Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN60-0 : linux-source-2.6.8.1 vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
linux-source-2.6.8.1 vulnerabilities

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- linux-doc-2.6.8.1
- linux-headers-2.6.8.1-4
- linux-headers-2.6.8.1-4-386
- linux-headers-2.6.8.1-4-686
- linux-headers-2.6.8.1-4-686-smp
- linux-headers-2.6.8.1-4-amd64-generic
- linux-headers-2.6.8.1-4-amd64-k8
- linux-headers-2.6.8.1-4-amd64-k8-smp
- linux-headers-2.6.8.1-4-amd64-xeon
- linux-headers-2.6.8.1-4-k7
- linux-headers-2.6.8.1-4-k7-smp
- linux-headers-2.6.8.1-4-power3
- linux-headers-2.6.8.1-4-power3-smp
- linux-headers-2.6.8.
[...]

Description :

CVE-2005-0001:

Paul Starzetz discovered a race condition in the Linux page fault
handler code. This allowed an unprivileged user to gain root
rights on multiprocessor machines under some circumstances.
This also affects the Hyper-Threading mode on Pentium 4 processors.

http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html:

Brad Spengler discovered that some device drivers used
copy_from_user() (a function to copy data from userspace tools into
kernel memory) with insufficient input validation. This potentially
allowed users and/or malicious hardware to overwrite kernel memory
which could result in a crash (Denial of Service) or even root
privilege escalation.

Additionally, this update corrects the SMB file system driver.
USN-30-1 fixed some vulnerabilities in this driver (see CVE-2004-0883,
CVE-2004-0949). However, it was found that these new validation checks
were too strict, which cause some valid operations to fail.

Solution :

Upgrade to :
- linux-doc-2.6.8.1-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-386-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-686-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-686-smp-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-amd64-generic-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-amd64-k8-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-amd64-k8-smp-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6
[...]


Threat Level: High


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

 Vulnerability Scanning Solutions, LLC.