------------------------------------------------------------- SmoothWall Project Security Advisory SWP-2004:001 -------------------------------------------------------------
Summary: Updates for SmoothWall Express to correct
local vulnerabilities in Linux kernel.
Importance: Critical
Issue: Possible local vulnerabilities
CVE Names: CAN-2003-0961, CAN-2003-0984, CAN-2003-0985
Released: 2004-01-12
SW-specific: noAffected Products:
SmoothWall Express 2.0 (as shipped)
The products shown must be updated to the fix level as shown above before applying any updates mentioned in this advisory.
------------------------------------------------------------- Description -------------------------------------------------------------
Critical security vulnerabilities have been found in the Linux kernel in the following areas:
- Locally exploitable vulnerabilities in memory management code (do_brk(), mremap system calls) - Improper structure initialisation in real time clock (RTC) routines can result in leaked kernel data to user space
These vulnerabilities can result in privilege escalation or unwanted availability of sensitive information.
------------------------------------------------------------- Corrective Actions -------------------------------------------------------------
You should download and install the required update for your product(s). The updates can be downloaded from the web links below, along with installation instructions and any further caveats or updates.
SmoothWall Express 2.0 fixes 1 - http://smoothwall.org/p/2.0-fixes1.html
------------------------------------------------------------- Further Information -------------------------------------------------------------
CVE Candidate CAN-2003-0961 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961 CVE Candidate CAN-2003-0984 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0984 CVE Candidate CAN-2003-0985 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985 CERT(r) VU Note (do_brk()) - http://www.kb.cert.org/vuls/id/301156 CERT(r) VU Note (memory deallocation) - http://www.kb.cert.org/vuls/id/935264 Linux Kernel do_brk() Lacks Argument Bound Checking - http://isec.pl/vulnerabilities/isec-0012-do_brk.txt Linux Kernel RTC Memory Leak - http://xforce.iss.net/xforce/xfdb/13943 Linux Kernel do_mremap Local Privilege Escalation - http://isec.pl/vulnerabilities/isec-0013-mremap.txt Linux Kernel 2.4.23 Changelog - http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.23 Linux Kernel 2.4.24 Changelog - http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24
