Paul Starzetz

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.x.x through 2.2.27-rc2 Linux kernel versions 2.4.x through 2.4.31-pre1 Linux kernel versions 2.6.x through 2.6.12-rc4 Description: The issue allows local users to execute arbitrary code via an ELF binary. This occurs under certain conditions involving the create elf tables function, where a negative length argument passes a signed integer comparison, leading to a buffer overflow. Recommendations: For Linux kernel versions 2.x.x through 2.2.27-rc2, update to a version later than 2.2.27-rc2 to resolve the issue. For Linux kernel versions 2.4.x through 2.4.31-pre1, update to a version later than 2.4.31-pre1 to resolve the issue. For Linux kernel versions 2.6.x through 2.6.12-rc4, update to a version later than 2.6.12-rc4 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.10 Description: The issue is related to an integer overflow in the `ip options get` function, which can be exploited by local users to cause a denial of service, resulting in a kernel crash. This is achieved by setting `cmsg len` to -1, leading to a buffer overflow. Recommendations: For Linux kernel versions prior to 2.6.10, update to version 2.6.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.4.x Red Hat Linux kernel versions 2.4.20 **Description** The issue affects the Linux kernel and Red Hat Linux, allowing for potential exploitation that could compromise confidentiality, integrity, and availability of protected information. This can be exploited remotely. A specific concern is with the execve system call in Linux 2.4.x, which records the file descriptor of the executable process in the file table of the calling process. This allows local users to gain read access to restricted file descriptors. **Recommendations** For Linux kernel version 2.4.x, consider updating to a version that addresses these vulnerabilities. For Red Hat Linux kernel version 2.4.20, consider updating to a version that addresses these vulnerabilities. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Red Hat Linux kernel versions 2.4.20 **Description** The issue concerns multiple vulnerabilities in the Red Hat Linux kernel package, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Additionally, the /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program. **Recommendations** For Red Hat Linux kernel version 2.4.20, consider updating to a newer version that contains a fix for this issue. As a temporary workaround, restrict access to sensitive information and limit the execution of setuid programs to minimize the risk of exploitation. Avoid using the /proc filesystem to obtain sensitive information until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.4.x up to 2.4.28 Linux kernel versions 2.6.x up to 2.6.9 kernel-image-2.4.19-sun4u-smp kernel-image-2.4.18-powerpc-xfs kernel-image-2.4.18-sun4u kernel-patch-benh kernel-image-2.4.18-sun4u-smp kernel-headers-2.4.19-sparc kernel-headers-2.4.18-sparc kernel-image-2.4.19-sun4u **Description** The issue affects the Linux kernel and various Debian GNU/Linux packages, potentially leading to disruptions in confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. A specific function, `scm send`, in the `scm` layer of the Linux kernel, allows local users to cause a denial of service (system hang) via crafted auxiliary messages passed to the `sendmsg` function, resulting in a deadlock condition. **Recommendations** For Linux kernel versions 2.4.x up to 2.4.28 and 2.6.x up to 2.6.9, consider updating to a newer version to mitigate the risk. For kernel-image-2.4.19-sun4u-smp, kernel-image-2.4.18-powerpc-xfs, kernel-image-2.4.18-sun4u, kernel-patch-benh, kernel-image-2.4.18-sun4u-smp, kernel-headers-2.4.19-sparc, kernel-headers-2.4.18-sparc, and kernel-image-2.4.19-sun4u, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs version Debian GNU/Linux kernel-image-2.4.18-sun4u version Debian GNU/Linux kernel-image-2.4.18-sun4u-smp version Debian GNU/Linux kernel-image-2.4.19-sparc version Debian GNU/Linux kernel-image-2.4.19-sun4u version Debian GNU/Linux kernel-image-2.4.19-sun4u-smp version Linux kernel versions 2.4.x up to 2.4.27 Linux kernel versions 2.6.x up to 2.6.8 **Description** The issue involves multiple vulnerabilities in the Linux kernel, which can be exploited to compromise the confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The binfmt elf loader in the Linux kernel does not properly handle a failed call to the mmap function, causing an incorrect mapped image and potentially allowing local users to execute arbitrary code. **Recommendations** For Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs, consider disabling the vulnerable kernel image until a patch is available. For Debian GNU/Linux kernel-image-2.4.18-sun4u, consider disabling the vulnerable kernel image until a patch is available. For Debian GNU/Linux kernel-image-2.4.18-sun4u-smp, consider disabling the vulnerable kernel image until a patch is available. For Debian GNU/Linux kernel-image-2.4.19-sparc, consider disabling the vulnerable kernel image until a patch is available. For Debian GNU/Linux kernel-image-2.4.19-sun4u, consider disabling the vulnerable kernel image until a patch is available. For Debian GNU/Linux kernel-image-2.4.19-sun4u-smp, consider disabling the vulnerable kernel image until a patch is available. For Linux kernel versions 2.4.x up to 2.4.27 and 2.6.x up to 2.6.8, consider updating to a newer version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.4.x up to 2.4.27 Linux kernel versions 2.6.x up to 2.6.8 kernel-image-2.4.19-sun4u-smp (affected versions not specified) kernel-image-2.4.18-powerpc-xfs (affected versions not specified) kernel-image-2.4.18-sun4u (affected versions not specified) kernel-patch-benh (affected versions not specified) kernel-image-2.4.18-sun4u-smp (affected versions not specified) kernel-headers-2.4.19-sparc (affected versions not specified) kernel-headers-2.4.18-sparc (affected versions not specified) kernel-image-2.4.19-sun4u (affected versions not specified) **Description** The issue affects the Linux kernel and various Debian GNU/Linux packages, allowing for potential exploitation that could compromise confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. The open exec function in the execve functionality is also affected, enabling local users to read non-readable ELF binaries by utilizing the interpreter (PT INTERP) functionality. **Recommendations** For Linux kernel versions 2.4.x up to 2.4.27 and 2.6.x up to 2.6.8, update to a version later than 2.4.27 or 2.6.8 to resolve the issue. For kernel-image-2.4.19-sun4u-smp, kernel-image-2.4.18-powerpc-xfs, kernel-image-2.4.18-sun4u, kernel-patch-benh, kernel-image-2.4.18-sun4u-smp, kernel-headers-2.4.19-sparc, kernel-headers-2.4.18-sparc, and kernel-image-2.4.19-sun4u, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.2.x through 2.2.7 Linux kernel versions 2.4 through 2.4.29 Linux kernel versions 2.6 through 2.6.10 Debian GNU/Linux kernel-image-2.4.19-sun4u-smp (affected versions not specified) Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs (affected versions not specified) Debian GNU/Linux kernel-image-2.4.18-sun4u (affected versions not specified) Debian GNU/Linux kernel-patch-benh (affected versions not specified) Debian GNU/Linux kernel-image-2.4.18-sun4u-smp (affected versions not specified) Debian GNU/Linux kernel-headers-2.4.19-sparc (affected versions not specified) Debian GNU/Linux kernel-headers-2.4.18-sparc (affected versions not specified) Debian GNU/Linux kernel-image-2.4.19-sun4u (affected versions not specified) **Description** A race condition in the page fault handler for Linux kernel allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion. Multiple vulnerabilities in Debian GNU/Linux kernel packages may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely. **Recommendations** For Linux kernel versions 2.2.x through 2.2.7, update to a version outside of this range to resolve the issue. For Linux kernel versions 2.4 through 2.4.29, update to a version outside of this range to resolve the issue. For Linux kernel versions 2.6 through 2.6.10, update to a version outside of this range to resolve the issue. For Debian GNU/Linux kernel-image-2.4.19-sun4u-smp, kernel-image-2.4.18-powerpc-xfs, kernel-image-2.4.18-sun4u, kernel-patch-benh, kernel-image-2.4.18-sun4u-smp, kernel-headers-2.4.19-sparc, kernel-headers-2.4.18-sparc, and kernel-image-2.4.19-sun4u, update to a version that is not vulnerable to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable kernel packages until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.4.26 Linux kernel versions prior to 2.6.6 aa-sources versions prior to 2.4.23-r2 kernel-image-2.4.18-powerpc-xfs version kernel-image-2.4.18-sun4u version kernel-image-2.4.18-sun4u-smp version kernel-image-2.4.19-sparc version kernel-image-2.4.19-sun4u version kernel-image-2.4.19-sun4u-smp version kernel-headers-2.4.18-sparc version kernel-headers-2.4.19-sparc version **Description** The issue is related to multiple vulnerabilities in the Linux kernel, which can lead to a disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely or locally, depending on the specific vulnerability. The do fork function in Linux 2.4.x and 2.6.x does not properly decrement the mm count counter when an error occurs after the mm struct for a child process has been activated, triggering a memory leak that allows local users to cause a denial of service via the clone system call. **Recommendations** For Linux kernel versions prior to 2.4.26, update to version 2.4.26 or later. For Linux kernel versions prior to 2.6.6, update to version 2.6.6 or later. For aa-sources versions prior to 2.4.23-r2, update to version 2.4.23-r2 or later. For kernel-image-2.4.18-powerpc-xfs, kernel-image-2.4.18-sun4u, kernel-image-2.4.18-sun4u-smp, kernel-image-2.4.19-sparc, kernel-image-2.4.19-sun4u, kernel-image-2.4.19-sun4u-smp, kernel-headers-2.4.18-sparc, and kernel-headers-2.4.19-sparc, update to a non-vulnerable version. As a temporary workaround, consider restricting access to the clone system call to minimize the risk of exploitation.