English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 75096 Descripciones CVE y
39644 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.51991
Categoría:Ubuntu Local Security Checks
Título:Ubuntu 4.10 USN-103-1 (linux-source-2.6.8.1)
Resumen:Ubuntu 4.10 USN-103-1 (linux-source-2.6.8.1)
Descripción:
The remote host is missing an update to linux-source-2.6.8.1
announced via advisory USN-103-1.

Mathieu Lafon discovered an information leak in the ext2 file system
driver. When a new directory was created, the ext2 block written to
disk was not initialized, so that previous memory contents (which
could contain sensitive data like passwords) became visible on the raw
device. This is particularly important if the target device is
removable and thus can be read by users other than root.
(CVE-2005-0400)

Yichen Xie discovered a Denial of Service vulnerability in the ELF
loader. A specially crafted ELF library or executable could cause an
attempt to free an invalid pointer, which lead to a kernel crash.
(CVE-2005-0749)

Ilja van Sprundel discovered that the bluez_sock_create() function did
not check its protocol argument for negative values. A local
attacker could exploit this to execute arbitrary code with root
privileges by creating a Bluetooth socket with a specially crafted
protocol number. (CVE-2005-0750)

Michal Zalewski discovered that the iso9660 file system driver fails
to check ranges properly in several cases. Mounting a specially
crafted CD-ROM may have caused a buffer overflow leading to a kernel
crash or even arbitrary code execution. (CVE-2005-0815)

Previous kernels did not restrict the use of the N_MOUSE line
discipline in the serial driver. This allowed an unprivileged user to
inject mouse movement and/or keystrokes (using the sunkbd driver) into
the input subsystem, taking over the console or an X session, where
another user is logged in. (CVE-2005-0839)

A Denial of Service vulnerability was found in the tmpfs driver, which
is commonly used to mount RAM disks below /dev/shm and /tmp. The
shm_nopage() did not properly verify its address argument, which could
be exploited by a local user to cause a kernel crash with invalid
addresses.
(http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg)

The following packages are affected:

linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-patch-debian-2.6.8.1

Solution:
The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.13. You need to reboot the computer after doing a
standard system upgrade to effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-103-1

Risk factor : High
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0400
Bugtraq: 20050401 Information leak in the Linux kernel ext2 implementation (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=111238764720696&w=2
http://arkoon.net/advisories/ext2-make-empty-leak.txt
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
http://www.redhat.com/support/errata/RHSA-2006-0190.html
http://www.redhat.com/support/errata/RHSA-2006-0191.html
http://www.redhat.com/support/errata/RHSA-2005-366.html
http://www.redhat.com/support/errata/RHSA-2005-663.html
http://www.ubuntulinux.org/support/documentation/usn/usn-103-1
BugTraq ID: 12932
http://www.securityfocus.com/bid/12932
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10336
http://www.vupen.com/english/advisories/2005/1878
http://secunia.com/advisories/18684
http://secunia.com/advisories/17002
XForce ISS Database: kernel-ext2-information-disclosure(19866)
http://xforce.iss.net/xforce/xfdb/19866
http://secunia.com/advisories/14713/
Common Vulnerability Exposure (CVE) ID: CVE-2005-0749
http://www.redhat.com/support/errata/RHSA-2005-293.html
http://www.redhat.com/support/errata/RHSA-2005-529.html
http://www.redhat.com/support/errata/RHSA-2005-551.html
SGI Security Advisory: 20060402-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
BugTraq ID: 12935
http://www.securityfocus.com/bid/12935
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10640
http://secunia.com/advisories/19607
XForce ISS Database: kernel-loadelflibrary-dos(19867)
http://xforce.iss.net/xforce/xfdb/19867
Common Vulnerability Exposure (CVE) ID: CVE-2005-0750
Bugtraq: 20050327 local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5 (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=111204562102633&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032913.html
http://www.redhat.com/support/errata/RHSA-2005-283.html
http://www.redhat.com/support/errata/RHSA-2005-284.html
BugTraq ID: 12911
http://www.securityfocus.com/bid/12911
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11719
XForce ISS Database: kernel-bluezsockcreate-integer-underflow(19844)
http://xforce.iss.net/xforce/xfdb/19844
Common Vulnerability Exposure (CVE) ID: CVE-2005-0815
Bugtraq: 20050317 Linux ISO9660 handling flaws (Google Search)
http://www.securityfocus.com/archive/1/393590
http://www.mandriva.com/security/advisories?name=MDKSA-2006:072
BugTraq ID: 12837
http://www.securityfocus.com/bid/12837
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9307
XForce ISS Database: kernel-iso9660-filesystem(19741)
http://xforce.iss.net/xforce/xfdb/19741
Common Vulnerability Exposure (CVE) ID: CVE-2005-0839
http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg64704.html
http://linux.bkbits.net:8080/linux-2.6/cset@41fa6464E1UuGu6zmketEYxm73KSyQ
http://www.securityfocus.com/archive/1/archive/1/427980/100/0/threaded
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9460
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 39644 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.