Description: Multiple vulnerabilities has been identified in the Linux Kernel.
1) A local user can see the exact character count transmitted over a serial link. This can be exploited to see the length of password and to learn the inter-keystroke timings. This can be seen in "/proc/tty/driver/serial".
3) Normal users could bind to certain UDP ports due to an error in the RPC code.
4) The "execve()" system call stores file descriptors in the file table of the calling process. This allows local users to see restricted file descriptors.
5) Users are able to open entries in "/proc/self". This could cause setuid programs to fail changing ownership and permissions of already opened entries.
6) STP could allow malicious people to alter the bridge topology.
7) STP fails to check the length of data properly. This could lead to a Denial of Service.
8) It is possible to corrupt the forwarding table by sending forged packets (no further details are available).
9+10) Two security issues in the C-Media PCI sound driver result in userspace being accessed insecurely.
Provided and/or discovered by: Paul Starzetz
Jerry Kreuscher
Changelog: 2003-08-26: Red Hat has issued new iptables packages because the kernel update would break compatibility.
2004-02-04: Added CVE references.
2005-01-20: Updated advisory.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
