Linux kernel Vicam USB driver denial of service
| linux-vicam-dos (15246) |
Description:
Linux kernel is vulnerable to a denial of service. The copy_from_user() function is not used to access userspace, which crosses security boundaries. A local attacker could exploit this vulnerability to possibly cause a denial of service.
Platforms Affected:
- Canonical, Ubuntu 4.10
- Conectiva, Linux 8.0
- Conectiva, Linux 9.0
- Linux, Kernel 2.4.0 test11
- Linux, Kernel 2.4.0 test12
- Linux, Kernel 2.4.0 test2
- Linux, Kernel 2.4.0 test3
- Linux, Kernel 2.4.0 test4
- Linux, Kernel 2.4.0 test5
- Linux, Kernel 2.4.0 test10
- Linux, Kernel 2.4.0 test1
- Linux, Kernel 2.4.0
- Linux, Kernel 2.4.0 test6
- Linux, Kernel 2.4.0 test9
- Linux, Kernel 2.4.0 test8
- Linux, Kernel 2.4.0 test7
- Linux, Kernel 2.4.1
- Linux, Kernel 2.4.10
- Linux, Kernel 2.4.11
- Linux, Kernel 2.4.12
- Linux, Kernel 2.4.13
- Linux, Kernel 2.4.14
- Linux, Kernel 2.4.15
- Linux, Kernel 2.4.16
- Linux, Kernel 2.4.17
- Linux, Kernel 2.4.18
- Linux, Kernel 2.4.18 pre1
- Linux, Kernel 2.4.18 pre2
- Linux, Kernel 2.4.18 pre3
- Linux, Kernel 2.4.18 pre4
- Linux, Kernel 2.4.18 pre5
- Linux, Kernel 2.4.18 pre6
- Linux, Kernel 2.4.18 pre7
- Linux, Kernel 2.4.18 pre8
- Linux, Kernel 2.4.18 x86
- Linux, Kernel 2.4.19 pre1
- Linux, Kernel 2.4.19 pre2
- Linux, Kernel 2.4.19
- Linux, Kernel 2.4.19 pre3
- Linux, Kernel 2.4.19 pre6
- Linux, Kernel 2.4.19 pre4
- Linux, Kernel 2.4.19 pre5
- Linux, Kernel 2.4.2
- Linux, Kernel 2.4.20
- Linux, Kernel 2.4.21 pre1
- Linux, Kernel 2.4.21 pre4
- Linux, Kernel 2.4.21
- Linux, Kernel 2.4.21 pre7
- Linux, Kernel 2.4.22
- Linux, Kernel 2.4.23 ow2
- Linux, Kernel 2.4.23 pre9
- Linux, Kernel 2.4.23
- Linux, Kernel 2.4.24
- Linux, Kernel 2.4.24 ow1
- Linux, Kernel 2.4.3
- Linux, Kernel 2.4.4
- Linux, Kernel 2.4.5
- Linux, Kernel 2.4.6
- Linux, Kernel 2.4.7
- Linux, Kernel 2.4.8
- Linux, Kernel 2.4.9
- MandrakeSoft, Mandrake Linux 9.0
- MandrakeSoft, Mandrake Linux 9.1
- MandrakeSoft, Mandrake Linux 9.1 PPC
- MandrakeSoft, Mandrake Linux 9.2
- MandrakeSoft, Mandrake Linux 9.2 AMD64
- MandrakeSoft, Mandrake Linux Corporate Server 2.1
- MandrakeSoft, Mandrake Linux Corporate Server 2.1 X86_64
- MandrakeSoft, Mandrake Multi Network Firewall 8.2
- RedHat, Enterprise Linux 3 AS
- RedHat, Enterprise Linux 3 WS
- RedHat, Enterprise Linux 3 ES
- RedHat, Enterprise Linux 3 Desktop
- RedHat, Linux 9.0
- SuSE, SuSE eMail Server 3.1
- SuSE, SuSE eMail Server III
- SuSE, SuSE Linux 8.0
- SuSE, SuSE Linux 8.1
- SuSE, SuSE Linux 8.2
- SuSE, SuSE Linux 9.0
- SuSE, SuSE Linux Connectivity Server
- SuSE, SuSE Linux Database Server
- SuSE, SuSE Linux Enterprise Server 7.0
- SuSE, SuSE Linux Enterprise Server 8.0
- SuSE, SuSE Linux Firewall
- SuSE, SuSE Linux Office Server
Remedy:
For Linux Kernel 2.4.x:
Upgrade to the latest version of Linux kernel (2.4.25 or later), available from the Linux Kernel Web site. See References.
For Red Hat Linux 9:
Upgrade to the latest kernel package (2.4.20-30.9 or later), as listed in RHSA-2004:065-04. See References.
For Red Hat Linux:
Refer to RHSA-2005:293-16 for patch, upgrade, or suggested workaround information. See References.
For SuSE Linux:
Upgrade to the latest kernel package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2004:005 for more information. See References.
SuSE Linux 9.0 (Intel): 2.4.21-192 or later
SuSE Linux 8.2: 2.4.20-105 or later
SuSE Linux 8.1: 2.4.21-189 or later
SuSE Linux 9.0 (x86_64 Platform): 2.4.21-201 or later
For Mandrake Linux:
Upgrade to the latest kernel package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:015 : kernel for more information. See References.
Mandrake Linux 9.0, Multi Network Firewall 8.2, and Corporate Server 2.1: 2.4.19.38mdk-1-1mdk or later
Mandrake Linux 9.1: 2.4.21.0.28mdk-1-1mdk or later
Mandrake Linux 9.2: 2.4.22.28mdk-1-1mdk or later
For Mandrake Linux:
Upgrade to the latest kernel package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:015-1 : kernel for more information. See References.
Mandrake Linux Corporate Server 2.1: 2.4.19.38mdk-1-1mdk or later
For Conectiva Linux:
Upgrade to the latest kernel package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2004:846 for more information. See References.
Conectiva Linux 8: 2.4.19-1U80_24cl or later
Conectiva Linux 9: 2.4.21-31301U90_18cl or later
For Ubuntu Linux:
Upgrade to the latest linux-image package (2.6.8.1_2.6.8.1-16.10 or later), as listed in USN-60-0 January 14, 2005 for more information. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
Denial of Service
References:
- CIAC Information Bulletin O-082, Red Hat Updated Kernel Packages Resolve Security Vulnerabilities at http://www.ciac.org/ciac/bulletins/o-082.shtml.
- Conectiva Linux Announcement CLSA-2004:846, Fixes for kernel vulnerabilities at http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000846.
- GNU Generation Website, copy_from_user at http://www.gnugeneration.com/mirrors/kernel-api/r4253.html.
- Linux Kernel ChangeLog Web page, Summary of changes from v2.4.25-pre4 to v2.4.25-pre5 at http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.25.
- BID-9690: Linux Kernel Vicam USB Driver Userspace/Kernel Memory Copying Weakness
- CVE-2004-0075: The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.
- MDKSA-2004:015: Updated kernel packages fix multiple vulnerabilities
- MDKSA-2004:015-1: Updated x86_64 kernel packages fix multiple vulnerabilities
- RHSA-2004-017: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 1
- RHSA-2004-065: Updated kernel packages resolve security vulnerabilities
- RHSA-2005-293: kernel security update
- SUSE-SA:2004:005: Linux Kernel: local privilege escalation
Reported:
Feb 18, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net
