Linux Kernel execve() Malformed ELF File Unspecified Local Denial Of Service Vulnerability

Bugtraq ID:	9695
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	No
Local:	Yes
Published:	Feb 18 2004 12:00AM
Updated:	Feb 18 2004 12:00AM
Credit:	Disclosure of this issue was announced in the referenced SuSE advisory.
Vulnerable:	Linux kernel 2.4.24 -ow1 Linux kernel 2.4.24 Linux kernel 2.4.23 -pre9 Linux kernel 2.4.23 -ow2 Linux kernel 2.4.23 + Trustix Secure Linux 2.0 Linux kernel 2.4.22 + Devil-Linux Devil-Linux 1.0.5 + Devil-Linux Devil-Linux 1.0.4 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Redhat Fedora Core1 + Slackware Linux 9.1 Linux kernel 2.4.21 pre7 Linux kernel 2.4.21 pre4 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 Linux kernel 2.4.21 pre1 Linux kernel 2.4.21 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + Redhat Desktop 3.0 + Redhat Enterprise Linux AS 3 + Redhat Enterprise Linux ES 3 + Redhat Enterprise Linux WS 3 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + SuSE SUSE Linux Enterprise Server 8 Linux kernel 2.4.20 + CRUX CRUX Linux 1.0 + Gentoo Linux 1.4 + Gentoo Linux 1.2 + Redhat Linux 9.0 i386 + Slackware Linux 9.0 + WOLK WOLK 4.4 s Linux kernel 2.4.19 -pre6 Linux kernel 2.4.19 -pre5 Linux kernel 2.4.19 -pre4 Linux kernel 2.4.19 -pre3 Linux kernel 2.4.19 -pre2 Linux kernel 2.4.19 -pre1 Linux kernel 2.4.19 + Conectiva Linux Enterprise Edition 1.0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Multi Network Firewall 2.0 + Mandriva Linux Mandrake 9.0 + Slackware Linux -current + SuSE Linux 8.1 + SuSE SUSE Linux Enterprise Server 8 + SuSE SUSE Linux Enterprise Server 7 Linux kernel 2.4.18 pre-8 Linux kernel 2.4.18 pre-7 Linux kernel 2.4.18 pre-6 Linux kernel 2.4.18 pre-5 Linux kernel 2.4.18 pre-4 Linux kernel 2.4.18 pre-3 Linux kernel 2.4.18 pre-2 Linux kernel 2.4.18 pre-1 Linux kernel 2.4.18 x86 + Debian Linux 3.0 ia-32 Linux kernel 2.4.18 + Astaro Security Linux 2.0 23 + Astaro Security Linux 2.0 16 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Mandriva Linux Mandrake 8.2 + Mandriva Linux Mandrake 8.1 + Mandriva Linux Mandrake 8.0 + Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 + Redhat Advanced Workstation for the Itanium Processor 2.1 + Redhat Enterprise Linux AS 2.1 IA64 + Redhat Linux 8.0 + Redhat Linux 7.3 + S.u.S.E. Linux Connectivity Server + S.u.S.E. Linux Database Server 0 + S.u.S.E. Linux Firewall on CD + S.u.S.E. Linux Office Server + S.u.S.E. Linux Personal 8.2 + S.u.S.E. SuSE eMail Server 3.1 + S.u.S.E. SuSE eMail Server III + SuSE Linux 8.1 + SuSE Linux 8.0 + SuSE Linux 7.3 + SuSE Linux 7.2 + SuSE Linux 7.1 + SuSE Linux Openexchange Server + SuSE SUSE Linux Enterprise Server 8 + SuSE SUSE Linux Enterprise Server 7 + Turbolinux Turbolinux Server 8.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 Linux kernel 2.4.17 Linux kernel 2.4.16 + Sun Cobalt RaQ 550 Linux kernel 2.4.15 Linux kernel 2.4.14 Linux kernel 2.4.13 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Workstation 3.1.1 Linux kernel 2.4.12 Linux kernel 2.4.11 Linux kernel 2.4.10 + SuSE Linux 7.3 Linux kernel 2.4.9 + Redhat Enterprise Linux AS 2.1 IA64 + Redhat Enterprise Linux AS 2.1 + Redhat Enterprise Linux ES 2.1 IA64 + Redhat Enterprise Linux ES 2.1 + Redhat Enterprise Linux WS 2.1 IA64 + Redhat Enterprise Linux WS 2.1 + Redhat Linux 7.2 ia64 + Redhat Linux 7.2 i386 + Redhat Linux 7.2 alpha + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha + Sun Linux 5.0.5 + Sun Linux 5.0.3 + Sun Linux 5.0 Linux kernel 2.4.8 + Mandriva Linux Mandrake 8.2 + Mandriva Linux Mandrake 8.1 + Mandriva Linux Mandrake 8.0 Linux kernel 2.4.7 + Redhat Linux 7.2 + SuSE Linux 7.2 + SuSE Linux 7.1 Linux kernel 2.4.6 Linux kernel 2.4.5 + Slackware Linux 8.0 Linux kernel 2.4.4 + SuSE Linux 7.2 Linux kernel 2.4.3 + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 Linux kernel 2.4.2 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha Linux kernel 2.4.1 Linux kernel 2.4 .0-test9 Linux kernel 2.4 .0-test8 Linux kernel 2.4 .0-test7 Linux kernel 2.4 .0-test6 Linux kernel 2.4 .0-test5 Linux kernel 2.4 .0-test4 Linux kernel 2.4 .0-test3 Linux kernel 2.4 .0-test2 Linux kernel 2.4 .0-test12 Linux kernel 2.4 .0-test11 Linux kernel 2.4 .0-test10 Linux kernel 2.4 .0-test1 Linux kernel 2.4
Not Vulnerable:

Linux Kernel execve() Malformed ELF File Unspecified Local Denial Of Service Vulnerability

It has been reported that the linux kernel is prone to a local denial of service vulnerability due to an inability of the exceve() system function to handle exceptional conditions. The immediate consequences of this issue may allow an attacker to cause the Linux kernel to fail, denying service to legitimate users. This issue could be triggered with a malformed ELF (Executable Linking Format) binary.

Linux Kernel execve() Malformed ELF File Unspecified Local Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Linux Kernel execve() Malformed ELF File Unspecified Local Denial Of Service Vulnerability

Solution:
SuSE has released advisory SA:2004:005 dealing with this issue. Please see the referenced advisory for more information.


Linux kernel 2.4.20

• SuSE k_athlon-2.4.20-105.i586.rpm
  Intel i386 Platform
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_athlon-2.4.20-1 05.i586.rpm


• SuSE k_deflt-2.4.20-105.i586.rpm
  Intel i386 Platform
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_deflt-2.4.20-10 5.i586.rpm


• SuSE k_psmp-2.4.20-105.i586.rpm
  Intel i386 Platform
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_psmp-2.4.20-105 .i586.rpm


• SuSE k_smp-2.4.20-105.i586.rpm
  Intel i386 Platform
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/k_smp-2.4.20-105. i586.rpm

Linux kernel 2.4.21

• SuSE k_athlon-2.4.21-189.i586.rpm
  Intel i386 Platform/SuSE 8.1
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_athlon-2.4.21-1 89.i586.rpm


• SuSE k_athlon-2.4.21-192.i586.rpm
  Intel i386 Platform
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_athlon-2.4.21-1 92.i586.rpm


• SuSE k_deflt-2.4.21-189.i586.rpm
  Intel i386 Platform/SuSE 8.1
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_deflt-2.4.21-18 9.i586.rpm


• SuSE k_deflt-2.4.21-192.i586.rpm
  Intel i386 Platform
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_deflt-2.4.21-19 2.i586.rpm


• SuSE k_deflt-2.4.21-201.x86_64.rpm
  x86_64/SuSE 9.0
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_deflt-2.4.2 1-201.x86_64.rpm


• SuSE k_psmp-2.4.21-189.i586.rpm
  Intel i386 Platform/SuSE 8.1
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_psmp-2.4.21-189 .i586.rpm


• SuSE k_smp-2.4.21-189.i586.rpm
  Intel i386 Platform/SuSE 8.1
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/k_smp-2.4.21-189. i586.rpm


• SuSE k_smp-2.4.21-192.i586.rpm
  Intel i386 Platform
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp-2.4.21-192. i586.rpm


• SuSE k_smp-2.4.21-201.x86_64.rpm
  x86_64/SuSE 9.0
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/k_smp-2.4.21- 201.x86_64.rpm


• SuSE k_smp4G-2.4.21-192.i586.rpm
  Intel i386 Platform
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_smp4G-2.4.21-19 2.i586.rpm


• SuSE k_um-2.4.21-192.i586.rpm
  Intel i386 Platform
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/k_um-2.4.21-192.i 586.rpm

Linux Kernel execve() Malformed ELF File Unspecified Local Denial Of Service Vulnerability

References: