route_input()' function. Kernels affected are 2.6 kernels < 2.6.16.8.
*/
Linux Kernel SG Driver Direct IO Local Denial of Service
/*
A design error in the sg driver leads to an ability to cause a kernel panic. Kernel versions < 2.6.13 are affected.
*/
Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access:
This issue allows local users with the 'CAP_NET_ADMIN' capability, but without the 'CAP_SYS_RAWIO' capability, to read and write to the SDLA device firmware. This may cause a denial-of-service issue if attackers write an invalid firmware. Other attacks may also be possibly by writing modified firmware files.
/*
It would appear that all kernel versions previous to 2.6.11 are vulnerable, although this is not stated in the article.
*/
Linux Kernel NFS Client Denial of Service
/*
Kernels < 2.6.15.5 are susceptible to non-privileged users being able to cause the kernel to panic via userland NFS utilities.
*/
Linux Kernel Choose_New_Parent Local Denial of Service
/*
Allows local users to cause kernel panic on kernels < 2.6.11.12.
*/
Linux Kernel SNMP NAT Helper Remote Denial of Service
/*
A bug in the SNMP NAT helper functionality, part of netfilter, can lead to memory corruption and a denial of service. Affected versions are < 2.6.16.18.
*/
Linux Kernel Shared Memory Security Restriction Bypass
/*
Potential to gain read/write access to shared memory, and write access to tmpfs mounted directories. It doesn't take a lot of imagination to come up with a handful of scenarios where you could turn write access to shared memory into a rootshell. Kernel versions < 2.6.16.7 are vulnerable.
*/
Linux Kernel IP ID Information Disclosure Weakness
/*
This is nothing new. This weakness in the initial sequence number for TCP connections is what nmap's "Idle Scan" depends on. Typically you'll want to use a low-load Windows computer as your zombie, but Linux is also vulnerable. 2.6 versions prior to 2.6.16.1 are vulnerable. Some 2.4 kernels are also vulnerable, but the article does not disclose which ones.
*/
Linux Kernel Multiple SCTP Remote Denial of Service
/*
It appears that some fairly specific circumstances need to be met for this to be valid, but results in a kernel panic. Kernels < 2.6.16 are vulnerable.
*/
Linux Kernel LSM ReadV/WriteV Security Restriction Bypass
/*
This vulnerability requires very specific and direct timing. It requires that you already have a file opened for read or write before the LSM change is made revoking that access. Upon calling open(2), the LSM configuration is properly enforced, thus the requirement of the file already being opened by the process. Kernels < 2.6.16.12 are vulnerable.
*/
Cryptography/Privacy (54)