Bug 443962 (CVE-2008-1673) - CVE-2008-1673 kernel: possible buffer overflow in ASN.1 parsing routines
Summary: CVE-2008-1673 kernel: possible buffer overflow in ASN.1 parsing routines
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2008-1673
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Martin Jenner
URL:
Whiteboard:
Depends On: 444461 444462 444463 444464 444465 444470 444471 444472
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-24 12:38 UTC by Jeff Layton
Modified: 2024-08-27 08:51 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
This issue did not have a security consequence for the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5, and as such, was treated as a bug fix. This issue could result in arbitrary code execution if the SLOB or SLUB memory allocators were used (introduced in Linux kernel versions 2.6.16 and 2.6.22 respectively). Red Hat Enterprise Linux and Red Hat Enterprise MRG use the SLAB memory allocator, which, in this case, cannot be exploited to allow arbitrary code execution. Red Hat Enterprise Linux 2 and Red Hat Enterprise MRG were not affected.
Clone Of:
Environment:
Last Closed: 2010-12-23 16:55:06 UTC
Embargoed:


Attachments (Terms of Use)

Comment 9 Tomas Hoger 2008-06-09 07:09:53 UTC
Wei Wang of McAfee Avert Labs discovered a security problem in kernel's ASN.1
decoder affecting CIFS and ip_nat_snmp_basic modules:

Due to an error in two linux kernel modules, cifs filesytem and
ip_nat_snmp_basic in the ASN.1 decoder when handling length BER
encodings, This flaw can be remotely exploited by remote attackers to
cause a vulnerable system to hang or even to execute arbitrary code in
kernel mode.

Since cifs and ip_nat_snmp_basic kernel module are using the same ASN1.1
decoder which was derived from the gxsnmp package . So, gxsnmp is also
vulnerable.


Comment 15 Fedora Update System 2008-06-20 19:04:51 UTC
kernel-2.6.25.6-27.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 21 Eugene Teo (Security Response) 2009-04-15 07:33:48 UTC
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2, 3, 4, 5 or Red Hat Enterprise MRG.

The bug existed on Red Hat Enterprise Linux 3, 4, and 5. However, this is only a security issue if the SLOB or SLUB memory allocators were used (introduced in Linux kernel versions 2.6.16 and 2.6.22, respectively). All Red Hat Enterprise Linux and Red Hat Enterprise MRG kernels use the SLAB memory allocator, which in this case, cannot be exploited to allow arbitrary code execution. As a preventive measure, the underlying bug was addressed in Red Hat Enterprise Linux 3, 4, and 5, via the advisories RHSA-2008:0973, RHSA-2008:0508, and RHSA-2008:0519, respectively.

Updated: Sept 8th, 2009.


Note You need to log in before you can comment on or make changes to this bug.