Linux Kernel ELF File Entry Point Denial of Service Vulnerability
BID:16925
Info
Linux Kernel ELF File Entry Point Denial of Service Vulnerability
| Bugtraq ID: | 16925 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2006-0741 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 02 2006 12:00AM |
| Updated: | Jan 29 2007 11:30PM |
| Credit: | Announced by the vendor. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 SuSE SUSE Linux Enterprise Server 8 SuSE Linux Enterprise Server 9 S.u.S.E. UnitedLinux 1.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 Redhat Fedora Core4 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Desktop 4.0 Redhat Desktop 3.0 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Linux kernel 2.6.15 .4 Linux kernel 2.6.15 .3 Linux kernel 2.6.15 .2 Linux kernel 2.6.15 .1 Linux kernel 2.6.15 -rc3 Linux kernel 2.6.15 -rc2 Linux kernel 2.6.15 -rc1 Linux kernel 2.6.15 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8710 CM 3.1 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8700 CM 3.1 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8500 CM 3.1 Avaya S8500 0 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0 Avaya S8300 CM 3.1 |
| Not Vulnerable: | |
Discussion
Linux Kernel ELF File Entry Point Denial of Service Vulnerability
Linux kernel is prone to a denial-of-service vulnerability when processing a malformed ELF file. This issue occurs only on Intel EM64T processors.
Linux kernel versions prior to 2.6.15.5 are affected by this issue.
Linux kernel is prone to a denial-of-service vulnerability when processing a malformed ELF file. This issue occurs only on Intel EM64T processors.
Linux kernel versions prior to 2.6.15.5 are affected by this issue.
Exploit / POC
Linux Kernel ELF File Entry Point Denial of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Linux Kernel ELF File Entry Point Denial of Service Vulnerability
Solution:
The vendor has released version 2.6.15.5 to address this and other issues.
Please see the referenced advisories for more information.
Linux kernel 2.6.15
Linux kernel 2.6.15 -rc1
Linux kernel 2.6.15 -rc3
Linux kernel 2.6.15 .2
Linux kernel 2.6.15 .1
Linux kernel 2.6.15 .3
Linux kernel 2.6.15 -rc2
Solution:
The vendor has released version 2.6.15.5 to address this and other issues.
Please see the referenced advisories for more information.
Linux kernel 2.6.15
-
Linux patch-2.6.15.5.bz2
http://www.kernel.org/pub/linux/kernel/v2.6/patch-2.6.15.5.bz2
Linux kernel 2.6.15 -rc1
-
Linux patch-2.6.15.5.bz2
http://www.kernel.org/pub/linux/kernel/v2.6/patch-2.6.15.5.bz2
Linux kernel 2.6.15 -rc3
-
Linux patch-2.6.15.5.bz2
http://www.kernel.org/pub/linux/kernel/v2.6/patch-2.6.15.5.bz2
Linux kernel 2.6.15 .2
-
Linux patch-2.6.15.5.bz2
http://www.kernel.org/pub/linux/kernel/v2.6/patch-2.6.15.5.bz2
Linux kernel 2.6.15 .1
-
Linux patch-2.6.15.5.bz2
http://www.kernel.org/pub/linux/kernel/v2.6/patch-2.6.15.5.bz2
Linux kernel 2.6.15 .3
-
Linux patch-2.6.15.5.bz2
http://www.kernel.org/pub/linux/kernel/v2.6/patch-2.6.15.5.bz2
Linux kernel 2.6.15 -rc2
-
Linux patch-2.6.15.5.bz2
http://www.kernel.org/pub/linux/kernel/v2.6/patch-2.6.15.5.bz2
References
Linux Kernel ELF File Entry Point Denial of Service Vulnerability
References:
References:
- ASA-2006-161 - kernel security update (RHSA-2006-0493) (Avaya)
- ASA-2006-180 - Updated kernel packages for Red Hat Enterprise Linux 3 Update 8 ( (Avaya)
- ChangeLog-2.6.15.5 (kernel.org)
- RHSA-2006:0437-22 - Updated kernel packages for Red Hat Enterprise Linux 3 Updat (Red Hat)
- USN-263-1 - linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities (Ubuntu)