The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them. |
|
 |
|
|
Synthesis of the vulnerability 
A local attacker can use two vulnerabilities of AGPgart, in order to corrupt the memory, to create a denial of service or to elevate his privileges.
Vulnerable systems: Debian, Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX.
Severity of this threat: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/04/2011.
Références of this weakness: BID-47534, BID-47535, BID-47843, CVE-2011-1745, CVE-2011-1746, CVE-2011-1747, CVE-2011-2022, DSA-2240-1, DSA-2264-1, FEDORA-2011-6447, FEDORA-2011-6541, openSUSE-SU-2011:0860-1, RHSA-2011:0927-01, RHSA-2011:1253-01, RHSA-2011:1350-01, SUSE-SA:2011:031, SUSE-SA:2011:034, SUSE-SA:2011:040, SUSE-SU-2011:0832-1, SUSE-SU-2011:0899-1, SUSE-SU-2011:0928-1, SUSE-SU-2011:1058-1, VIGILANCE-VUL-10592.
Description of the vulnerability 
The AGPgart (Graphics Address Remapping Table) module is used by video devices with low memory resources. It uses /dev/agpgart, and it is impacted by two vulnerabilities.
The AGPIOC_BIND and AGPIOC_UNBIND ioctl call the agp_generic_insert_memory() and agp_generic_remove_memory() functions. An attacker can use them to write in kernel memory. [severity:2/4; BID-47534, BID-47843, CVE-2011-1745, CVE-2011-2022]
The AGPIOC_ALLOCATE ioctl calls the agp_create_user_memory() and agp_allocate_memory() functions. An attacker can use them to create a buffer overflow. [severity:2/4; BID-47535, CVE-2011-1746]
An attacker can use the AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls in order to allocate memory area which will never be freed. [severity:1/4; CVE-2011-1747]
A local attacker can therefore use two vulnerabilities of AGPgart, in order to corrupt the memory, to create a denial of service or to elevate his privileges. Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
This computer threat impacts software or systems such as Debian, Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX.
Our Vigil@nce team determined that the severity of this computer vulnerability alert is medium.
The trust level is of type confirmed by the editor, with an origin of user shell.
This bulletin is about 3 vulnerabilities.
An attacker with a expert ability can exploit this cybersecurity weakness.
Solutions for this threat 
Linux kernel: version 2.6.39.
The version 2.6.39 is corrected:
http://www.kernel.org/pub/linux/kernel/v2.6/
Linux kernel: version 2.6.38.5.
The version 2.6.38.5 is corrected:
http://www.kernel.org/pub/linux/kernel/v2.6/
Linux kernel: version 2.6.33.13.
The version 2.6.33.13 is corrected:
http://www.kernel.org/pub/linux/kernel/v2.6/
Linux kernel: version 2.6.32.40.
The version 2.6.32.50 is corrected:
http://www.kernel.org/pub/linux/kernel/v2.6/
Linux kernel: version 2.6.27.60.
The version 2.6.27.60 is corrected:
http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.27/
Linux kernel: patch for AGPgart.
Two patches are available in information sources.
Debian: new linux-2.6 packages (20/06/2011).
New packages are available:
linux-2.6 2.6.26-26lenny3
Debian: new linux-2.6 packages (25/05/2011).
New packages are available:
linux-2.6 2.6.32-34squeeze1
Fedora 13: new kernel packages (22/06/2011).
New packages are available:
kernel-2.6.34.9-69.fc13
Fedora 14: new kernel packages.
New packages are available:
Fedora 14: kernel-2.6.35.13-91.fc14
openSUSE 11.4: new kernel packages (02/08/2011).
New packages are available:
kernel-*-2.6.37.6-0.7.1
RHEL 5: new kernel packages.
New packages are available:
kernel-2.6.18-238.19.1.el5
RHEL 6 MRG: new kernel-rt packages.
New packages are available:
MRG Realtime for RHEL 6 Server : kernel-rt-*-2.6.33.9-rt31.75.el6rt
RHEL 6: new kernel packages (06/10/2011).
New packages are available:
kernel-2.6.32-131.17.1.el6
SUSE LE 10 SP3: new kernel packages (21/09/2011).
New packages are available, as indicated in information sources.
SUSE LE 10 SP4: new kernel packages (12/08/2011).
New packages are available, as indicated in information sources.
SUSE LE 11: new kernel packages.
New packages are available, as indicated in information sources.
SUSE LE 9: new kernel packages (23/08/2011).
New packages are available:
http://download.novell.com/patch/finder/?keywords=c05dae2ea95bb787f18166cf12f585e3
VMware ESX 4.1: patch ESX410-201201001.
A patch is available:
ESX410-201201001
http://downloads.vmware.com/go/selfsupport-download
http://kb.vmware.com/kb/2009142
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)
Computer vulnerabilities tracking service 
Vigil@nce provides a computers vulnerabilities database. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
|