rPSA-2006-0122-2 kernel

To: security-announce@xxxxxxxxxxxxxxx, update-announce@xxxxxxxxxxxxxxx
Subject: rPSA-2006-0122-2 kernel
From: "Justin M. Forbes" <jmforbes@xxxxxxxxx>
Date: Thu, 13 Jul 2006 16:28:29 -0400
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, lwn@xxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: nail 11.22 3/20/05

rPath Security Advisory: 2006-0122-2
Published: 2006-07-07
Updated:
    2006-07-13 Upgraded to Critical status with additional information
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
    Local Root Deterministic Privilege Escalation
Updated Versions:
    kernel=/conary.rpath.com@rpl:devel//1/2.6.16.24-0.1-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2451
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2934
    https://issues.rpath.com/browse/RPL-488

Description:
    Previous versions of the kernel package have two specific
    vulnerablities that are addressed in this version.
    
    The first vulnerability allows any local user to fill up file
    systems by causing core dumps to write to directories to which
    they do not have write access permissions, and on most systems
    (including any system that provides a generally-accessible "cron"
    or "at" service) to escalate to run arbitrary code as the root user.
    An exploit for this privilege escalation vulnerability is
    publically available and in active use.
    
    The second vulnerability applies only to systems using the SCTP
    protocol, which is not enabled by default, and the tools required
    to configure it (lksctp-tools) are not included in rPath Linux.
    This vulnerability, which cannot apply to systems without
    lksctp-tools installed, enables a remote denial of service attack
    in which specially-crafted packets can crash the system.
    
    A system reboot is required to make the update to resolve these
    vulnerabilities effective.  rPath strongly recommends that all
    users apply this update.

Follow-Ups:
- Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround
  - From: Caveo Internet BV - Security

Prev by Date: [security bulletin] HPSBUX02120 SSRT051057 rev.2 - HP-UX Local Denial of Service (DoS)
Next by Date: Re: WebEx Downloader Plug-in Multiple Vulnerabilities + rant
Previous by thread: [security bulletin] HPSBUX02120 SSRT051057 rev.2 - HP-UX Local Denial of Service (DoS)
Next by thread: Linux Kernel 2.6.x PRCTL Core Dump Handling -- Simple workaround
Index(es):
- Date
- Thread