SB2008050202 - Resource management errors in Linux kernel
Published: May 2, 2008
Security Bulletin ID
SB2008050202
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management errors (CVE-ID: CVE-2008-1675)
The vulnerability allows a local user to execute arbitrary code.
The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.
Remediation
Install update from vendor's website.
References
- http://marc.info/?l=linux-kernel&m=120949204519706&w=2
- http://marc.info/?l=linux-kernel&m=120949204619718&w=2
- http://marc.info/?l=linux-kernel&m=120949582428998&w=2
- http://secunia.com/advisories/30017
- http://secunia.com/advisories/30044
- http://secunia.com/advisories/30260
- http://secunia.com/advisories/30515
- http://wiki.rpath.com/Advisories:rPSA-2008-0157
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:109
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
- http://www.securityfocus.com/archive/1/491566/100/0/threaded
- http://www.securityfocus.com/archive/1/491732/100/0/threaded
- http://www.securityfocus.com/bid/29014
- http://www.securitytracker.com/id?1019960
- http://www.vupen.com/english/advisories/2008/1406/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42132
- https://issues.rpath.com/browse/RPL-2501
- https://usn.ubuntu.com/614-1/
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html