Linux kernel ISO9660 filesystem

kernel-iso9660-filesystem (19741)

Low Risk

Description:

Linux kernel is vulnerable to unspecified vulnerabilities in the ISO9660 filesystem handler, including the Rock Ridge and Juliet extensions. A remote attacker could send a specially-crafted filesystem to cause a denial of service or execute arbitrary code on the system.

Platforms Affected:

• Canonical, Ubuntu 4.10
• Linux, Kernel 2.6.0 test8
• Linux, Kernel 2.6.0 test6
• Linux, Kernel 2.6.0 test5
• Linux, Kernel 2.6.0 test4
• Linux, Kernel 2.6.0 test9
• Linux, Kernel 2.6.0 test2
• Linux, Kernel 2.6.0 test11
• Linux, Kernel 2.6.0 test10
• Linux, Kernel 2.6.0 test1
• Linux, Kernel 2.6.0
• Linux, Kernel 2.6.0 test7
• Linux, Kernel 2.6.0 test3
• Linux, Kernel 2.6.1
• Linux, Kernel 2.6.1 rc2
• Linux, Kernel 2.6.1 rc3
• Linux, Kernel 2.6.1 rc1
• Linux, Kernel 2.6.10 rc2
• Linux, Kernel 2.6.10 rc3
• Linux, Kernel 2.6.10 rc1
• Linux, Kernel 2.6.10
• Linux, Kernel 2.6.11 rc5
• Linux, Kernel 2.6.11 rc1
• Linux, Kernel 2.6.11
• Linux, Kernel 2.6.11 rc3
• Linux, Kernel 2.6.11 rc4
• Linux, Kernel 2.6.11 rc2
• Linux, Kernel 2.6.11.1
• Linux, Kernel 2.6.11.10
• Linux, Kernel 2.6.11.11
• Linux, Kernel 2.6.11.12
• Linux, Kernel 2.6.11.2
• Linux, Kernel 2.6.11.3
• Linux, Kernel 2.6.11.4
• Linux, Kernel 2.6.11.5
• Linux, Kernel 2.6.11.6
• Linux, Kernel 2.6.11.7
• Linux, Kernel 2.6.11.8
• Linux, Kernel 2.6.11.9
• Linux, Kernel 2.6.2 rc2
• Linux, Kernel 2.6.2
• Linux, Kernel 2.6.2 rc1
• Linux, Kernel 2.6.2 rc3
• Linux, Kernel 2.6.3 rc4
• Linux, Kernel 2.6.3 rc3
• Linux, Kernel 2.6.3 rc2
• Linux, Kernel 2.6.3
• Linux, Kernel 2.6.3 rc1
• Linux, Kernel 2.6.4 rc3
• Linux, Kernel 2.6.4 rc2
• Linux, Kernel 2.6.4 rc1
• Linux, Kernel 2.6.4
• Linux, Kernel 2.6.5 rc1
• Linux, Kernel 2.6.5
• Linux, Kernel 2.6.5 rc3
• Linux, Kernel 2.6.5 rc2
• Linux, Kernel 2.6.6
• Linux, Kernel 2.6.6 rc1
• Linux, Kernel 2.6.6 rc2
• Linux, Kernel 2.6.6 rc3
• Linux, Kernel 2.6.7 rc2
• Linux, Kernel 2.6.7 rc1
• Linux, Kernel 2.6.7 rc3
• Linux, Kernel 2.6.7
• Linux, Kernel 2.6.8 rc2
• Linux, Kernel 2.6.8 rc4
• Linux, Kernel 2.6.8 rc3
• Linux, Kernel 2.6.8 rc1
• Linux, Kernel 2.6.8
• Linux, Kernel 2.6.8.1
• Linux, Kernel 2.6.9
• Linux, Kernel 2.6.9 rc4
• Linux, Kernel 2.6.9 rc3
• Linux, Kernel 2.6.9 rc2
• Linux, Kernel 2.6.9 rc1
• MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 3.0
• MandrakeSoft, Mandrake Multi Network Firewall 2.0
• RedHat, Enterprise Linux 2.1 AS
• RedHat, Enterprise Linux 2.1 ES
• RedHat, Enterprise Linux 2.1 WS
• RedHat, Enterprise Linux 3 Desktop
• RedHat, Enterprise Linux 3 WS
• RedHat, Enterprise Linux 3 ES
• RedHat, Enterprise Linux 3 AS
• RedHat, Enterprise Linux 4 AS
• RedHat, Enterprise Linux 4 Desktop
• RedHat, Enterprise Linux 4 WS
• RedHat, Enterprise Linux 4 ES
• RedHat, Linux Advanced Workstation 2.1 Itanium

Remedy:

Upgrade to the latest version of Linux Kernel (2.6.12-rc1 or later), The Linux Kernel Archives Web page. See References.

For Red Hat Linux:
Refer to RHSA-2005:366-21, RHSA-2005:663-19, RHSA-2006:0190-5, or RHSA-2006:0191-9 for patch, upgrade, or suggested workaround information. See References.

For Ubuntu Linux:
Refer to USN-103-1 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Denial of Service

References:

• CIAC INFORMATION BULLETIN P-188, Security Vulnerabilities Addressed in Red Hat Kernel Update at http://www.ciac.org/ciac/bulletins/p-188.shtml.
• The Linux Kernel Archives Web site, The Linux Kernel Archives at http://kernel.org/.
• The Linux Kernel Archives Web site, Summary of changes from v2.6.11 to v2.6.12-rc1 at http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1.
• BID-12837: Linux Kernel Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities
• CVE-2005-0815: Multiple range checking flaws in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.
• MDKSA-2006:072: Updated kernel packages fix multiple vulnerabilities
• RHSA-2005-366: kernel security update
• RHSA-2005-663: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 6
• RHSA-2006-0190: kernel security update
• RHSA-2006-0191: kernel security update
• USN-103-1: Linux kernel vulnerabilities

Reported:

Mar 18, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page