User login
Qlustar: Install and enjoy!

[QSA - 0430131] Linux kernel vulnerability

Qlustar Security Advisory 0430131

April 30, 2013


Summary:

The system could be made to run programs as an administrator.


Package(s)       : linux-image-ql-server, linux-image-ql-beowulf
Affected versions: All versions prior to this update
Vulnerability    : privilege escalation/denial of service
Problem type     : local
Qlustar-specific : no
CVE Id(s)        : CVE-2012-6537, CVE-2012-6539, CVE-2012-6540,
    CVE-2013-0914, CVE-2013-1767, CVE-2013-1792, CVE-2012-6542,
    CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548,
    CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2012-6537

Mathias Krause discovered several errors in the Linux kernel's xfrm_user implementation. A local attacker could exploit these flaws to examine parts of kernel memory.

CVE-2012-6539

Mathias Krause discovered information leak in the Linux kernel's compat ioctl interface. A local user could exploit the flaw to examine parts of kernel stack memory.

CVE-2012-6540

Mathias Krause discovered an information leak in the Linux kernel's getsockopt for IP_VS_SO_GET_TIMEOUT. A local user could exploit this flaw to examine parts of kernel stack memory.

CVE-2013-0914

Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR).

CVE-2013-1767

A memory use after free error was discover in the Linux kernel's tmpfs filesystem. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash).

CVE-2013-1792

Mateusz Guzik discovered a race in the Linux kernel's keyring. A local user could exploit this flaw to cause a denial of service (system crash).

CVE-2012-6542

Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory.

CVE-2012-6544

Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory.

CVE-2012-6545

Mathias Krause discovered information leaks in the Linux kernel's Bluetooth RFCOMM protocol implementation. A local user could exploit these flaws to examine parts of kernel memory.

CVE-2012-6546

Mathias Krause discovered information leaks in the Linux kernel's Asynchronous Transfer Mode (ATM) networking stack. A local user could exploit these flaws to examine some parts of kernel memory.

CVE-2012-6548

Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory.

CVE-2013-0228

Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's XEN virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege.

CVE-2013-0349

An information leak was discovered in the Linux kernel's Bluetooth stack when HIDP (Human Interface Device Protocol) support is enabled. A local unprivileged user could exploit this flaw to cause an information leak from the kernel.

CVE-2013-1774

A flaw was discovered in the Edgeort USB serial converter driver when the device is disconnected while it is in use. A local user could exploit this flaw to cause a denial of service (system crash).

CVE-2013-1796

Andrew Honig discovered a flaw in guest OS time updates in the Linux kernel's KVM (Kernel-based Virtual Machine). A privileged guest user could exploit this flaw to cause a denial of service (crash host system) or potential escalate privilege to the host kernel level.

Update instructions:

The problem can be corrected by updating your system to the following package versions (follow the Qlustar Update Guide):

linux-image-ql-server                      2.6.32.60-ql-server-67
qlustar-module-core-precise-amd64-8.0.2    8.0.2-b422f813
glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587p08