Debian Security Advisory

DSA-1428-2 linux-2.6 -- several vulnerabilities

Date Reported:
11 Dec 2007
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2007-3104, CVE-2007-4997, CVE-2007-5500, CVE-2007-5904.
More information:

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

This is an update to DSA 1428-1 which omitted a reference to CVE-2007-5904.

  • CVE-2007-3104

    Eric Sandeen provided a backport of Tejun Heo's fix for a local denial of service vulnerability in sysfs. Under memory pressure, a dentry structure maybe reclaimed resulting in a bad pointer dereference causing an oops during a readdir.

  • CVE-2007-4997

    Chris Evans discovered an issue with certain drivers that make use of the Linux kernel's ieee80211 layer. A remote user could generate a malicious 802.11 frame that could result in a denial of service (crash). The ipw2100 driver is known to be affected by this issue, while the ipw2200 is believed not to be.

  • CVE-2007-5500

    Scott James Remnant diagnosed a coding error in the implementation of ptrace which could be used by a local user to cause the kernel to enter an infinite loop.

  • CVE-2007-5904

    Przemyslaw Wegrzyn discovered an issue in the CIFS filesystem that could allow a malicious server to cause a denial of service (crash) by overflowing a buffer.

These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch5.

The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update:

  Debian 4.0 (etch)
fai-kernels 1.17+etch.13etch5
user-mode-linux 2.6.18-1um-2etch.13etch5

We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Architecture-independent component:
Intel IA-32:
Intel IA-64:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.