Vulnerabilities > CVE-2005-2458 - Local Denial of Service vulnerability in Linux Kernel ZLib Invalid Memory Access

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
linux
nessus

Summary

inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables".

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0101.NASL
    descriptionUpdated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a flaw which allowed a local user to write to firmware on read-only opened /dev/cdrom devices (CVE-2004-1190, moderate) - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458, low) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in the SCSI procfs interface that allowed a local user to cause a denial of service (crash) (CVE-2005-2800, moderate) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - a race condition when threads share memory mapping that allowed local users to cause a denial of service (deadlock) (CVE-2005-3106, important) - a flaw when trying to mount a non-hfsplus filesystem using hfsplus that allowed local users to cause a denial of service (crash) (CVE-2005-3109, moderate) - a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276, low) - a flaw in mq_open system call that allowed a local user to cause a denial of service (crash) (CVE-2005-3356, important) - a flaw in set_mempolicy that allowed a local user on some 64-bit architectures to cause a denial of service (crash) (CVE-2005-3358, important) - a flaw in the auto-reap of child processes that allowed a local user to cause a denial of service (crash) (CVE-2005-3784, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) - a flaw in procfs handling that allowed a local user to read kernel memory (CVE-2005-4605, important) All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id21977
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21977
    titleCentOS 4 : kernel (CESA-2006:0101)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0101 and 
    # CentOS Errata and Security Advisory 2006:0101 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21977);
      script_version("1.21");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2002-2185", "CVE-2004-1190", "CVE-2005-2458", "CVE-2005-2709", "CVE-2005-2800", "CVE-2005-3044", "CVE-2005-3106", "CVE-2005-3109", "CVE-2005-3276", "CVE-2005-3356", "CVE-2005-3358", "CVE-2005-3784", "CVE-2005-3806", "CVE-2005-3848", "CVE-2005-3857", "CVE-2005-3858", "CVE-2005-4605");
      script_xref(name:"RHSA", value:"2006:0101");
    
      script_name(english:"CentOS 4 : kernel (CESA-2006:0101)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix several security issues in the Red
    Hat Enterprise Linux 4 kernel are now available.
    
    This security advisory has been rated as having important security
    impact by the Red Hat Security Response Team.
    
    The Linux kernel handles the basic functions of the operating system.
    
    These new kernel packages contain fixes for the security issues
    described below :
    
      - a flaw in network IGMP processing that a allowed a
        remote user on the local network to cause a denial of
        service (disabling of multicast reports) if the system
        is running multicast applications (CVE-2002-2185,
        moderate)
    
      - a flaw which allowed a local user to write to firmware
        on read-only opened /dev/cdrom devices (CVE-2004-1190,
        moderate)
    
      - a flaw in gzip/zlib handling internal to the kernel that
        may allow a local user to cause a denial of service
        (crash) (CVE-2005-2458, low)
    
      - a flaw in procfs handling during unloading of modules
        that allowed a local user to cause a denial of service
        or potentially gain privileges (CVE-2005-2709, moderate)
    
      - a flaw in the SCSI procfs interface that allowed a local
        user to cause a denial of service (crash)
        (CVE-2005-2800, moderate)
    
      - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl
        that allowed a local user to cause a denial of service
        (crash) (CVE-2005-3044, important)
    
      - a race condition when threads share memory mapping that
        allowed local users to cause a denial of service
        (deadlock) (CVE-2005-3106, important)
    
      - a flaw when trying to mount a non-hfsplus filesystem
        using hfsplus that allowed local users to cause a denial
        of service (crash) (CVE-2005-3109, moderate)
    
      - a minor info leak with the get_thread_area() syscall
        that allowed a local user to view uninitialized kernel
        stack data (CVE-2005-3276, low)
    
      - a flaw in mq_open system call that allowed a local user
        to cause a denial of service (crash) (CVE-2005-3356,
        important)
    
      - a flaw in set_mempolicy that allowed a local user on
        some 64-bit architectures to cause a denial of service
        (crash) (CVE-2005-3358, important)
    
      - a flaw in the auto-reap of child processes that allowed
        a local user to cause a denial of service (crash)
        (CVE-2005-3784, important)
    
      - a flaw in the IPv6 flowlabel code that allowed a local
        user to cause a denial of service (crash)
        (CVE-2005-3806, important)
    
      - a flaw in network ICMP processing that allowed a local
        user to cause a denial of service (memory exhaustion)
        (CVE-2005-3848, important)
    
      - a flaw in file lease time-out handling that allowed a
        local user to cause a denial of service (log file
        overflow) (CVE-2005-3857, moderate)
    
      - a flaw in network IPv6 xfrm handling that allowed a
        local user to cause a denial of service (memory
        exhaustion) (CVE-2005-3858, important)
    
      - a flaw in procfs handling that allowed a local user to
        read kernel memory (CVE-2005-4605, important)
    
    All Red Hat Enterprise Linux 4 users are advised to upgrade their
    kernels to the packages associated with their machine architectures
    and configurations as listed in this erratum."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-January/012580.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4839b252"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-January/012581.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d8112949"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-January/012582.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ec839998"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-hugemem-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-smp-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2002/12/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/01/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"kernel-2.6.9-22.0.2.EL")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"kernel-devel-2.6.9-22.0.2.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-doc-2.6.9-22.0.2.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-doc-2.6.9-22.0.2.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-2.6.9-22.0.2.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-hugemem-devel-2.6.9-22.0.2.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-2.6.9-22.0.2.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-2.6.9-22.0.2.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"kernel-smp-devel-2.6.9-22.0.2.EL")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"kernel-smp-devel-2.6.9-22.0.2.EL")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-devel / kernel-doc / kernel-hugemem / etc");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-220.NASL
    descriptionMultiple vulnerabilities in the Linux 2.6 kernel have been discovered and corrected in this update: The kernel on x86_64 platforms does not use a guard page for the 47-bit address page to protect against an AMD K8 bug which allows a local user to cause a DoS (CVE-2005-1764). The KEYCTL_JOIN_SESSION_KEYRING operation in versions prior to 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a DoS (semaphore hang) via a new session keyring with an empty name string, a long name string, the key quota reached, or ENOMEM (CVE-2005-2098). Kernels prior to 2.6.12.5 do not properly destroy a keyring that is not instantiated properly, allowing a local user or remote attacker to cause a DoS (oops) via a keyring with a payload that is not empty (CVE-2005-2099). An array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c allows local users to cause a DoS (oops or deadlock) and possibly execute arbitrary code (CVE-2005-2456). The zisofs driver in versions prior to 2.6.12.5 allows local users and remove attackers to cause a DoS (crash) via a crafted compressed ISO filesystem (CVE-2005-2457). inflate.c in the zlib routines in versions prior to 2.6.12.5 allow remove attackers to cause a DoS (crash) via a compressed file with 'improper tables' (CVE-2005-2458). The huft_build function in inflate.c in the zlib routines in versions prior to 2.6.12.5 returns the wrong value, allowing remote attackers to cause a DoS (crash) via a certain compressed file that leads to a NULL pointer dereference (CVE-2005-2459). A stack-based buffer overflow in the sendmsg function call in versions prior to 2.6.13.1 allow local users to execute arbitrary code by calling sendmsg and modifying the message contents in another thread (CVE-2005-2490). The raw_sendmsg function in versions prior to 2.6.13.1 allow local users to cause a DoS (change hardware state) or read from arbitrary memory via crafted input (CVE-2005-2492). A memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in 2.6.13 and earlier allows a local user to cause a DoS (memory consumption) via certain repeated reads from /proc/scsi/gs/devices file which is not properly handled when the next() interator returns NULL or an error (CVE-2005-2800). The ipt_recent module in versions prior to 2.6.12 when running on 64bit processors allows remote attackers to cause a DoS (kernel panic) via certain attacks such as SSH brute force (CVE-2005-2872). The ipt_recent module in versions prior to 2.6.12 does not properly perform certain tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early (CVE-2005-2873). Multiple vulnerabilities in versions prior to 2.6.13.2 allow local users to cause a DoS (oops from NULL dereference) via fput in a 32bit ioctl on 64-bit x86 systems or sockfd_put in the 32-bit routing_ioctl function on 64-bit systems (CVE-2005-3044). The sys_set_mempolicy function in mempolicy.c allows local users to cause a DoS via a negative first argument (CVE-2005-3053). Versions 2.6.8 to 2.6.14-rc2 allow local users to cause a DoS (oops) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference (CVE-2005-3055). drm.c in version 2.6.13 and earlier creates a debug file in sysfs with world-readable and world-writable permissions, allowing local users to enable DRM debugging and obtain sensitive information (CVE-2005-3179). The Orinoco driver in 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, allowing remote attackers to obtain sensitive information (CVE-2005-3180). Kernels 2.6.13 and earlier, when CONFIG_AUDITSYSCALL is enabled, use an incorrect function to free names_cache memory, preventing the memory from being tracked by AUDITSYSCALL code and leading to a memory leak (CVE-2005-3181). The VT implementation in version 2.6.12 allows local users to use certain IOCTLs on terminals of other users and gain privileges (CVE-2005-3257). Exec does not properly clear posix-timers in multi-threaded environments, which result in a resource leak and could allow a large number of multiple local users to cause a DoS by using more posix- timers than specified by the quota for a single user (CVE-2005-3271). The rose_rt_ioctl function rose_route.c in versions prior to 2.6.12 does not properly verify the ndigis argument for a new route, allowing an attacker to trigger array out-of-bounds errors with a large number of digipeats (CVE-2005-3273). A race condition in ip_vs_conn_flush in versions prior to 2.6.13, when running on SMP systems, allows local users to cause a DoS (NULL dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired (CVE-2005-3274). The NAT code in versions prior to 2.6.13 incorrectly declares a variable to be static, allowing remote attackers to cause a DoS (memory corruption) by causing two packets for the same protocol to be NATed at the same time (CVE-2005-3275). The sys_get_thread_area function in process.c in versions prior to 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which may allow a user process to obtain sensitive information (CVE-2005-3276). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate
    last seen2017-10-29
    modified2014-08-22
    plugin id20451
    published2006-01-15
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=20451
    titleMDKSA-2005:220 : kernel
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-921.NASL
    descriptionSeveral local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-0756 Alexander Nyberg discovered that the ptrace() system call does not properly verify addresses on the amd64 architecture which can be exploited by a local attacker to crash the kernel. - CVE-2005-0757 A problem in the offset handling in the xattr file system code for ext3 has been discovered that may allow users on 64-bit systems that have access to an ext3 filesystem with extended attributes to cause the kernel to crash. - CVE-2005-1762 A vulnerability has been discovered in the ptrace() system call on the amd64 architecture that allows a local attacker to cause the kernel to crash. - CVE-2005-1767 A vulnerability has been discovered in the stack segment fault handler that could allow a local attacker to cause a stack exception that will lead the kernel to crash under certain circumstances. - CVE-2005-1768 Ilja van Sprundel discovered a race condition in the IA32 (x86) compatibility execve() systemcall for amd64 and IA64 that allows local attackers to cause the kernel to panic and possibly execute arbitrary code. - CVE-2005-2456 Balazs Scheidler discovered that a local attacker could call setsockopt() with an invalid xfrm_user policy message which would cause the kernel to write beyond the boundaries of an array and crash. - CVE-2005-2458 Vladimir Volovich discovered a bug in the zlib routines which are also present in the Linux kernel and allows remote attackers to crash the kernel. - CVE-2005-2459 Another vulnerability has been discovered in the zlib routines which are also present in the Linux kernel and allows remote attackers to crash the kernel. - CVE-2005-2553 A NULL pointer dereference in ptrace when tracing a 64-bit executable can cause the kernel to crash. - CVE-2005-2801 Andreas Gruenbacher discovered a bug in the ext2 and ext3 file systems. When data areas are to be shared among two inodes not all information were compared for equality, which could expose wrong ACLs for files. - CVE-2005-2872 Chad Walstrom discovered that the ipt_recent kernel module to stop SSH bruteforce attacks could cause the kernel to crash on 64-bit architectures. - CVE-2005-3275 An error in the NAT code allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption.
    last seen2020-06-01
    modified2020-06-02
    plugin id22787
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22787
    titleDebian DSA-921-1 : kernel-source-2.4.27 - several vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0144.NASL
    descriptionUpdated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the seventh regular update. This security advisory has been rated as having moderate security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the seventh regular kernel update to Red Hat Enterprise Linux 3. New features introduced by this update include : - addition of the bnx2, dell_rbu, and megaraid_sas device drivers - support for multi-core, multi-threaded Intel Itanium processors - upgrade of the SATA subsystem to include ATAPI and SMART support - optional tuning via the new numa_memory_allocator, arp_announce, and printk_ratelimit sysctls There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 3. There were numerous driver updates and security fixes (elaborated below). Other key areas affected by fixes in this update include the networking subsystem, the VM subsystem, NPTL handling, autofs4, the USB subsystem, CPU enumeration, and 32-bit-exec-mode handling on 64-bit architectures. The following device drivers have been upgraded to new versions : aacraid -------- 1.1.5-2412 bnx2 ----------- 1.4.30 (new) dell_rbu ------- 2.1 (new) e1000 ---------- 6.1.16-k3 emulex --------- 7.3.3 fusion --------- 2.06.16.02 ipmi ----------- 35.11 megaraid2 ------ v2.10.10.1 megaraid_sas --- 00.00.02.00 (new) tg3 ------------ 3.43RH The following security bugs were fixed in this update : - a flaw in gzip/zlib handling internal to the kernel that allowed a local user to cause a denial of service (crash) (CVE-2005-2458,low) - a flaw in ext3 EA/ACL handling of attribute sharing that allowed a local user to gain privileges (CVE-2005-2801, moderate) - a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276, low) Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id21882
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21882
    titleCentOS 3 : kernel (CESA-2006:0144)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0191.NASL
    descriptionUpdated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a race condition that allowed local users to read the environment variables of another process (CVE-2004-1058, low) - a flaw in the open_exec function of execve that allowed a local user to read setuid ELF binaries that should otherwise be protected by standard permissions. (CVE-2004-1073, moderate). Red Hat originally reported this flaw as being fixed by RHSA-2004:504, but a patch for this issue was missing from that update. - a flaw in the coda module that allowed a local user to cause a denial of service (crash) or possibly gain privileges (CVE-2005-0124, moderate) - a potential leak of kernel data from ext2 file system handling (CVE-2005-0400, low) - flaws in ISO-9660 file system handling that allowed the mounting of an invalid image on a CD-ROM to cause a denial of service (crash) or potentially execute arbitrary code (CVE-2005-0815, moderate) - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458, low) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973, important) - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180, important) - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) The following bugs were also addressed : - Handle set_brk() errors in binfmt_elf/aout - Correct error handling in shmem_ioctl - Correct scsi error return - Fix netdump time keeping bug - Fix netdump link-down freeze - Fix FAT fs deadlock All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id20855
    published2006-02-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20855
    titleRHEL 2.1 : kernel (RHSA-2006:0191)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0101.NASL
    descriptionUpdated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below : - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a flaw which allowed a local user to write to firmware on read-only opened /dev/cdrom devices (CVE-2004-1190, moderate) - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458, low) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in the SCSI procfs interface that allowed a local user to cause a denial of service (crash) (CVE-2005-2800, moderate) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - a race condition when threads share memory mapping that allowed local users to cause a denial of service (deadlock) (CVE-2005-3106, important) - a flaw when trying to mount a non-hfsplus filesystem using hfsplus that allowed local users to cause a denial of service (crash) (CVE-2005-3109, moderate) - a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276, low) - a flaw in mq_open system call that allowed a local user to cause a denial of service (crash) (CVE-2005-3356, important) - a flaw in set_mempolicy that allowed a local user on some 64-bit architectures to cause a denial of service (crash) (CVE-2005-3358, important) - a flaw in the auto-reap of child processes that allowed a local user to cause a denial of service (crash) (CVE-2005-3784, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) - a flaw in procfs handling that allowed a local user to read kernel memory (CVE-2005-4605, important) All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id20732
    published2006-01-17
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20732
    titleRHEL 4 : kernel (RHSA-2006:0101)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-169-1.NASL
    descriptionDavid Howells discovered a local Denial of Service vulnerability in the key session joining function. Under certain user-triggerable conditions, a semaphore was not released properly, which caused processes which also attempted to join a key session to hang forever. This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2098) David Howells discovered a local Denial of Service vulnerability in the keyring allocator. A local attacker could exploit this to crash the kernel by attempting to add a specially crafted invalid keyring. This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2099) Balazs Scheidler discovered a local Denial of Service vulnerability in the xfrm_compile_policy() function. By calling setsockopt() with an invalid xfrm_user policy message, a local attacker could cause the kernel to write to an array beyond its boundaries, thus causing a kernel crash. (CAN-2005-2456) Tim Yamin discovered that the driver for compressed ISO file systems did not sufficiently validate the iput data. By tricking an user into mounting a malicious CD-ROM with a specially crafted compressed ISO file system, he could cause a kernel crash. (CAN-2005-2457) It was discovered that the kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id20575
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20575
    titleUbuntu 4.10 / 5.04 : linux-source-2.6.8.1, linux-source-2.6.10 vulnerabilities (USN-169-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0144.NASL
    descriptionUpdated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the seventh regular update. This security advisory has been rated as having moderate security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. This is the seventh regular kernel update to Red Hat Enterprise Linux 3. New features introduced by this update include : - addition of the bnx2, dell_rbu, and megaraid_sas device drivers - support for multi-core, multi-threaded Intel Itanium processors - upgrade of the SATA subsystem to include ATAPI and SMART support - optional tuning via the new numa_memory_allocator, arp_announce, and printk_ratelimit sysctls There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 3. There were numerous driver updates and security fixes (elaborated below). Other key areas affected by fixes in this update include the networking subsystem, the VM subsystem, NPTL handling, autofs4, the USB subsystem, CPU enumeration, and 32-bit-exec-mode handling on 64-bit architectures. The following device drivers have been upgraded to new versions : aacraid -------- 1.1.5-2412 bnx2 ----------- 1.4.30 (new) dell_rbu ------- 2.1 (new) e1000 ---------- 6.1.16-k3 emulex --------- 7.3.3 fusion --------- 2.06.16.02 ipmi ----------- 35.11 megaraid2 ------ v2.10.10.1 megaraid_sas --- 00.00.02.00 (new) tg3 ------------ 3.43RH The following security bugs were fixed in this update : - a flaw in gzip/zlib handling internal to the kernel that allowed a local user to cause a denial of service (crash) (CVE-2005-2458,low) - a flaw in ext3 EA/ACL handling of attribute sharing that allowed a local user to gain privileges (CVE-2005-2801, moderate) - a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276, low) Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.
    last seen2020-06-01
    modified2020-06-02
    plugin id21089
    published2006-03-16
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21089
    titleRHEL 3 : kernel (RHSA-2006:0144)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-219.NASL
    descriptionMultiple vulnerabilities in the Linux 2.6 kernel have been discovered and corrected in this update : An integer overflow in vc_resize (CVE-2004-1333). A race condition in the sysfs_read_file and sysfs_write_file functions in 2.6.10 and earlier allows local users to read kernel memory and cause a DoS (crash) via large offsets in sysfs files (CVE-2004-2302). An integer signedness error in scsi_ioctl.c (CVE-2005-0180). Netfilter allows a local user to cause a DoS (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice (CVE-2005-0210). A DoS in pkt_ioctl in pktcdvc.c (CVE-2005-1589). An array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c allows local users to cause a DoS (oops or deadlock) and possibly execute arbitrary code (CVE-2005-2456). The zisofs driver in versions prior to 2.6.12.5 allows local users and remove attackers to cause a DoS (crash) via a crafted compressed ISO filesystem (CVE-2005-2457). inflate.c in the zlib routines in versions prior to 2.6.12.5 allow remove attackers to cause a DoS (crash) via a compressed file with
    last seen2020-06-01
    modified2020-06-02
    plugin id20450
    published2006-01-15
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20450
    titleMandrake Linux Security Advisory : kernel (MDKSA-2005:219)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-922.NASL
    descriptionSeveral local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2004-2302 A race condition in the sysfs filesystem allows local users to read kernel memory and cause a denial of service (crash). - CVE-2005-0756 Alexander Nyberg discovered that the ptrace() system call does not properly verify addresses on the amd64 architecture which can be exploited by a local attacker to crash the kernel. - CVE-2005-0757 A problem in the offset handling in the xattr file system code for ext3 has been discovered that may allow users on 64-bit systems that have access to an ext3 filesystem with extended attributes to cause the kernel to crash. - CVE-2005-1265 Chris Wright discovered that the mmap() function could create illegal memory maps that could be exploited by a local user to crash the kernel or potentially execute arbitrary code. - CVE-2005-1761 A vulnerability on the IA-64 architecture can lead local attackers to overwrite kernel memory and crash the kernel. - CVE-2005-1762 A vulnerability has been discovered in the ptrace() system call on the amd64 architecture that allows a local attacker to cause the kernel to crash. - CVE-2005-1763 A buffer overflow in the ptrace system call for 64-bit architectures allows local users to write bytes into arbitrary kernel memory. - CVE-2005-1765 Zou Nan Hai has discovered that a local user could cause the kernel to hang on the amd64 architecture after invoking syscall() with specially crafted arguments. - CVE-2005-1767 A vulnerability has been discovered in the stack segment fault handler that could allow a local attacker to cause a stack exception that will lead the kernel to crash under certain circumstances. - CVE-2005-2456 Balazs Scheidler discovered that a local attacker could call setsockopt() with an invalid xfrm_user policy message which would cause the kernel to write beyond the boundaries of an array and crash. - CVE-2005-2458 Vladimir Volovich discovered a bug in the zlib routines which are also present in the Linux kernel and allows remote attackers to crash the kernel. - CVE-2005-2459 Another vulnerability has been discovered in the zlib routines which are also present in the Linux kernel and allows remote attackers to crash the kernel. - CVE-2005-2548 Peter Sandstrom noticed that snmpwalk from a remote host could cause a denial of service (kernel oops from null dereference) via certain UDP packets that lead to a function call with the wrong argument. - CVE-2005-2801 Andreas Gruenbacher discovered a bug in the ext2 and ext3 file systems. When data areas are to be shared among two inodes not all information were compared for equality, which could expose wrong ACLs for files. - CVE-2005-2872 Chad Walstrom discovered that the ipt_recent kernel module on 64-bit processors such as AMD64 allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force. - CVE-2005-3105 The mprotect code on Itanium IA-64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections. - CVE-2005-3106 A race condition in the thread management may allow local users to cause a denial of service (deadlock) when threads are sharing memory and waiting for a thread that has just performed an exec. - CVE-2005-3107 When one thread is tracing another thread that shares the same memory map a local user could cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state. - CVE-2005-3108 A bug in the ioremap() system call has been discovered on the amd64 architecture that could allow local users to cause a denial of service or an information leak when performing a lookup of a non-existent memory page. - CVE-2005-3109 The HFS and HFS+ (hfsplus) modules allow local attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus. - CVE-2005-3110 A race condition in the ebtables netfilter module on an SMP system running under high load may allow remote attackers to cause a denial of service (crash). - CVE-2005-3271 Roland McGrath discovered that exec() does not properly clear posix-timers in multi-threaded environments, which results in a resource leak and could allow a large number of multiple local users to cause a denial of service by using more posix-timers than specified by the quota for a single user. - CVE-2005-3272 The kernel allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets. - CVE-2005-3273 The ioctl for the packet radio ROSE protocol does not properly verify the arguments when setting a new router, which allows attackers to trigger out-of-bounds errors. - CVE-2005-3274 A race condition on SMP systems allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. - CVE-2005-3275 An error in the NAT code allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption. - CVE-2005-3276 A missing memory cleanup in the thread handling routines before copying data into userspace allows a user process to obtain sensitive information. This update also contains a number of corrections for issues that turned out to have no security implication afterwards.
    last seen2020-06-01
    modified2020-06-02
    plugin id22788
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22788
    titleDebian DSA-922-1 : kernel-source-2.6.8 - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_050.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:050 (kernel). The Linux kernel was updated to fix the following security issues: - CVE-2005-2457: A problem in decompression of files on
    last seen2019-10-28
    modified2005-10-05
    plugin id19929
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19929
    titleSUSE-SA:2005:050: kernel

Oval

accepted2013-04-29T04:08:44.562-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptioninflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables".
familyunix
idoval:org.mitre.oval:def:10785
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleinflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables".
version26

Redhat

advisories
  • rhsa
    idRHSA-2006:0101
  • rhsa
    idRHSA-2006:0144
  • rhsa
    idRHSA-2006:0190
  • rhsa
    idRHSA-2006:0191
rpms
  • kernel-0:2.6.9-22.0.2.EL
  • kernel-debuginfo-0:2.6.9-22.0.2.EL
  • kernel-devel-0:2.6.9-22.0.2.EL
  • kernel-doc-0:2.6.9-22.0.2.EL
  • kernel-hugemem-0:2.6.9-22.0.2.EL
  • kernel-hugemem-devel-0:2.6.9-22.0.2.EL
  • kernel-smp-0:2.6.9-22.0.2.EL
  • kernel-smp-devel-0:2.6.9-22.0.2.EL
  • kernel-0:2.4.21-40.EL
  • kernel-BOOT-0:2.4.21-40.EL
  • kernel-debuginfo-0:2.4.21-40.EL
  • kernel-doc-0:2.4.21-40.EL
  • kernel-hugemem-0:2.4.21-40.EL
  • kernel-hugemem-unsupported-0:2.4.21-40.EL
  • kernel-smp-0:2.4.21-40.EL
  • kernel-smp-unsupported-0:2.4.21-40.EL
  • kernel-source-0:2.4.21-40.EL
  • kernel-unsupported-0:2.4.21-40.EL

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 14719 CVE(CAN) ID: CAN-2005-2458 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的zlib例程的inflate.c中存在漏洞。如果用户打开了特制的压缩文件的话,就可能导致kernel崩溃。 Linux kernel &lt; 2.6.12.5 Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: * Linux linux-2.6.12.5.tar.gz <a href=http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.12.5.tar.gz target=_blank>http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.12.5.tar.gz</a> RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2006:0101-01)以及相应补丁: RHSA-2006:0101-01:Important: kernel security update 链接:<a href=http://lwn.net/Alerts/168077/?format=printable target=_blank>http://lwn.net/Alerts/168077/?format=printable</a> S.u.S.E. -------- S.u.S.E.已经为此发布了一个安全公告(SUSE-SA:2005:050)以及相应补丁: SUSE-SA:2005:050:kernel multiple security problems 链接:<a href=http://www.novell.com/linux/security/advisories/2005_50_kernel.html target=_blank>http://www.novell.com/linux/security/advisories/2005_50_kernel.html</a>
idSSV:4216
last seen2017-11-19
modified2006-08-17
published2006-08-17
reporterRoot
titleLinux Kernel ZLib无效内存访问本地拒绝服务漏洞