Operating System:

[Debian]

Published:

26 September 2011

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ESB-2011.0973 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2011.0973
                         linux-2.6 security update
                             26 September 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux-2.6
Publisher:         Debian
Operating System:  Debian GNU/Linux 5
Impact/Access:     Increased Privileges   -- Remote/Unauthenticated
                   Denial of Service      -- Existing Account      
                   Access Privileged Data -- Existing Account      
                   Reduced Security       -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2011-3191 CVE-2011-3188 CVE-2011-2928
                   CVE-2011-2525 CVE-2011-2497 CVE-2011-2496
                   CVE-2011-2495 CVE-2011-2492 CVE-2011-2491
                   CVE-2011-2484 CVE-2011-2213 CVE-2011-2211
                   CVE-2011-2209 CVE-2011-1768 CVE-2011-1020
                   CVE-2011-0712 CVE-2009-4067 

Reference:         ESB-2011.0923.2
                   ESB-2011.0728
                   ESB-2011.0658
                   ESB-2011.0271

Original Bulletin: 
   http://www.debian.org/security/2011/dsa-2310

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2310-1                   security@debian.org
http://www.debian.org/security/                              dann frazier
September 22, 2011                     http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : linux-2.6
Vulnerability  : privilege escalation/denial of service/information leak
Problem type   : local/remote
Debian-specific: no
CVE Id(s)      : CVE-2009-4067 CVE-2011-0712 CVE-2011-1020 CVE-2011-2209
                 CVE-2011-2211 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491
                 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497
                 CVE-2011-2525 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191
Debian Bug     : 633738

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a privilege escalation, denial of service or information leak.  The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-4067

    Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald
    module, a driver for Auerswald PBX/System Telephone USB devices.  Attackers
    with physical access to a system's USB ports could obtain elevated
    privileges using a specially crafted USB device.

CVE-2011-0712

    Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq
    module, a USB driver for Native Instruments USB audio devices. Attackers
    with physical access to a system's USB ports could obtain elevated
    privileges using a specially crafted USB device.

CVE-2011-1020

    Kees Cook discovered an issue in the /proc filesystem that allows local
    users to gain access to sensitive process information after execution of a
    setuid binary.

CVE-2011-2209

    Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the
    alpha architecture. Local users could obtain access to sensitive kernel
    memory.
    
CVE-2011-2211

    Dan Rosenberg discovered an issue in the osf_wait4() system call on the
    alpha architecture permitting local users to gain elevated privileges.

CVE-2011-2213

    Dan Rosenberg discovered an issue in the INET socket monitoring interface.
    Local users could cause a denial of service by injecting code and causing
    the kernel to execute an infinite loop.

CVE-2011-2484

    Vasiliy Kulikov of Openwall discovered that the number of exit handlers that
    a process can register is not capped, resulting in local denial of service
    through resource exhaustion (cpu time and memory).

CVE-2011-2491

    Vasily Averin discovered an issue with the NFS locking implementation.  A
    malicious NFS server can cause a client to hang indefinitely in an unlock
    call.

CVE-2011-2492

    Marek Kroemeke and Filip Palian discovered that uninitialized struct
    elements in the Bluetooth subsystem could lead to a leak of sensitive kernel
    memory through leaked stack memory.

CVE-2011-2495

    Vasiliy Kulikov of Openwall discovered that the io file of a process' proc
    directory was world-readable, resulting in local information disclosure of
    information such as password lengths.

CVE-2011-2496

    Robert Swiecki discovered that mremap() could be abused for local denial of
    service by triggering a BUG_ON assert.

CVE-2011-2497

    Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,
    which could lead to denial of service or privilege escalation.

CVE-2011-2525

    Ben Pfaff reported an issue in the network scheduling code. A local user
    could cause a denial of service (NULL pointer dereference) by sending a
    specially crafted netlink message.

CVE-2011-2928

    Timo Warns discovered that insufficient validation of Be filesystem images
    could lead to local denial of service if a malformed filesystem image is
    mounted.

CVE-2011-3188

    Dan Kaminsky reported a weakness of the sequence number generation in the
    TCP protocol implementation. This can be used by remote attackers to inject
    packets into an active session.

CVE-2011-3191

    Darren Lavender reported an issue in the Common Internet File System (CIFS).
    A malicious file server could cause memory corruption leading to a denial of
    service.

This update also includes a fix for a regression introduced with the previous
security fix for CVE-2011-1768 (Debian: #633738)

For the oldstable distribution (lenny), this problem has been fixed in version
2.6.26-26lenny4. Updates for arm and alpha are not yet available, but will be
released as soon as possible. Updates for the hppa and ia64 architectures will
be included in the upcoming 5.0.9 point release.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

                                             Debian 5.0 (lenny)
     user-mode-linux                         2.6.26-1um-2+26lenny4

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
These updates will not become active until after your system is rebooted.

Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJOe7rIAAoJEBv4PF5U/IZAwr4QAKWBSdhvlgEUiCsO6oPc5c0T
KtoGcYZRCypiSzQPSuW+tjwJpkAQD9XJYiPC7E3to19NHGQBMhjauFsr/8bfeftC
8JInvnqymOwLzOd8/Gv6fJ3NadLdDZQgrov72KYKS7ZtRR0fc0o/kiRB5Ol1BwUd
dFktxgR5K2NZpAdexzUF7e1GMyAMiKQr3zDvebSE8D2h0RFi1a/gjn1zvIjVbCzD
lbqK11Owz4fiZ22oTyJmd/P0j/CzCkQoEFopSJzMQCi0/yr5bKfmXv99WSFgvIh4
fnf7GGrZtwWL21+PcuNPdhIN21GSE6OWntflfoPNzr56qPZg83HU8LjgMcI7btmD
1bCOGDRP2CIgIT4RG9vG0Pj9Bo7f+yaR3Z8Gt6pVSi+lWKSAxyKNL8ig1ItPYD/r
lK37jkHQ2p3XfGgEZA1nSFpFnarWDF77mREd/7Kk6zG7Zw9V8Nn/s39V2NrDXNCO
KvuloB0nbWAR0RuwSGRtBHPrxmuRDO6ILwjMeGzMqyn8OfWTmjCpH3mdSNjkp+fO
vLJDbljvhxTYn/lwsMfClfCdyy1ELSQFfGKc5lZE13lh2NqpB6b2BTUI+kCeV2Op
4hMJhQDwnXptNeAkL7ZnltCtWUjGvJT6NV3g8KdMTBdFfKuxbh/ahS4P4BmwiuE4
P1GRA7vke6qqsHvPGBoA
=66e/
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTn/Jeu4yVqjM2NGpAQKPYxAAktFMyPLyv8jOPACHzwk6QnE1UGxv8XFd
ZPJV18ziOsQVuHV7NZLx/cFDIONGXUba+4zciBzHKuz2CQt7xDFy8dtGW61AO4TO
rVbNXgYMV+ZsBbvm0iO3RCZqsJSTdF1YJtsJr8FUUeiITvoklsrTw2BqXgEP/+9L
wLZWSIOJuWbVZEY4fu0llw1V+DxGDj0nj8SDlcRvoWU+rR9KrUKQ0b8LIjCJl+ou
08fNkFy4cKkuEzge+E1dmkS8+XT2zLllLLhwtaeLEK4zwAiU3kY0WW9uL6UG0DQr
4QVz0ttAF8EgKwUICDFU6k34lKn/ZuGWWKRhOPhknh9wlMijP+rYdUKOlEBlKKt1
TCBrE2dNa0d0FrgbOmWB0Eq9SuN0BxHTjhBPBbGjDssYTV3/bCcuIZFdEMJJ1aeL
ZmmsXlNHURs2buZoEsyhCgag6jhW5nCkOBpVwlVlYvg+cHBdj7D1qual7In3t8CZ
nEiNipp8Ls/ZeDSJWcKMzRssGE+4ctI6m+e7WQJwDme0W5PeuBhepV32jxtYD5W4
zuWBlOpexKu/xmqClcKSTsvrxUV0XZcVmqaAmT1u2J4RkxTyodeiZVw6ZhCwEBAd
Y8Z8VTLMTluYQynb/oqBoZq69ZZnWwvbcECZ7U4EvlQdx4RmiqHeYLvvWIbR/BsC
9CcM4l6x9A0=
=csTC
-----END PGP SIGNATURE-----