|
Family: Ubuntu Local Security Checks --> Category: infos
USN60-0 : linux-source-2.6.8.1 vulnerabilities Vulnerability Scan
Vulnerability Scan Summary linux-source-2.6.8.1 vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- linux-doc-2.6.8.1
- linux-headers-2.6.8.1-4
- linux-headers-2.6.8.1-4-386
- linux-headers-2.6.8.1-4-686
- linux-headers-2.6.8.1-4-686-smp
- linux-headers-2.6.8.1-4-amd64-generic
- linux-headers-2.6.8.1-4-amd64-k8
- linux-headers-2.6.8.1-4-amd64-k8-smp
- linux-headers-2.6.8.1-4-amd64-xeon
- linux-headers-2.6.8.1-4-k7
- linux-headers-2.6.8.1-4-k7-smp
- linux-headers-2.6.8.1-4-power3
- linux-headers-2.6.8.1-4-power3-smp
- linux-headers-2.6.8.
[...]
Description :
CVE-2005-0001:
Paul Starzetz discovered a race condition in the Linux page fault
handler code. This allowed an unprivileged user to gain root
rights on multiprocessor machines under some circumstances.
This also affects the Hyper-Threading mode on Pentium 4 processors.
http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html:
Brad Spengler discovered that some device drivers used
copy_from_user() (a function to copy data from userspace tools into
kernel memory) with insufficient input validation. This potentially
allowed users and/or malicious hardware to overwrite kernel memory
which could result in a crash (Denial of Service) or even root
privilege escalation.
Additionally, this update corrects the SMB file system driver.
USN-30-1 fixed some vulnerabilities in this driver (see CVE-2004-0883,
CVE-2004-0949). However, it was found that these new validation checks
were too strict, which cause some valid operations to fail.
Solution :
Upgrade to :
- linux-doc-2.6.8.1-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-386-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-686-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-686-smp-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-amd64-generic-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-amd64-k8-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6.8.1-4-amd64-k8-smp-2.6.8.1-16.10 (Ubuntu 4.10)
- linux-headers-2.6
[...]
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|