Multiple vulnerabilities - kernel, openssh

2006.01.30
Credit: Trustix Security Advisor
Risk: Medium
Local: Yes
Remote: Yes
CVE: CVE-2006-0035 | CVE-2006-0036 | CVE-2006-0037 | CVE-2006-0095
CWE: N/A

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- Trustix Secure Linux Security Advisory #2006-0004 Package names: kernel, openssh Summary: Multiple vulnerabilities Date: 2006-01-27 Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2 - ------------------------------------------------------------------------ -- Package description: kernel The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. openssh Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. Problem description: kernel < TSL 3.0 > - SECURITY Fix: Missing validation of the "nlmsg_len" value in "netlink_rcv_skb()" can cause an infinite loop which can be exploited by local users to cause a DoS by setting the value to 0. - An error in the PPTP NAT helper in the handling of inbound PPTP_IN_CALL_REQUEST packets can cause an error in offset calculation. This can be exploited to cause random memory corruption and can crash the kernel. - ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows local users to cause a denial of service via a crafted outbound packet that causes an incorrect offset to be calculated from pointer arithmetic when non-linear SKBs (socket buffers) are used. - Stefan Rompf has reported a vulnerability caused due to the "dm-crypt" driver failing to clear memory before freeing it. This can be exploited by local users to obtain sensitive information. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-0035, CVE-2006-0036, CVE-2006-0037 and CVE-2006-0095 to these issues. openssh < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the "system()" function in scp when performing copy operations using filenames that are supplied by the user from the command line. This can be exploited to execute shell commands with privileges of the user running scp. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-0225 to this issue. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from <URI:http://http.trustix.org/pub/trustix/updates/> <URI:ftp://ftp.trustix.org/pub/trustix/updates/> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: <URI:http://www.trustix.org/support/> Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.org/TSL-SIGN-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.org/errata/trustix-2.2/> and <URI:http://www.trustix.org/errata/trustix-3.0/> or directly at <URI:http://www.trustix.org/errata/2006/0004/> MD5sums of the packages: - ------------------------------------------------------------------------ -- 027cea1f2f987f710fe2680337a4774f 3.0/rpms/kernel-2.6.15.1-1tr.i586.rpm 9f6cc359c94b874a8160b2744fb6d510 3.0/rpms/kernel-doc-2.6.15.1-1tr.i586.rpm f6c272fadee97f280adee5f9a00576b0 3.0/rpms/kernel-headers-2.6.15.1-1tr.i586.rpm 31150a8b714720f20e290dccec845826 3.0/rpms/kernel-smp-2.6.15.1-1tr.i586.rpm fce9c0bf230300cec808aea31ff7f718 3.0/rpms/kernel-smp-headers-2.6.15.1-1tr.i586.rpm cf6368abb17f22b64826d00bd8336cf5 3.0/rpms/kernel-source-2.6.15.1-1tr.i586.rpm 0608ad6bd8e97ddadd0b501206a11d20 3.0/rpms/kernel-utils-2.6.15.1-1tr.i586.rpm ab20e49ff562fa8accc40ecbf13e7799 3.0/rpms/openssh-4.2p1-2tr.i586.rpm ade6e066afe6e83bd99975bfa252f608 3.0/rpms/openssh-clients-4.2p1-2tr.i586.rpm 7290bb4c93f08314b72b589e6ed3b0b3 3.0/rpms/openssh-server-4.2p1-2tr.i586.rpm 934477d687fb6cb48b78fceb87e187e2 3.0/rpms/openssh-server-config-4.2p1-2tr.i586.rpm 3bfc8e25184b964391c8c71ad95b2778 2.2/rpms/openssh-4.2p1-2tr.i586.rpm 8a3a8e810c8121ac10846922e0bffe6a 2.2/rpms/openssh-clients-4.2p1-2tr.i586.rpm 33c754e2048bb85822145c2063f63463 2.2/rpms/openssh-server-4.2p1-2tr.i586.rpm 0abb95f1c3c13c491e0233ae6f3a9944 2.2/rpms/openssh-server-config-4.2p1-2tr.i586.rpm - ------------------------------------------------------------------------ -- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD3gWOi8CEzsK9IksRAqoNAJ0VcXv/vxjGrn/uCznt7fVZcwLhYwCfUGQY rnBSdrj/JGMGe6Y7iUrf3GQ= =UQBl -----END PGP SIGNATURE-----


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top