Ubuntu je izdao programsku nadogradnju za linux-mvl-dove kojom se rješavaju brojni sigurnosni nedostaci čije iskorištavanje može dovesti do rušenja ranjivog sustava, povećanja ovlasti, otkrivanja osjetljivih informacija te zaobilaženja postavljenih sigurnosnih ograničenja.
Bitniji propusti su rezultat neodgovarajuće dodjele, provjere te inicijalizacije memorijskog prostora određenih spremnika, nepravilne konfiguracije određenih komponenti te neodgovarajućeg rukovanja određenim zahtjevima. Za detaljan pregled svih nedostataka se preporuča pregled izvorne preporuke.
Posljedica:
Posljedice navedenih propusta su zaobilaženje postavljenih sigurnosnih ograničenja, otkrivanje podataka, povećanje ovlasti na ranjivom sustavu i mogućnost izvođenja DoS (eng. Denial of Service) napada.
Rješenje:
Budući da je dostupna poboljšana programska nadogradnja, svi se korisnici upućuju na nadogradnju.
==========================================================================
Ubuntu Security Notice USN-1159-1
July 13, 2011
linux-mvl-dove vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
Summary:
Multiple kernel flaws have been fixed.
Software Description:
- linux-mvl-dove: Linux kernel for DOVE
Details:
Brad Spengler discovered that the kernel did not correctly account for
userspace memory allocations during exec() calls. A local attacker could
exploit this to consume all system memory, leading to a denial of service.
(CVE-2010-4243)
Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not
correctly handle certain configurations. If such a device was configured
without VLANs, a remote attacker could crash the system, leading to a
denial of service. (CVE-2010-4263)
Nelson Elhage discovered that Econet did not correctly handle AUN packets
over UDP. A local attacker could send specially crafted traffic to crash
the system, leading to a denial of service. (CVE-2010-4342)
Dan Rosenberg discovered that IRDA did not correctly check the size of
buffers. On non-x86 systems, a local attacker could exploit this to read
kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)
Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses
into the /proc filesystem. A local attacker could use this to increase the
chances of a successful memory corruption exploit. (CVE-2010-4565)
Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly
clear memory when writing certain file holes. A local attacker could
exploit this to read uninitialized data from the disk, leading to a loss of
privacy. (CVE-2011-0463)
Jens Kuehnel discovered that the InfiniBand driver contained a race
condition. On systems using InfiniBand, a local attacker could send
specially crafted requests to crash the system, leading to a denial of
service. (CVE-2011-0695)
Dan Rosenberg discovered that XFS did not correctly initialize memory. A
local attacker could make crafted ioctl calls to leak portions of kernel
stack memory, leading to a loss of privacy. (CVE-2011-0711)
Kees Cook reported that /proc/pid/stat did not correctly filter certain
memory locations. A local attacker could determine the memory layout of
processes in an attempt to increase the chances of a successful memory
corruption exploit. (CVE-2011-0726)
Matthiew Herrb discovered that the drm modeset interface did not correctly
handle a signed comparison. A local attacker could exploit this to crash
the system or possibly gain root privileges. (CVE-2011-1013)
Marek OlĹÄ
Posljednje sigurnosne preporuke