The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: memory corruption via ARM OABI

Synthesis of the vulnerability 

On an ARM processor, with the OABI support enabled, a local attacker can corrupt the kernel memory, in order to create a denial of service and possibly to execute code.
Impacted software: Debian, Linux.
Severity of this computer vulnerability: 1/4.
Creation date: 02/05/2011.
Références of this announce: BID-47645, CVE-2011-1759, DSA-2240-1, DSA-2264-1, VIGILANCE-VUL-10612.

Description of the vulnerability 

Applications for ARM processors can be compiled with two ABI (Application Binary Interface):
 - OABI (Old ABI), supported by the kernel, if it is compiled with CONFIG_OABI_COMPAT
 - EABI (Embedded ABI)

The semtimedop() system call processes operations on a semaphore:
  semtimedop(semid, sops, nsops, timeout);

The sys_oabi_semtimedop() function of the arch/arm/kernel/sys_oabi-compat.c file implements the semtimedop() system call. However, the number of operations "nsops" is not checked. An attacker can thus use a large number, so an integer overflow occurs, and then a short memory area is allocated, which is overwritten by "sops" operations.

On an ARM processor, with the OABI support enabled, a local attacker can therefore corrupt the kernel memory, in order to create a denial of service and possibly to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability impacts software or systems such as Debian, Linux.

Our Vigil@nce team determined that the severity of this weakness bulletin is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this weakness.

Solutions for this threat 

Linux kernel: version 2.6.39.
The version 2.6.39 is corrected:
  http://www.kernel.org/pub/linux/kernel/v2.6/

Linux kernel: patch for ARM OABI.
A patch is available in information sources.

Debian: new linux-2.6 packages (20/06/2011).
New packages are available:
  linux-2.6 2.6.26-26lenny3

Debian: new linux-2.6 packages (25/05/2011).
New packages are available:
  linux-2.6 2.6.32-34squeeze1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an application vulnerability note. The Vigil@nce vulnerability database contains several thousand vulnerabilities.