[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-1845 linux-2.6 -- denial of service, privilege escalation

ID: oval:org.mitre.oval:def:7036Date: (C)2009-12-15   (M)2024-02-19
Class: PATCHFamily: unix




Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Julien Tinnes and Tavis Ormandy reported an issue in the Linux personality code. Local users can take advantage of a setuid binary that can either be made to dereference a NULL pointer or drop privileges and return control to the user. This allows a user to bypass mmap_min_addr restrictions which can be exploited to execute arbitrary code. Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service (hang) by providing an invalid cr3 value to the KVM_SET_SREGS call. Ramon de Carvalho Valle discovered two issues with the eCryptfs layered filesystem using the fsfuzzer utility. A local user with permissions to perform an eCryptfs mount may modify the contents of a eCryptfs file, overflowing the stack and potentially gaining elevated privileges.

Platform:
Debian 5.0
Product:
linux-2.6
Reference:
DSA-1845
CVE-2009-1895
CVE-2009-2287
CVE-2009-2406
CVE-2009-2407
CVE    4
CVE-2009-1895
CVE-2009-2287
CVE-2009-2407
CVE-2009-2406
...
CPE    1
cpe:/o:debian:debian_linux:5.x

© SecPod Technologies