|
Debian update for kernel (PowerPC)
|
|
Secunia Advisory:
|
SA8989
|
|
|
Release Date:
|
2003-06-10
|
|
Popularity:
|
7,147 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Privilege escalation
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Debian GNU/Linux 3.0
Debian GNU/Linux unstable alias sid
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
| | CVE reference: | CVE-2003-0001
CVE-2003-0127
CVE-2003-0244
CVE-2003-0246
CVE-2003-0247
CVE-2003-0248
CVE-2003-0364
|
|
Description:
Debian has issued updated packages for the kernel. These fix multiple vulnerabilities, which are listed below.
1) Many ethernet NIC (Network Interface Card) device drivers pad frames with content from previous packets or kernel memory instead of using NULL-bytes. This may be exploited by malicious people to obtain potentially sensitive information by sending specially crafted packets to a vulnerable system.
2) An error in ptrace can be exploited by malicious, local users to escalate their privileges to "root" on a vulnerable system.
3) An error in the way that the Linux Kernel handles caching of routing information can be exploited by malicious people to cause a DoS (Denial of Service) on a vulnerable system.
4) An error in the "ioperm" system call can allow unprivileged, local users to gain read and write access to I/O ports in the I/O address range 0x000-0x3FF (0-1023) on a system, which includes access to serial ports, parallel port, diskette drive controller, graphics controller, and keyboard.
5) An unspecified error in the TTY layer allows malicious people to cause a DoS.
6) An error in the "mxcsr" code allows manipulation of CPU state registers.
7) An error in the TCP/IP fragment reassembly handling, which allows malicious people to cause many hash table collisions leading to a DoS.
For more information:
http://secunia.com/advisories/8337/
http://secunia.com/advisories/8786/
http://secunia.com/advisories/8823/
http://secunia.com/advisories/8936/
Solution:
Debian has released updated packages for the powerpc architecture.
-- Debian GNU/Linux 3.0 alias woody --
Source archives:
http://security.debian.org/pool/updat...tch-2.4.18-powerpc_2.4.18-1woody1.dsc
Size/MD5 checksum: 713 5e68ebec8c5964802d1c408dbb62d910
http://security.debian.org/pool/updat...-2.4.18-powerpc_2.4.18-1woody1.tar.gz
Size/MD5 checksum: 79339 bfb459f978ac40898f8e10d5e302873d
Architecture independent components:
http://security.debian.org/pool/updat...2.4.18-powerpc_2.4.18-1woody1_all.deb
Size/MD5 checksum: 78796 63903e7035ddc4c3c054d18c485aa54f
PowerPC architecture:
http://security.debian.org/pool/updat...ers-2.4.18_2.4.18-1woody1_powerpc.deb
Size/MD5 checksum: 3415000 6aeb5eab8171baf83cb8e81a30c9397f
http://security.debian.org/pool/updat...18-newpmac_2.4.18-1woody1_powerpc.deb
Size/MD5 checksum: 9450540 b66d57ddaa4d7dffe99024250935cee2
http://security.debian.org/pool/updat...18-powerpc_2.4.18-1woody1_powerpc.deb
Size/MD5 checksum: 10134844 b5e105cc2087c65889ea83eb29fd91ae
http://security.debian.org/pool/updat...owerpc-smp_2.4.18-1woody1_powerpc.deb
Size/MD5 checksum: 10379272 6829c60296a049950d79ddd0a488f8d4
-- Debian GNU/Linux unstable alias sid --
Fixed in version 2.4.20-2.
Original Advisory:
http://www.debian.org/security/2003/dsa-312
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
2nd Dec, 2008
|
New advisories:
|
14 |
|
New vulnerabilities:
|
21 |
|
Updated advisories:
|
26 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
