Debian Security Advisory

DSA-1289-1 linux-2.6 -- several vulnerabilities

Date Reported:
13 May 2007
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2007-1496, CVE-2007-1497, CVE-2007-1861.
More information:

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2007-1496

    Michal Miroslaw reported a DoS vulnerability (crash) in netfilter. A remote attacker can cause a NULL pointer dereference in the nfnetlink_log function.

  • CVE-2007-1497

    Patrick McHardy reported an vulnerability in netfilter that may allow attackers to bypass certain firewall rules. The nfctinfo value of reassembled IPv6 packet fragments were incorrectly initialized to 0 which allowed these packets to become tracked as ESTABLISHED.

  • CVE-2007-1861

    Jaco Kroon reported a bug in which NETLINK_FIB_LOOKUP packages were incorrectly routed back to the kernel resulting in an infinite recursion condition. Local users can exploit this behavior to cause a DoS (crash).

For the stable distribution (etch) these problems have been fixed in version 2.6.18.dfsg.1-12etch2.

The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update:

Debian 4.0 (etch)
fai-kernels 1.17+etch2
user-mode-linux 2.6.18-1um-2etch2

We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Architecture-independent component:
Intel IA-32:
Intel IA-64:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.