kernel security and bug fix update (RHSA-2010-0610)

Original Release Date: October 28, 2010
Last Revised: October 28, 2010
Number: ASA-2010-259
Risk Level: Low
Advisory Version: 1.0
Advisory Status: Interim

1. Overview:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues:

* instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1084 to this issue

* a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2070 to this issue.

* a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially-crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2248 to this issue.

* buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially-crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2521 to this issue.

* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel XFS file system implementation. A local user could use this flaw to read write-only files, that they do not own, on an XFS file system. This could lead to unintended information disclosure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2226 to this issue.

* a flaw was found in the dns_resolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user's choosing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2524 to this issue.

* a missing check was found in the mext_check_arguments() function in the ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2066 to this issue.

More information about these vulnerabilities can be found in the security advisory issued by RedHat Linux:

2. Avaya System Products with the RHEL5 kernel installed:

Product: Affected Version(s): Risk Level: Actions:
Avaya Aura™ Application Enablement Services 5.2 and later Low See recommended actions below.  This issue will be addressed in accordance with section five of Avaya's Product Security Vulnerability Response Policy
Avaya Aura™ Conferencing Standard Edition 6.0 Low See recommended actions below.  This issue will be addressed in accordance with section five of Avaya's Product Security Vulnerability Response Policy
Avaya IQ 5.x Low See recommended actions below.  This issue will be addressed in accordance with section five of Avaya's Product Security Vulnerability Response Policy
Avaya Aura™ Presence Services 6.0 Low See recommended actions below.  This issue will be addressed in accordance with section five of Avaya's Product Security Vulnerability Response Policy
Avaya Aura™ Session Manager 1.1, 5.2, 6.0 Low See recommended actions below.  This issue will be addressed in accordance with section five of Avaya's Product Security Vulnerability Response Policy
Avaya Aura™ System Manager 5.2, 6.0 Low See recommended actions below.  This issue will be addressed in accordance with section five of Avaya's Product Security Vulnerability Response Policy
Avaya Aura™ System Platform 1.1, 6.0 Low See recommended actions below.  This issue will be addressed in accordance with section five of Avaya's Product Security Vulnerability Response Policy
Avaya Voice Portal 5.x Low See recommended actions below.  This issue will be addressed in accordance with section five of Avaya's Product Security Vulnerability Response Policy

Recommended Actions for System Products:
Avaya strongly recommends that customers follow networking and security best practices by implementing firewalls, ACLs, physical security or other appropriate access restrictions. Though Avaya believes such restrictions should always be in place; risk to Avaya's product and the surrounding network from this potential vulnerability may be mitigated by ensuring these practices are implemented until such time as a product update is available or the recommended action is applied. Further restrictions as deemed necessary based on the customer's security policies may be required during this interim period.

3. Avaya Software-Only Products:

Avaya software-only products operate on general-purpose operating systems. Occasionally vulnerabilities may be discovered in the underlying operating system or applications that come with the operating system. These vulnerabilities often do not impact the software-only product directly but may threaten the integrity of the underlying platform.

In the case of this advisory Avaya software-only products are not affected by the vulnerability directly but the underlying Linux platform may be. Customers should determine on which Linux operating system the product was installed and then follow that vendor's guidance.

Product: Actions:
Avaya Aura™ Application Enablement Services 4.x/5.x Depending on the Operating System provided by customers, the affected package may be installed on the underlying Operating System supporting the AES application.
CVLAN Depending on the Operating System provided by customers, the affected package may be installed on the underlying Operating System supporting the CVLAN application.
Avaya Integrated Management Suite (IMS) Depending on the Operating System provided by customers, the affected package may be installed on the underlying Operating System supporting the IMS application.
Avaya Aura™ Presence Services Depending on the Operating System provided by customers, the affected package may be installed on the underlying Operating System supporting the PS application.
Avaya Aura™ System Manager 1.0 Depending on the Operating System provided by customers, the affected package may be installed on the underlying Operating System supporting the SMGR application.
Voice Portal Depending on the Operating System provided by customers, the affected package may be installed on the underlying Operating System supporting the Voice Portal application.

Recommended Actions for Software-Only Products:
In the event that the affected package is installed, Avaya recommends that customers follow recommended actions supplied by RedHat Linux.

4. Additional Information:

Additional information may also be available via the Avaya support website and through your Avaya account representative. Please contact your Avaya product support representative, or dial 1-800-242-2121, with any questions.

5. Disclaimer:

ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS PROVIDED "AS IS". AVAYA INC., ON BEHALF ITSELF AND ITS SUBSIDIARIES AND AFFILIATES (HEREINAFTER COLLECTIVELY REFERRED TO AS "AVAYA"), DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND FURTHERMORE, AVAYA MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE STEPS RECOMMENDED WILL ELIMINATE SECURITY OR VIRUS THREATS TO CUSTOMERS' SYSTEMS. IN NO EVENT SHALL AVAYA BE LIABLE FOR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THE INFORMATION OR RECOMMENDED ACTIONS PROVIDED HEREIN, INCLUDING DIRECT, INDIRECT, INCIDENTAL, STATUTORY, CONSEQUENTIAL DAMAGES, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF AVAYA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

THE INFORMATION PROVIDED HERE DOES NOT AFFECT THE SUPPORT AGREEMENTS IN PLACE FOR AVAYA PRODUCTS. SUPPORT FOR AVAYA PRODUCTS CONTINUES TO BE EXECUTED AS PER EXISTING AGREEMENTS WITH AVAYA.

6. Revision History:

V 1.0 - October 28, 2010 - Initial Statement issued.

Send information regarding any discovered security problems with Avaya products to either the contact noted in the product's documentation or securityalerts@avaya.com.

© 2010 Avaya Inc. All Rights Reserved. All trademarks identified by the ® or ™ are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners.