Otkriveno je nekoliko sigurnosnih propusta u jezgri operacijskog sustava koji se mogu iskoristiti lokalno za otkrivanje i izmjenu podataka, zaobilaženje postavljenih ograničenja, izvođenje napada uskraćivanja usluge ili stjecanje root ovlasti.
Većina propusta je uzrokovana nepravilnim rukovanjem određenim uređajima poput USB memorija i grafičkih kartica, a uzrokovani su nedovoljnim provjerama. Preostali su nedostaci vezani uz CAN podsustav, IOWarrior USB, InfiniBand i TTPCI DVB pogonske programe, itd.
Posljedica:
Svi propusti se mogu iskoristiti lokalno, a napadi mogu rezultirati otkrivanjem i izmjenom podataka, zaobilaženjem postavljenih ograničenja, DoS napadom i povećanjem ovlasti napadača.
Rješenje:
Više informacija dostupno je u izvornoj preporuci. Svim korisnicima se savjetuje primjena zakrpa koje otklanjaju otkrivene propuste.
==========================================================================
Ubuntu Security Notice USN-1160-1
June 28, 2011
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
Summary:
Multiple kernel vulnerabilities have been fixed.
Software Description:
- linux: Linux kernel
Details:
Dan Rosenberg discovered that IRDA did not correctly check the size of
buffers. On non-x86 systems, a local attacker could exploit this to read
kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)
Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses
into the /proc filesystem. A local attacker could use this to increase the
chances of a successful memory corruption exploit. (CVE-2010-4565)
Kees Cook discovered that the IOWarrior USB device driver did not correctly
check certain size fields. A local attacker with physical access could plug
in a specially crafted USB device to crash the system or potentially gain
root privileges. (CVE-2010-4656)
Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly
clear memory when writing certain file holes. A local attacker could
exploit this to read uninitialized data from the disk, leading to a loss of
privacy. (CVE-2011-0463)
Dan Carpenter discovered that the TTPCI DVB driver did not check certain
values during an ioctl. If the dvb-ttpci module was loaded, a local
attacker could exploit this to crash the system, leading to a denial of
service, or possibly gain root privileges. (CVE-2011-0521)
Jens Kuehnel discovered that the InfiniBand driver contained a race
condition. On systems using InfiniBand, a local attacker could send
specially crafted requests to crash the system, leading to a denial of
service. (CVE-2011-0695)
Dan Rosenberg discovered that XFS did not correctly initialize memory. A
local attacker could make crafted ioctl calls to leak portions of kernel
stack memory, leading to a loss of privacy. (CVE-2011-0711)
Rafael Dominguez Vega discovered that the caiaq Native Instruments USB
driver did not correctly validate string lengths. A local attacker with
physical access could plug in a specially crafted USB device to crash the
system or potentially gain root privileges. (CVE-2011-0712)
Kees Cook reported that /proc/pid/stat did not correctly filter certain
memory locations. A local attacker could determine the memory layout of
processes in an attempt to increase the chances of a successful memory
corruption exploit. (CVE-2011-0726)
Timo Warns discovered that MAC partition parsing routines did not correctly
calculate block counts. A local attacker with physical access could plug in
a specially crafted block device to crash the system or potentially gain
root privileges. (CVE-2011-1010)
Timo Warns discovered that LDM partition parsing routines did not correctly
calculate block counts. A local attacker with physical access could plug in
a specially crafted block device to crash the system, leading to a denial
of service. (CVE-2011-1012)
Matthiew Herrb discovered that the drm modeset interface did not correctly
handle a signed comparison. A local attacker could exploit this to crash
the system or possibly gain root privileges. (CVE-2011-1013)
Marek OlĹÄ
Posljednje sigurnosne preporuke