Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN244-1 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- linux-doc-2.6.10
- linux-doc-2.6.12
- linux-doc-2.6.8.1
- linux-headers-2.6.10-6
- linux-headers-2.6.10-6-386
- linux-headers-2.6.10-6-686
- linux-headers-2.6.10-6-686-smp
- linux-headers-2.6.10-6-amd64-generic
- linux-headers-2.6.10-6-amd64-k8
- linux-headers-2.6.10-6-amd64-k8-smp
- linux-headers-2.6.10-6-amd64-xeon
- linux-headers-2.6.10-6-k7
- linux-headers-2.6.10-6-k7-smp
- linux-headers-2.6.10-6-power3
- linux-headers-2.6.10-6-power3
[...]

Description :

Doug Chapman discovered a flaw in the reference counting in the
sys_mq_open() function. By calling this function in a special way, a
local attacker could exploit this to cause a kernel crash.
(CVE-2005-3356)

Karl Janmar discovered that the /proc file system module used signed
data types in a wrong way. A local attacker could exploit this to read
random kernel memory, which could possibly contain sensitive data like
passwords or private keys. (CVE-2005-4605)

Yi Yang discovered an off-by-one buffer overflow in the sysctl()
system call. By calling sysctl with a specially crafted long string, a
local attacker could exploit this to crash the kernel or possibly even
execute arbitrary code with full kernel rights. (CVE-2005-4618)

Perceval Anichini found a buffer overflow in the TwinHan DST
Frontend/Card DVB driver. A local user could exploit this to crash the
kernel or possibly execute arbitrary code with full kernel rights.
This only affects Ubuntu 5.10. (CVE-2005-4639)

Stefan Rompf discovered that the
[...]

Solution :

Upgrade to :
- linux-doc-2.6.10-2.6.10-34.11 (Ubuntu 5.04)
- linux-doc-2.6.12-2.6.12-10.26 (Ubuntu 5.10)
- linux-doc-2.6.8.1-2.6.8.1-16.27 (Ubuntu 4.10)
- linux-headers-2.6.10-6-2.6.10-34.11 (Ubuntu 5.04)
- linux-headers-2.6.10-6-386-2.6.10-34.11 (Ubuntu 5.04)
- linux-headers-2.6.10-6-686-2.6.10-34.11 (Ubuntu 5.04)
- linux-headers-2.6.10-6-686-smp-2.6.10-34.11 (Ubuntu 5.04)
- linux-headers-2.6.10-6-amd64-generic-2.6.10-34.11 (Ubuntu 5.04)
- linux-headers-2.6.10-6-amd64-k8-2.6.10-34.11 (Ubuntu 5.04)
- linu
[...]


Threat Level: High


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.