Linux kernel USB allows elevated privileges
| linux-usb-gain-privileges (16931) |  High Risk |
Description:
Linux kernel could allow a local attacker to gain elevated privileges on the system.
Consequences:
Other
Remedy:
Upgrade to the latest version of Linux Kernel (2.4.27-rc5 or later), available from the Linux Kernel Web site. See References.
For Trustix Secure Linux:
Upgrade to the latest kernel package, as listed below. Refer to Trustix Secure Linux Security Advisory #2004-0041 for more information. See References.
Trustix Secure Linux 2.0: 2.4.27-1tr or later
Trustix Secure Linux 2.1 and Enterprise Linux 2: 2.4.27-1tr or later
Trustix Operating System - Enterprise Server 2: 2.4.27-1tr or later
For Gentoo Linux:
Upgrade to the latest version of kernel, as listed in GLSA 200408-24. See References.
For Red Hat Linux:
Upgrade to the latest kernel package, as listed below. Refer to RHSA-2004:549-10 for more information. See References.
Red Hat Enterprise Linux Desktop and ES, AS, WS (v. 3): 2.4.21-20.0.1.EL or later
For Debian GNU/Linux:
Refer to DSA-1070-1, DSA-1069-1, DSA-1067-1, or DSA-1082-1 for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
References:
- CIAC Information Bulletin P-047: Red Hat Updated Kernel Packages.
- Kernel Web site: Linux: 2.4.27-rc5, File Offset Handling Security Fix.
- Trustix Secure Linux Security Advisory #2004-0041: kernel - New upstream version fixes several issues.
- BID-10892: Linux Kernel USB Driver Uninitialized Structure Information Disclosure Vulnerability
- CVE-2004-0685: Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.
- DSA-1067: kernel-source-2.4.16 -- several vulnerabilities
- DSA-1069: kernel-source-2.4.18 -- several vulnerabilities
- DSA-1070: kernel-source-2.4.19 -- several vulnerabilities
- DSA-1082: kernel-source-2.4.17 -- several vulnerabilities
- GLSA-200408-24: Linux Kernel: Multiple information leaks
- RHSA-2004-504: Updated Itanium kernel packages resolve security issues
- RHSA-2004-505: Updated kernel packages fix security vulnerability
- RHSA-2004-549: kernel security update
- US-CERT VU#981134: Linux kernel USB drivers do not initialize kernel memory properly
Platforms Affected:
- Debian Debian Linux 3.0
- Gentoo Linux
- Linux Kernel 2.2.0
- Linux Kernel 2.2.1
- Linux Kernel 2.2.10
- Linux Kernel 2.2.11
- Linux Kernel 2.2.12
- Linux Kernel 2.2.13
- Linux Kernel 2.2.14
- Linux Kernel 2.2.15 pre20
- Linux Kernel 2.2.15 pre16
- Linux Kernel 2.2.15
- Linux Kernel 2.2.16 pre6
- Linux Kernel 2.2.16
- Linux Kernel 2.2.17
- Linux Kernel 2.2.18
- Linux Kernel 2.2.19
- Linux Kernel 2.2.2
- Linux Kernel 2.2.20
- Linux Kernel 2.2.21
- Linux Kernel 2.2.22
- Linux Kernel 2.2.23
- Linux Kernel 2.2.24
- Linux Kernel 2.2.25
- Linux Kernel 2.2.3
- Linux Kernel 2.2.4
- Linux Kernel 2.2.5
- Linux Kernel 2.2.6
- Linux Kernel 2.2.7
- Linux Kernel 2.2.8
- Linux Kernel 2.2.9
- Linux Kernel 2.3.0
- Linux Kernel 2.3.99 pre2
- Linux Kernel 2.3.99 pre3
- Linux Kernel 2.3.99
- Linux Kernel 2.3.99 pre5
- Linux Kernel 2.3.99 pre4
- Linux Kernel 2.3.99 pre7
- Linux Kernel 2.3.99 pre6
- Linux Kernel 2.3.99 pre1
- Linux Kernel 2.4.0
- Linux Kernel 2.4.0 test1
- Linux Kernel 2.4.0 test10
- Linux Kernel 2.4.0 test11
- Linux Kernel 2.4.0 test12
- Linux Kernel 2.4.0 test2
- Linux Kernel 2.4.0 test3
- Linux Kernel 2.4.0 test4
- Linux Kernel 2.4.0 test5
- Linux Kernel 2.4.0 test6
- Linux Kernel 2.4.0 test7
- Linux Kernel 2.4.0 test8
- Linux Kernel 2.4.0 test9
- Linux Kernel 2.4.1
- Linux Kernel 2.4.10
- Linux Kernel 2.4.11
- Linux Kernel 2.4.12
- Linux Kernel 2.4.13
- Linux Kernel 2.4.14
- Linux Kernel 2.4.15
- Linux Kernel 2.4.16
- Linux Kernel 2.4.17
- Linux Kernel 2.4.18 pre7
- Linux Kernel 2.4.18 pre6
- Linux Kernel 2.4.18 pre5
- Linux Kernel 2.4.18
- Linux Kernel 2.4.18 x86
- Linux Kernel 2.4.18 pre4
- Linux Kernel 2.4.18 pre3
- Linux Kernel 2.4.18 pre2
- Linux Kernel 2.4.18 pre8
- Linux Kernel 2.4.18 pre1
- Linux Kernel 2.4.19 pre5
- Linux Kernel 2.4.19 pre4
- Linux Kernel 2.4.19 pre3
- Linux Kernel 2.4.19 pre2
- Linux Kernel 2.4.19 pre1
- Linux Kernel 2.4.19
- Linux Kernel 2.4.19 pre6
- Linux Kernel 2.4.2
- Linux Kernel 2.4.20
- Linux Kernel 2.4.21 pre4
- Linux Kernel 2.4.21 pre1
- Linux Kernel 2.4.21
- Linux Kernel 2.4.21 pre7
- Linux Kernel 2.4.22
- Linux Kernel 2.4.23
- Linux Kernel 2.4.23 pre9
- Linux Kernel 2.4.23 ow2
- Linux Kernel 2.4.24
- Linux Kernel 2.4.24 ow1
- Linux Kernel 2.4.25
- Linux Kernel 2.4.26
- Linux Kernel 2.4.27 pre1
- Linux Kernel 2.4.27 pre2
- Linux Kernel 2.4.27 pre3
- Linux Kernel 2.4.27 pre4
- Linux Kernel 2.4.27 pre5
- Linux Kernel 2.4.3
- Linux Kernel 2.4.4
- Linux Kernel 2.4.5
- Linux Kernel 2.4.6
- Linux Kernel 2.4.7
- Linux Kernel 2.4.8
- Linux Kernel 2.4.9
- Linux Kernel 2.5.0
- Linux Kernel 2.5.1
- Linux Kernel 2.5.10
- Linux Kernel 2.5.11
- Linux Kernel 2.5.12
- Linux Kernel 2.5.13
- Linux Kernel 2.5.14
- Linux Kernel 2.5.15
- Linux Kernel 2.5.16
- Linux Kernel 2.5.17
- Linux Kernel 2.5.18
- Linux Kernel 2.5.19
- Linux Kernel 2.5.2
- Linux Kernel 2.5.20
- Linux Kernel 2.5.21
- Linux Kernel 2.5.22
- Linux Kernel 2.5.23
- Linux Kernel 2.5.24
- Linux Kernel 2.5.25
- Linux Kernel 2.5.26
- Linux Kernel 2.5.27
- Linux Kernel 2.5.28
- Linux Kernel 2.5.29
- Linux Kernel 2.5.3
- Linux Kernel 2.5.30
- Linux Kernel 2.5.31
- Linux Kernel 2.5.32
- Linux Kernel 2.5.33
- Linux Kernel 2.5.34
- Linux Kernel 2.5.35
- Linux Kernel 2.5.36
- Linux Kernel 2.5.37
- Linux Kernel 2.5.38
- Linux Kernel 2.5.39
- Linux Kernel 2.5.4
- Linux Kernel 2.5.40
- Linux Kernel 2.5.41
- Linux Kernel 2.5.42
- Linux Kernel 2.5.43
- Linux Kernel 2.5.44
- Linux Kernel 2.5.45
- Linux Kernel 2.5.46
- Linux Kernel 2.5.47
- Linux Kernel 2.5.48
- Linux Kernel 2.5.49
- Linux Kernel 2.5.5
- Linux Kernel 2.5.50
- Linux Kernel 2.5.51
- Linux Kernel 2.5.52
- Linux Kernel 2.5.53
- Linux Kernel 2.5.54
- Linux Kernel 2.5.55
- Linux Kernel 2.5.56
- Linux Kernel 2.5.57
- Linux Kernel 2.5.58
- Linux Kernel 2.5.59
- Linux Kernel 2.5.6
- Linux Kernel 2.5.60
- Linux Kernel 2.5.61
- Linux Kernel 2.5.62
- Linux Kernel 2.5.63
- Linux Kernel 2.5.64
- Linux Kernel 2.5.65
- Linux Kernel 2.5.66
- Linux Kernel 2.5.67
- Linux Kernel 2.5.68
- Linux Kernel 2.5.69
- Linux Kernel 2.5.7
- Linux Kernel 2.5.8
- Linux Kernel 2.5.9
- Linux Kernel 2.6.0 test4
- Linux Kernel 2.6.0 test5
- Linux Kernel 2.6.0 test2
- Linux Kernel 2.6.0 test11
- Linux Kernel 2.6.0 test10
- Linux Kernel 2.6.0 test1
- Linux Kernel 2.6.0
- Linux Kernel 2.6.0 test3
- Linux Kernel 2.6.0 test6
- Linux Kernel 2.6.0 test7
- Linux Kernel 2.6.0 test8
- Linux Kernel 2.6.0 test9
- Linux Kernel 2.6.0 test9-cvs
- Linux Kernel 2.6.1 rc1
- Linux Kernel 2.6.1
- Linux Kernel 2.6.1 rc2
- Linux Kernel 2.6.2
- Linux Kernel 2.6.3
- Linux Kernel 2.6.4
- Linux Kernel 2.6.5
- Linux Kernel 2.6.6
- Linux Kernel 2.6.6 rc1
- Linux Kernel 2.6.7
- Linux Kernel 2.6.7 rc1
- Linux Kernel 2.6.8 rc1
- Linux Kernel 2.6.8 rc3
- Linux Kernel 2.6.8 rc2
- RedHat Enterprise Linux 2.1 AS
- RedHat Enterprise Linux 2.1 ES
- RedHat Enterprise Linux 2.1 WS
- RedHat Enterprise Linux 3 Desktop
- RedHat Enterprise Linux 3 AS
- RedHat Enterprise Linux 3 ES
- RedHat Enterprise Linux 3 WS
- RedHat Linux Advanced Workstation 2.1 Itanium
- Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 2.0
- Trustix Secure Linux 2.1
Reported:
Aug 03, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net