Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
BID:17084
Info
Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
| Bugtraq ID: | 17084 |
| Class: | Race Condition Error |
| CVE: |
CVE-2006-0457 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 13 2006 12:00AM |
| Updated: | Dec 22 2006 03:52PM |
| Credit: | David Howells <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 SuSE SUSE Linux Enterprise Server 8 SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 S.u.S.E. UnitedLinux 1.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Desktop 4.0 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Linux kernel 2.6.15 .3 Linux kernel 2.6.15 .2 Linux kernel 2.6.15 .1 Linux kernel 2.6.15 -rc3 Linux kernel 2.6.15 -rc2 Linux kernel 2.6.15 -rc1 Linux kernel 2.6.15 Linux kernel 2.6.14 .5 Linux kernel 2.6.14 .4 Linux kernel 2.6.14 .3 Linux kernel 2.6.14 .2 Linux kernel 2.6.14 .1 Linux kernel 2.6.14 -rc4 Linux kernel 2.6.14 -rc3 Linux kernel 2.6.14 -rc2 Linux kernel 2.6.14 -rc1 Linux kernel 2.6.14 Linux kernel 2.6.13 .4 Linux kernel 2.6.13 .3 Linux kernel 2.6.13 .2 Linux kernel 2.6.13 .1 Linux kernel 2.6.13 -rc7 Linux kernel 2.6.13 -rc6 Linux kernel 2.6.13 -rc4 Linux kernel 2.6.13 -rc1 Linux kernel 2.6.13 Linux kernel 2.6.12 .6 Linux kernel 2.6.12 .5 Linux kernel 2.6.12 .4 Linux kernel 2.6.12 .3 Linux kernel 2.6.12 .2 Linux kernel 2.6.12 .1 Linux kernel 2.6.12 -rc5 Linux kernel 2.6.12 -rc4 Linux kernel 2.6.12 -rc1 Linux kernel 2.6.11 .8 Linux kernel 2.6.11 .7 Linux kernel 2.6.11 .6 Linux kernel 2.6.11 .5 Linux kernel 2.6.11 .12 Linux kernel 2.6.11 .11 Linux kernel 2.6.11 -rc4 Linux kernel 2.6.11 -rc3 Linux kernel 2.6.11 -rc2 Linux kernel 2.6.11 Linux kernel 2.6.10 rc2 Linux kernel 2.6.10 Linux kernel 2.6.9 Linux kernel 2.6.8 rc3 Linux kernel 2.6.8 rc2 Linux kernel 2.6.8 rc1 Linux kernel 2.6.8 Linux kernel 2.6.7 rc1 Linux kernel 2.6.7 Linux kernel 2.6.6 rc1 Linux kernel 2.6.6 Linux kernel 2.6.5 Linux kernel 2.6.4 Linux kernel 2.6.3 Linux kernel 2.6.2 Linux kernel 2.6.1 -rc2 Linux kernel 2.6.1 -rc1 Linux kernel 2.6.1 Linux kernel 2.6 .10 Linux kernel 2.6 -test9-CVS Linux kernel 2.6 -test9 Linux kernel 2.6 -test8 Linux kernel 2.6 -test7 Linux kernel 2.6 -test6 Linux kernel 2.6 -test5 Linux kernel 2.6 -test4 Linux kernel 2.6 -test3 Linux kernel 2.6 -test2 Linux kernel 2.6 -test11 Linux kernel 2.6 -test10 Linux kernel 2.6 -test1 Linux kernel 2.6 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8710 CM 3.1 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8700 CM 3.1 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8500 CM 3.1 Avaya S8500 0 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0 Avaya S8300 CM 3.1 Avaya S8300 0 Avaya Messaging Storage Server MM3.0 Avaya Converged Communications Server 2.0 |
| Not Vulnerable: |
Linux kernel 2.6.15 .4 |
Discussion
Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
The Linux kernel is susceptible to a local race-condition vulnerability in its security-key functionality. This issue is due to a race condition that allows attackers to modify an argument of a copy operation after is has been validated, but before it is used.
This vulnerability allows local attackers to crash the kernel, denying service to legitimate users. It may also allow attackers to read portions of kernel memory, and thus gain access to potentially sensitive information. This may aid them in further attacks.
The Linux kernel is susceptible to a local race-condition vulnerability in its security-key functionality. This issue is due to a race condition that allows attackers to modify an argument of a copy operation after is has been validated, but before it is used.
This vulnerability allows local attackers to crash the kernel, denying service to legitimate users. It may also allow attackers to read portions of kernel memory, and thus gain access to potentially sensitive information. This may aid them in further attacks.
Exploit / POC
Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
Solution:
The Linux kernel version 2.6.15.4 has been released to address this issue.
Please see the referenced advisories for more information.
Linux kernel 2.6 -test6
Linux kernel 2.6 -test4
Linux kernel 2.6 -test2
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test7
Linux kernel 2.6 -test9
Linux kernel 2.6 -test10
Linux kernel 2.6 -test11
Linux kernel 2.6
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1
Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 .11
Linux kernel 2.6.11 .7
Linux kernel 2.6.11
Linux kernel 2.6.11 .6
Linux kernel 2.6.11 .12
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.12 .4
Linux kernel 2.6.12 .1
Linux kernel 2.6.12 -rc4
Linux kernel 2.6.12 .2
Linux kernel 2.6.12 -rc1
Linux kernel 2.6.12 .3
Linux kernel 2.6.12 .5
Linux kernel 2.6.13 -rc4
Linux kernel 2.6.13 .3
Linux kernel 2.6.13
Linux kernel 2.6.13 -rc7
Linux kernel 2.6.13 -rc1
Linux kernel 2.6.14 .4
Linux kernel 2.6.14 .1
Linux kernel 2.6.14 .3
Linux kernel 2.6.14 -rc2
Linux kernel 2.6.14 .5
Linux kernel 2.6.14 -rc3
Linux kernel 2.6.15
Linux kernel 2.6.15 -rc1
Linux kernel 2.6.15 -rc3
Linux kernel 2.6.2
Linux kernel 2.6.3
Linux kernel 2.6.4
Linux kernel 2.6.6 rc1
Linux kernel 2.6.6
Linux kernel 2.6.7
Linux kernel 2.6.8 rc2
Linux kernel 2.6.8 rc1
Linux kernel 2.6.9
Solution:
The Linux kernel version 2.6.15.4 has been released to address this issue.
Please see the referenced advisories for more information.
Linux kernel 2.6 -test6
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6 -test4
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6 -test2
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6 -test9-CVS
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6 -test7
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6 -test9
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6 -test10
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6 -test11
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.1 -rc2
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.1
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.10 rc2
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.10
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.11 -rc3
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.11 .11
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.11 .7
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.11
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.11 .6
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.11 .12
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.11 -rc2
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.12 .4
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.12 .1
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.12 -rc4
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.12 .2
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.12 -rc1
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.12 .3
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.12 .5
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.13 -rc4
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.13 .3
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.13
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.13 -rc7
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.13 -rc1
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.14 .4
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.14 .1
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.14 .3
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.14 -rc2
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.14 .5
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.14 -rc3
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.15
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.15 -rc1
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.15 -rc3
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.2
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.3
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.4
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.6 rc1
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.6
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.7
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.8 rc2
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.8 rc1
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
Linux kernel 2.6.9
-
Linux linux-2.6.15.4.tar.bz2
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.4.tar.bz2
References
Linux Kernel Security Key Functions Local Copy_To_User Race Vulnerability
References:
References:
- [PATCH 13/23] Fix keyctl usage of strnlen_user() (Chris Wright)
- ASA-2006-200 - Updated kernel packages available for Red Hat Enterprise Linux 4 (Avaya)
- Linux 2.6.15.4 ChangeLog (Linux Kernel)
- RHSA-2006:0575-22 - Updated kernel packages available for Red Hat Enterprise Lin (Red Hat)
- USN-263-1 - linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities (Ubuntu)