Debian Security Advisory

DSA-1183-1 kernel-source-2.4.27 -- several vulnerabilities

Date Reported:
25 Sep 2006
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 18081, BugTraq ID 18101, BugTraq ID 18847, BugTraq ID 19666, BugTraq ID 20087.
In Mitre's CVE dictionary: CVE-2005-4798, CVE-2006-2935, CVE-2006-1528, CVE-2006-2444, CVE-2006-2446, CVE-2006-3745, CVE-2006-4535.
CERT's vulnerabilities, advisories and incident notes: VU#681569.
More information:

Several security related problems have been discovered in the Linux kernel which may lead to a denial of service or even the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2005-4798

    A buffer overflow in NFS readlink handling allows a malicious remote server to cause a denial of service.

  • CVE-2006-2935

    Diego Calleja Garcia discovered a buffer overflow in the DVD handling code that could be exploited by a specially crafted DVD USB storage device to execute arbitrary code.

  • CVE-2006-1528

    A bug in the SCSI driver allows a local user to cause a denial of service.

  • CVE-2006-2444

    Patrick McHardy discovered a bug in the SNMP NAT helper that allows remote attackers to cause a denial of service.

  • CVE-2006-2446

    A race condition in the socket buffer handling allows remote attackers to cause a denial of service.

  • CVE-2006-3745

    Wei Wang discovered a bug in the SCTP implementation that allows local users to cause a denial of service and possibly gain root privileges.

  • CVE-2006-4535

    David Miller reported a problem with the fix for CVE-2006-3745 that allows local users to crash the system via an SCTP socket with a certain SO_LINGER value.

The following matrix explains which kernel version for which architecture fixes the problem mentioned above:

  stable (sarge)
Source 2.4.27-10sarge4
Alpha architecture 2.4.27-10sarge4
ARM architecture 2.4.27-2sarge4
Intel IA-32 architecture 2.4.27-10sarge4
Intel IA-64 architecture 2.4.27-10sarge4
Motorola 680x0 architecture 2.4.27-3sarge4
MIPS architectures 2.4.27-10.sarge4.040815-1
PowerPC architecture 2.4.27-10sarge4
IBM S/390 2.4.27-2sarge4
Sun Sparc architecture 2.4.27-9sarge4
FAI 1.9.1sarge4
mindi-kernel 2.4.27-2sarge3
kernel-image-speakup-i386 2.4.27-1.1sarge3
systemimager 3.2.3-6sarge3

For the unstable distribution (sid) these problems won't be fixed anymore in the 2.4 kernel series.

We recommend that you upgrade your kernel package and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Architecture-independent component:
Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.