The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: module loading via AF_ALG and parenthesis

Synthesis of the vulnerability 

A local attacker can load a new kernel module, using a socket of type AF_ALG on the Linux kernel, in order to escalate his privileges.
Vulnerable systems: Debian, Linux, RHEL, Ubuntu.
Severity of this threat: 2/4.
Creation date: 26/01/2015.
Références of this weakness: CERTFR-2015-AVI-081, CERTFR-2015-AVI-121, CERTFR-2015-AVI-498, CVE-2014-9644, DSA-3170-1, MDVSA-2015:057, MDVSA-2015:058, RHSA-2015:2152-02, RHSA-2015:2411-01, USN-2513-1, USN-2514-1, USN-2543-1, USN-2544-1, USN-2545-1, USN-2546-1, VIGILANCE-VUL-16046.

Description of the vulnerability 

The Linux kernel supports sockets of type AF_ALG, which are used to access to the cryptography API when CONFIG_CRYPTO_USER_API=y.

An AF_ALG socket can for example be used to load a new cryptographic module implementing a hash algorithm. However, the crypto_lookup_template() function of the crypto/algapi.c file does not check if the requested module is a cryptographic module.

This vulnerability is a variant of VIGILANCE-VUL-16045 using the syntax "module(blowfish)".

A local attacker can therefore load a new kernel module, using a socket of type AF_ALG on the Linux kernel, in order to escalate his privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security threat impacts software or systems such as Debian, Linux, RHEL, Ubuntu.

Our Vigil@nce team determined that the severity of this computer weakness note is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer threat alert.

Solutions for this threat 

Linux kernel: patch for AF_ALG and perenthesis.
A patch is available in information sources.

Debian: new linux packages.
New packages are available:
  Debian 7: linux 3.2.65-1+deb7u2

Mandriva BS2: new kernel packages.
New packages are available:
  Mandriva BS2: kernel 3.14.34-1.1.mbs2

Mandriva: new kernel packages.
New packages are available:
  Mandriva BS1: kernel 3.4.106-1.1.mbs1

RHEL 7: new kernel packages (20/11/2015).
New packages are available:
  RHEL 7: kernel 3.10.0-327.el7

RHEL 7: new kernel-rt packages.
New packages are available:
  RHEL 7: kernel-rt 3.10.0-327.rt56.204.el7

Ubuntu 12.04 LTS: new linux-image-3.2.0-1460-omap4 packages.
New packages are available:
  Ubuntu 12.04 LTS: linux-image-3.2.0-1460-omap4 3.2.0-1460.80

Ubuntu 12.04 LTS: new linux-image-3.2.0-77 packages.
New packages are available:
  Ubuntu 12.04 LTS: linux-image-3.2.0-77 3.2.0-77.112

Ubuntu: new linux-image-3.13.0 packages.
New packages are available:
  Ubuntu 12.04 LTS: linux-image-3.13.0-48-generic 3.13.0-48.80~precise1
  Ubuntu 14.04 LTS: linux-image-3.13.0-48-generic 3.13.0-48.80

Ubuntu: new linux-image-3.16.0 packages.
New packages are available:
  Ubuntu 14.04 LTS: linux-image-3.16.0-33-generic 3.16.0-33.44~14.04.1
  Ubuntu 14.10: linux-image-3.16.0-33-generic 3.16.0-33.44
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerability database. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.