|
Family: Ubuntu Local Security Checks --> Category: infos
USN178-1 : linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities Vulnerability Scan
Vulnerability Scan Summary linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- linux-doc-2.6.10
- linux-doc-2.6.8.1
- linux-headers-2.6.10-5
- linux-headers-2.6.10-5-386
- linux-headers-2.6.10-5-686
- linux-headers-2.6.10-5-686-smp
- linux-headers-2.6.10-5-amd64-generic
- linux-headers-2.6.10-5-amd64-k8
- linux-headers-2.6.10-5-amd64-k8-smp
- linux-headers-2.6.10-5-amd64-xeon
- linux-headers-2.6.10-5-itanium
- linux-headers-2.6.10-5-itanium-smp
- linux-headers-2.6.10-5-k7
- linux-headers-2.6.10-5-k7-smp
- linux-head
[...]
Description :
Oleg Nesterov discovered a local Denial of Service vulnerability in
the timer handling. When a non group-leader thread called exec() to
execute a different program while an itimer was pending, the timer
expiry would signal the old group leader task, which did not exist any
more. This caused a kernel panic. This vulnerability only affects
Ubuntu 5.04. (CVE-2005-1913)
Al Viro discovered that the sendmsg() function did not sufficiently
validate its input data. By calling sendmsg() and at the same time
modifying the passed message in another thread, he could exploit this
to execute arbitrary commands with kernel rights. This only
affects the amd64 bit platform. (CVE-2005-2490)
Al Viro discovered a vulnerability in the raw_sendmsg() function. By
calling this function with specially crafted arguments, a local
attacker could either read kernel memory contents (leading to
information disclosure) or manipulate the hardware state by reading
certain IO ports. This vulnerability only affects Ubuntu 5.04.
(CAN-200
[...]
Solution :
Upgrade to :
- linux-doc-2.6.10-2.6.10-34.5 (Ubuntu 5.04)
- linux-doc-2.6.8.1-2.6.8.1-16.22 (Ubuntu 4.10)
- linux-headers-2.6.10-5-2.6.10-34.5 (Ubuntu 5.04)
- linux-headers-2.6.10-5-386-2.6.10-34.5 (Ubuntu 5.04)
- linux-headers-2.6.10-5-686-2.6.10-34.5 (Ubuntu 5.04)
- linux-headers-2.6.10-5-686-smp-2.6.10-34.5 (Ubuntu 5.04)
- linux-headers-2.6.10-5-amd64-generic-2.6.10-34.5 (Ubuntu 5.04)
- linux-headers-2.6.10-5-amd64-k8-2.6.10-34.5 (Ubuntu 5.04)
- linux-headers-2.6.10-5-amd64-k8-smp-2.6.10-34.5 (Ubuntu 5
[...]
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|