Wojciech Purczynski

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.6.22 through 2.6.24 **Description** The issue concerns the copy from user mmap sem function in fs/splice.c, which fails to validate a certain userspace pointer before dereference. This allows local users to read from arbitrary kernel memory locations. **Recommendations** For Linux kernel versions 2.6.22 through 2.6.24, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Solaris versions 2.6 through 9 **Description** A race condition exists in the `at` command, allowing local users to delete arbitrary files by utilizing the `-r` argument with `..` (dot dot) sequences in the job name. This is achieved by modifying the directory structure after the `at` command checks permissions to delete the file, but before the deletion actually takes place. **Recommendations** For Solaris versions 2.6 through 9, consider restricting access to the `at` command until a fix is available, or apply configuration changes to prevent the exploitation of this issue. As a temporary workaround, consider disabling the `at` command for local users to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** wu-ftpd versions 2.5.0 through 2.6.2 **Description** The issue is related to an off-by-one error in the `fb realpath()` function, which may allow attackers to execute arbitrary code. This can be triggered by commands that cause pathnames of length `MAXPATHLEN+1` to cause a buffer overflow, including commands such as `STOR`, `RETR`, `APPE`, `DELE`, `MKD`, `RMD`, `STOU`, or `RNTO`. The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For wu-ftpd versions 2.5.0 through 2.6.2, consider disabling the `fb realpath()` function or restricting access to the affected commands until a patch is available. Additionally, restrict access to the vulnerable module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.4.26 Linux kernel versions prior to 2.6.6 aa-sources versions prior to 2.4.23-r2 kernel-image-2.4.18-powerpc-xfs version kernel-image-2.4.18-sun4u version kernel-image-2.4.18-sun4u-smp version kernel-image-2.4.19-sparc version kernel-image-2.4.19-sun4u version kernel-image-2.4.19-sun4u-smp version kernel-headers-2.4.18-sparc version kernel-headers-2.4.19-sparc version **Description** The issue is related to multiple vulnerabilities in the Linux kernel, which can lead to a disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely or locally, depending on the specific vulnerability. The do fork function in Linux 2.4.x and 2.6.x does not properly decrement the mm count counter when an error occurs after the mm struct for a child process has been activated, triggering a memory leak that allows local users to cause a denial of service via the clone system call. **Recommendations** For Linux kernel versions prior to 2.4.26, update to version 2.4.26 or later. For Linux kernel versions prior to 2.6.6, update to version 2.6.6 or later. For aa-sources versions prior to 2.4.23-r2, update to version 2.4.23-r2 or later. For kernel-image-2.4.18-powerpc-xfs, kernel-image-2.4.18-sun4u, kernel-image-2.4.18-sun4u-smp, kernel-image-2.4.19-sparc, kernel-image-2.4.19-sun4u, kernel-image-2.4.19-sun4u-smp, kernel-headers-2.4.18-sparc, and kernel-headers-2.4.19-sparc, update to a non-vulnerable version. As a temporary workaround, consider restricting access to the clone system call to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Debian GNU/Linux kernel-pcmcia-modules versions 2.4.27-4-686 through 2.4.27-4-686-smp Debian GNU/Linux kernel-pcmcia-modules versions 2.4.27-4-586tsc through 2.4.27-4-586tsc Debian GNU/Linux kernel-image versions 2.4.27-4-386 through 2.4.27-4-sparc64-smp Red Hat Enterprise Linux kernel versions 2.4.9 through 2.4.18 SUSE Linux Enterprise kernel versions (affected versions not specified) openSUSE kernel versions (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in various Linux kernel packages, which can lead to a disruption of protected information. These vulnerabilities can be exploited remotely. The exploitation may result in a violation of confidentiality, integrity, and availability of the protected information. **Recommendations** For Debian GNU/Linux kernel-pcmcia-modules versions 2.4.27-4-686 through 2.4.27-4-686-smp, update to a version that is not affected by the vulnerability. For Debian GNU/Linux kernel-pcmcia-modules versions 2.4.27-4-586tsc through 2.4.27-4-586tsc, update to a version that is not affected by the vulnerability. For Debian GNU/Linux kernel-image versions 2.4.27-4-386 through 2.4.27-4-sparc64-smp, update to a version that is not affected by the vulnerability. For Red Hat Enterprise Linux kernel versions 2.4.9 through 2.4.18, update to a version that is not affected by the vulnerability. For SUSE Linux Enterprise kernel versions, update to a version that is not affected by the vulnerability. For openSUSE kernel versions, update to a version that is not affected by the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.