Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2009-4067 CVE-2011-0712 CVE-2011-1020 CVE-2011-2209 CVE-2011-2211 CVE-2011-2213 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2525 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191 Debian Bug : 633738
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2009-4067
Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald
module, a driver for Auerswald PBX/System Telephone USB devices. Attackers
with physical access to a system's USB ports could obtain elevated
privileges using a specially crafted USB device.
CVE-2011-0712
Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq
module, a USB driver for Native Instruments USB audio devices. Attackers
with physical access to a system's USB ports could obtain elevated
privileges using a specially crafted USB device.
CVE-2011-1020
Kees Cook discovered an issue in the /proc filesystem that allows local
users to gain access to sensitive process information after execution of a
setuid binary.
CVE-2011-2209
Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the
alpha architecture. Local users could obtain access to sensitive kernel
memory.
CVE-2011-2211
Dan Rosenberg discovered an issue in the osf_wait4() system call on the
alpha architecture permitting local users to gain elevated privileges.
CVE-2011-2213
Dan Rosenberg discovered an issue in the INET socket monitoring interface.
Local users could cause a denial of service by injecting code and causing
the kernel to...
2.6.26-26lenny4