Wei Wang of McAfee Avert Labs discovered a security problem in kernel's ASN.1 decoder affecting CIFS and ip_nat_snmp_basic modules: Due to an error in two linux kernel modules, cifs filesytem and ip_nat_snmp_basic in the ASN.1 decoder when handling length BER encodings, This flaw can be remotely exploited by remote attackers to cause a vulnerable system to hang or even to execute arbitrary code in kernel mode. Since cifs and ip_nat_snmp_basic kernel module are using the same ASN1.1 decoder which was derived from the gxsnmp package . So, gxsnmp is also vulnerable.
Fixed upstream in 2.6.25.5 and 2.4.36.6: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5 http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6 Upstream fix: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ddb2c43594f22843e9f3153da151deaba1a834c5 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c Lifting embargo.
kernel-2.6.25.6-27.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2, 3, 4, 5 or Red Hat Enterprise MRG. The bug existed on Red Hat Enterprise Linux 3, 4, and 5. However, this is only a security issue if the SLOB or SLUB memory allocators were used (introduced in Linux kernel versions 2.6.16 and 2.6.22, respectively). All Red Hat Enterprise Linux and Red Hat Enterprise MRG kernels use the SLAB memory allocator, which in this case, cannot be exploited to allow arbitrary code execution. As a preventive measure, the underlying bug was addressed in Red Hat Enterprise Linux 3, 4, and 5, via the advisories RHSA-2008:0973, RHSA-2008:0508, and RHSA-2008:0519, respectively. Updated: Sept 8th, 2009.