Vulnerabilities > CVE-2004-1057 - Unspecified vulnerability in Linux Kernel Device Driver Virtual Memory Flags
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages.
Vulnerable Configurations
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0140.NASL description Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a flaw in remap_page_range() with O_DIRECT writes that allowed a local user to cause a denial of service (crash) (CVE-2004-1057, important) - a flaw in exec() handling on some 64-bit architectures that allowed a local user to cause a denial of service (crash) (CVE-2005-2708, important) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973, important) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180, important) - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum. last seen 2020-06-01 modified 2020-06-02 plugin id 20751 published 2006-01-20 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20751 title RHEL 3 : kernel (RHSA-2006:0140) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0140.NASL description Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a flaw in remap_page_range() with O_DIRECT writes that allowed a local user to cause a denial of service (crash) (CVE-2004-1057, important) - a flaw in exec() handling on some 64-bit architectures that allowed a local user to cause a denial of service (crash) (CVE-2005-2708, important) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973, important) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180, important) - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum. last seen 2020-06-01 modified 2020-06-02 plugin id 21881 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21881 title CentOS 3 : kernel (CESA-2006:0140) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-022.NASL description A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels with this advisory : - Multiple race conditions in the terminal layer of 2.4 and 2.6 kernels (prior to 2.6.9) can allow a local attacker to obtain portions of kernel data or allow remote attackers to cause a kernel panic by switching from console to PPP line discipline, then quickly sending data that is received during the switch (CVE-2004-0814) - Richard Hart found an integer underflow problem in the iptables firewall logging rules that can allow a remote attacker to crash the machine by using a specially crafted IP packet. This is only possible, however, if firewalling is enabled. The problem only affects 2.6 kernels and was fixed upstream in 2.6.8 (CVE-2004-0816) - Stefan Esser found several remote DoS confitions in the smbfs file system. This could be exploited by a hostile SMB server (or an attacker injecting packets into the network) to crash the client systems (CVE-2004-0883 and CVE-2004-0949) - Paul Starzetz and Georgi Guninski reported, independently, that bad argument handling and bad integer arithmetics in the IPv4 sendmsg handling of control messages could lead to a local attacker crashing the machine. The fixes were done by Herbert Xu (CVE-2004-1016) - Rob Landley discovered a race condition in the handling of /proc/.../cmdline where, under rare circumstances, a user could read the environment variables of another process that was still spawning leading to the potential disclosure of sensitive information such as passwords (CVE-2004-1058) - Paul Starzetz reported that the missing serialization in unix_dgram_recvmsg() which was added to kernel 2.4.28 can be used by a local attacker to gain elevated (root) privileges (CVE-2004-1068) - Ross Kendall Axe discovered a possible kernel panic (DoS) while sending AF_UNIX network packets if certain SELinux-related kernel options were enabled. By default the CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX options are not enabled (CVE-2004-1069) - Paul Starzetz of isec.pl discovered several issues with the error handling of the ELF loader routines in the kernel. The fixes were provided by Chris Wright (CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073) - It was discovered that hand-crafted a.out binaries could be used to trigger a local DoS condition in both the 2.4 and 2.6 kernels. The fixes were done by Chris Wright (CVE-2004-1074) - Paul Starzetz found bad handling in the IGMP code which could lead to a local attacker being able to crash the machine. The fix was done by Chris Wright (CVE-2004-1137) - Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions that could be used to overwrite kernel memory with attacker-supplied code resulting in privilege escalation (CVE-2004-1151) - Paul Starzetz found locally exploitable flaws in the binary format loader last seen 2020-06-01 modified 2020-06-02 plugin id 16259 published 2005-01-26 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16259 title Mandrake Linux Security Advisory : kernel (MDKSA-2005:022) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-016.NASL description Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 2.1 are now available. The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for the following security issues : iSEC Security Research discovered a VMA handling flaw in the uselib(2) system call of the Linux kernel. A local user could make use of this flaw to gain elevated (root) privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1235 to this issue. iSEC Security Research discovered a flaw in the page fault handler code that could lead to local users gaining elevated (root) privileges on multiprocessor machines. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0001 to this issue. iSEC Security Research and Georgi Guninski independently discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1016 to this issue. Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1234 to this issue. These packages also fix issues in the io_edgeport driver (CVE-2004-1017), a memory leak in ip_options_get (CVE-2004-1335), and missing VM_IO flags in some drivers (CVE-2004-1057). A recent Internet Draft by Fernando Gont recommended that ICMP Source Quench messages be ignored by hosts. A patch to ignore these messages is included. All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. last seen 2020-06-01 modified 2020-06-02 plugin id 16244 published 2005-01-25 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16244 title RHEL 2.1 : kernel (RHSA-2005:016)
Oval
| accepted | 2013-04-29T04:14:18.451-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:11474 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages. | ||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||
| rpms |
|
References
- http://secunia.com/advisories/18562
- http://www.kernel.org/pub/linux/kernel/people/andrea/kernels/v2.4/2.4.23aa3/00_VM_IO-4
- http://www.redhat.com/support/errata/RHSA-2005-016.html
- http://www.redhat.com/support/errata/RHSA-2005-017.html
- http://www.redhat.com/support/errata/RHSA-2006-0140.html
- http://www.securityfocus.com/bid/12338
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137821
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19275
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11474