The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: denial of service via CAN RAW

Synthesis of the vulnerability 

A local attacker can use a CAN RAW socket, in order to stop the system.
Impacted software: Debian, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity of this computer vulnerability: 1/4.
Creation date: 21/04/2011.
Références of this announce: CVE-2011-1748, DSA-2240-1, DSA-2264-1, RHSA-2011:0836-01, RHSA-2011:1253-01, SUSE-SA:2011:031, SUSE-SU-2011:0832-1, VIGILANCE-VUL-10588.

Description of the vulnerability 

The CAN (Controller Area Network) bus is mainly used in cars. CAN RAW sockets are used to directly build packets.

The raw_release() function of the net/can/raw.c file is called when an error occurs in socket()/socketpair()/etc. or when the socket is closed with close().

However, if raw_release() is called after an error, its parameter can be NULL, and this NULL pointer is dereferenced.

A local attacker can therefore use a CAN RAW socket, in order to stop the system.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness alert impacts software or systems such as Debian, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this computer vulnerability note is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this security bulletin.

Solutions for this threat 

Linux kernel: version 2.6.39.
The version 2.6.39 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/

Linux kernel: patch for CAN RAW.
A patch is available in information sources.

Debian: new linux-2.6 packages (20/06/2011).
New packages are available:
  linux-2.6 2.6.26-26lenny3

Debian: new linux-2.6 packages (25/05/2011).
New packages are available:
  linux-2.6 2.6.32-34squeeze1

RHEL 6 MRG: new kernel-rt packages.
New packages are available:
MRG Realtime for RHEL 6 Server : kernel-rt-*-2.6.33.9-rt31.75.el6rt

RHEL 6: new kernel packages.
New packages are available:
  kernel-2.6.32-131.2.1.el6

SUSE LE 11: new kernel packages.
New packages are available, as indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computers vulnerabilities alert. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.