Test ID:	1.3.6.1.4.1.25623.1.0.50475
Category:	Ubuntu Local Security Checks
Title:	Ubuntu 4.10 USN-39-1 (linux-source-2.6.8.1)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to linux-source-2.6.8.1 announced via advisory USN-39-1. USN-30-1 fixed several flaws in the Linux ELF binary loader's handling of setuid binaries. Unfortunately it was found that these patches were not sufficient to prevent all possible attacks on 64-bit platforms, so previous amd64 kernel images were still vulnerable to root privilege escalation if setuid binaries were run under certain conditions. This issue does not affect the i386 and powerpc platforms. The following packages are affected: linux-image-2.6.8.1-4-amd64-generic linux-image-2.6.8.1-4-amd64-k8 linux-image-2.6.8.1-4-amd64-k8-smp linux-image-2.6.8.1-4-amd64-xeon Solution: The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.4. You need to reboot the computer after performing a standard system upgrade to effect the necessary changes. http://lists.ubuntu.com/archives/ubuntu-security-announce/2004-December/000041.html Risk factor : Medium CVSS Score: 2.1
Cross-Ref:	BugTraq ID: 11754 Common Vulnerability Exposure (CVE) ID: CVE-2004-1074 http://www.securityfocus.com/bid/11754 Bugtraq: 20041216 [USN-39-1] Linux amd64 kernel vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110322596918807&w=2 Conectiva Linux advisory: CLA-2005:930 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 Debian Security Information: DSA-1067 (Google Search) http://www.debian.org/security/2006/dsa-1067 Debian Security Information: DSA-1069 (Google Search) http://www.debian.org/security/2006/dsa-1069 Debian Security Information: DSA-1070 (Google Search) http://www.debian.org/security/2006/dsa-1070 Debian Security Information: DSA-1082 (Google Search) http://www.debian.org/security/2006/dsa-1082 https://bugzilla.fedora.us/show_bug.cgi?id=2336 http://www.mandriva.com/security/advisories?name=MDKSA-2005:022 http://marc.info/?l=linux-kernel&m=110021173607372&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9751 http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 http://www.trustix.org/errata/2005/0001/ XForce ISS Database: linux-aout-binary-dos(18290) https://exchange.xforce.ibmcloud.com/vulnerabilities/18290
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.