---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Linux Kernel Various Vulnerabilities SECUNIA ADVISORY ID: SA23361 VERIFY ADVISORY: http://secunia.com/advisories/23361/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Linux Kernel 2.6.x http://secunia.com/product/2719/ DESCRIPTION: Some vulnerabilities have been reported within the Linux kernel, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service). 1) An error within the "nlmclnt_mark_reclaim()" function in clntlock.c of the NFS lockd can be exploited by malicious people to cause a DoS by crashing the service. 2) The task switching implementation fails to save and restore EFLAGS of process correctly. This can be exploited by malicious, local users to crash applications and services by invoking a specially crafted executable. 3) An error within the lock handling of the "sys_get_robust_list()" and "sys_set_robust_list()" system calls for the SPARC and PowerPC platforms can be exploited by malicious, local users to e.g. consume all system resources, create unkillable processes, and render a system unrebootable. 4) Problems within the alignment exception handling on SPARC and PowerPC platforms can be exploited by malicious, local users to cause a kernel crash. 5) An error within the implementation of the squashfs file system can be exploited to cause a DoS by mounting a specially crafted squashfs image and performing a read operation on the mounted file system. 6) If UNIX extensions are enabled, certain smbfs mount options are ignored and a client silently mounts shares using the uid, gid and mode options from the server. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: 1) Matthias Andree 3, 4) Fabio Massimo Di Nitto 5) LMH 6) Bill Allombert ORIGINAL ADVISORY: http://www.ubuntu.com/usn/usn-395-1 http://www.us.debian.org/security/2006/dsa-1233 OTHER REFERENCES: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=47a5c6fa0e204a2b63309c648bb2fde36836c826 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9b5b1f5bf9dcdb6f23abf65977a675eb4deba3c0 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------