About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Security Blog & News
  Zero-day Attacks Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

>> VUPEN Security / Public Mailing Lists Mirror


Assigned : VUPEN/ADV-2005-2528

From : Martin Pitt <martin.pitt at canonical.com>
Subject : [USN-219-1] Linux kernel vulnerabilities
Date : 2005-11-22

Original Message

==========================================================
Ubuntu Security Notice USN-219-1 November 22, 2005
linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities
CVE-2005-2709, CVE-2005-2973, CVE-2005-3055, CVE-2005-3180,
CVE-2005-3271, CVE-2005-3272, CVE-2005-3273, CVE-2005-3274,
CVE-2005-3275, CVE-2005-3276
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following Ubuntu 4.10 packages are affected:

linux-image-2.6.8.1-6-386
linux-image-2.6.8.1-6-686
linux-image-2.6.8.1-6-686-smp
linux-image-2.6.8.1-6-k7
linux-image-2.6.8.1-6-k7-smp
linux-image-2.6.8.1-6-amd64-generic
linux-image-2.6.8.1-6-amd64-k8
linux-image-2.6.8.1-6-amd64-k8-smp
linux-image-2.6.8.1-6-amd64-xeon
linux-image-2.6.8.1-6-power3
linux-image-2.6.8.1-6-power3-smp
linux-image-2.6.8.1-6-power4
linux-image-2.6.8.1-6-power4-smp
linux-image-2.6.8.1-6-powerpc
linux-image-2.6.8.1-6-powerpc-smp
linux-patch-debian-2.6.8.1

The following Ubuntu 5.04 packages are affected:

linux-image-2.6.10-6-386
linux-image-2.6.10-6-686
linux-image-2.6.10-6-686-smp
linux-image-2.6.10-6-k7
linux-image-2.6.10-6-k7-smp
linux-image-2.6.10-6-amd64-generic
linux-image-2.6.10-6-amd64-k8
linux-image-2.6.10-6-amd64-k8-smp
linux-image-2.6.10-6-amd64-xeon
linux-image-2.6.10-6-power3
linux-image-2.6.10-6-power3-smp
linux-image-2.6.10-6-power4
linux-image-2.6.10-6-power4-smp
linux-image-2.6.10-6-powerpc
linux-image-2.6.10-6-powerpc-smp
linux-patch-ubuntu-2.6.10

The following Ubuntu 5.10 packages are affected:

linux-image-2.6.12-10-386
linux-image-2.6.12-10-686
linux-image-2.6.12-10-686-smp
linux-image-2.6.12-10-k7
linux-image-2.6.12-10-k7-smp
linux-image-2.6.12-10-amd64-generic
linux-image-2.6.12-10-amd64-k8
linux-image-2.6.12-10-amd64-k8-smp
linux-image-2.6.12-10-amd64-xeon
linux-image-2.6.12-10-powerpc
linux-image-2.6.12-10-powerpc-smp
linux-image-2.6.12-10-powerpc64-smp
linux-patch-ubuntu-2.6.12

The problem can be corrected by installing the affected package, which
provides a new kernel. Unless you manually uninstalled the standard
kernel metapackages (linux-image-386, linux-image-powerpc, or
linux-image-amd64-generic), this will happen automatically with a
standard system upgrade.

ATTENTION: Due to an unavoidable ABI change this kernel has been given
a new version number, which requires you to recompile and reinstall
all third party kernel modules you might have installed. If you use
linux-restricted-modules, you have to update that package as well to
get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (linux-386,
linux-powerpc, linux-amd64-generic), a standard system upgrade will
automatically perform this as well.

Details follow:

Al Viro discovered a race condition in the /proc file handler of
network devices. A local attacker could exploit this by opening any
file in /proc/sys/net/ipv4/conf/<interface>/ and waiting until that
interface was shut down. Under certain circumstances this could lead
to a kernel crash or even arbitrary code execution with full kernel
privileges. (CVE-2005-2709)

Tetsuo Handa discovered a local Denial of Service vulnerability in the
udp_v6_get_port() function. On computers which use IPv6, a local
attacker could exploit this to trigger an infinite loop in the kernel.
(CVE-2005-2973)

Harald Welte discovered a Denial of Service vulnerability in the USB
devio driver. A local attacker could exploit this by sending an "USB
Request Block" (URB) and terminating the sending process before the
arrival of the answer, which left an invalid pointer and caused a
kernel crash. (CVE-2005-3055)

Pavel Roskin discovered an information leak in the Orinoco wireless
card driver. When increasing the buffer length for storing data, the
buffer was not padded with zeros, which exposed a random part of the
system memory to the user. (CVE-2005-3180)

A resource leak has been discovered in the handling of POSIX timers in
the exec() function. This could be exploited to a Denial of Service
attack by a group of local users. This vulnerability only affects
Ubuntu 4.10. (CVE-2005-3271)

Stephen Hemming discovered a weakness in the network bridge driver.
Packets which had already been dropped by the packet filter could
poison the forwarding table, which could be exploited to make the
bridge forward spoofed packages. This vulnerability only affects
Ubuntu 4.10 and 5.04. (CVE-2005-3272)

David S. Miller discovered a buffer overflow in the rose_rt_ioctl()
function. By calling the function with a large "ngidis" argument, a
local attacker could cause a kernel crash. This vulnerability only
affects Ubuntu 4.10 and 5.04. (CVE-2005-3273)

Neil Horman discovered a race condition in the connection timer
handling. This allowed a local attacker to set up an expiration
handler which modified the connection list while the list still being
traversed, which could result in a kernel crash. This vulnerability
only affects multiprocessor (SMP) systems. (CVE-2005-3274)

Patrick McHardy noticed a logic error in the network address
translation (NAT) connection tracker. A remote attacker could exploit
this by causing two packets for the same protocol to be NATed at the
same time, which resulted in a kernel crash. (CVE-2005-3275)

Paolo Giarrusso discovered an information leak in the
sys_get_thread_area(). The returned structure was not properly
cleared, which exposed a small amount of kernel memory to userspace
programs. This could possibly expose confidential data.
(CVE-2005-3276)

Disclaimer : VUPEN Security does not endorse the content of this message submitted by others to public mailinglists. Messages submitted to public mailinglists do not necessarily reflect the opinions or policies of VUPEN Security. VUPEN Security makes no warranties, express or implied, as to the content of the message in this page or the accuracy and reliability of any messages and other materials submitted to public mailinglists. Any questions or comments regarding this page should be sent to team@vupen.com

 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Sep 2010


  Critical Risk

 : 18%

  High Risk		 : 5%

  Moderate Risk		 : 46%

  Low Risk		 : 31%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 


© 2004-2010 VUPEN Security - Copyright - Privacy Policy