Debian DSA-2094-1 : linux-2.6 - privilege escalation/denial of service/information leak

critical Nessus Plugin ID 48387

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2009-4895 Kyle Bader reported an issue in the tty subsystem that allows local users to create a denial of service (NULL pointer dereference).

- CVE-2010-2226 Dan Rosenberg reported an issue in the xfs filesystem that allows local users to copy and read a file owned by another user, for which they only have write permissions, due to a lack of permission checking in the XFS_SWAPEXT ioctl.

- CVE-2010-2240 Rafal Wojtczuk reported an issue that allows users to obtain escalated privileges. Users must already have sufficient privileges to execute or connect clients to an Xorg server.

- CVE-2010-2248 Suresh Jayaraman discovered an issue in the CIFS filesystem. A malicious file server can set an incorrect 'CountHigh' value, resulting in a denial of service (BUG_ON() assertion).

- CVE-2010-2521 Neil Brown reported an issue in the NFSv4 server code. A malicious client could trigger a denial of service (Oops) on a server due to a bug in the read_buf() routine.

- CVE-2010-2798 Bob Peterson reported an issue in the GFS2 file system.
A file system user could cause a denial of service (Oops) via certain rename operations.

- CVE-2010-2803 Kees Cook reported an issue in the DRM (Direct Rendering Manager) subsystem. Local users with sufficient privileges (local X users or members of the 'video' group on a default Debian install) could acquire access to sensitive kernel memory.

- CVE-2010-2959 Ben Hawkes discovered an issue in the AF_CAN socket family. An integer overflow condition may allow local users to obtain elevated privileges.

- CVE-2010-3015 Toshiyuki Okajima reported an issue in the ext4 filesystem. Local users could trigger a denial of service (BUG assertion) by generating a specific set of filesystem operations.

This update also includes fixes a regression introduced by a previous update. See the referenced Debian bug page for details.

Solution

Upgrade the linux-2.6 and user-mode-linux packages.

For the stable distribution (lenny), this problem has been fixed in version 2.6.26-24lenny1.

The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update :

Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+24lenny1 Updates for arm and mips will be released as they become available.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589179

https://security-tracker.debian.org/tracker/CVE-2009-4895

https://security-tracker.debian.org/tracker/CVE-2010-2226

https://security-tracker.debian.org/tracker/CVE-2010-2240

https://security-tracker.debian.org/tracker/CVE-2010-2248

https://security-tracker.debian.org/tracker/CVE-2010-2521

https://security-tracker.debian.org/tracker/CVE-2010-2798

https://security-tracker.debian.org/tracker/CVE-2010-2803

https://security-tracker.debian.org/tracker/CVE-2010-2959

https://security-tracker.debian.org/tracker/CVE-2010-3015

https://www.debian.org/security/2010/dsa-2094

Plugin Details

Severity: Critical

ID: 48387

File Name: debian_DSA-2094.nasl

Version: 1.16

Type: local

Agent: unix

Published: 8/23/2010

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux-2.6, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/19/2010

Reference Information

CVE: CVE-2009-4895, CVE-2010-2226, CVE-2010-2240, CVE-2010-2248, CVE-2010-2521, CVE-2010-2798, CVE-2010-2803, CVE-2010-2959, CVE-2010-3015

DSA: 2094