English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51671
Category:Ubuntu Local Security Checks
Title:Ubuntu 4.10 USN-82-1 (linux-source-2.6.8.1)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to linux-source-2.6.8.1
announced via advisory USN-82-1.

The following packages are affected:

linux-image-2.6.8.1-5-386
linux-image-2.6.8.1-5-686
linux-image-2.6.8.1-5-686-smp
linux-image-2.6.8.1-5-amd64-generic
linux-image-2.6.8.1-5-amd64-k8
linux-image-2.6.8.1-5-amd64-k8-smp
linux-image-2.6.8.1-5-amd64-xeon
linux-image-2.6.8.1-5-k7
linux-image-2.6.8.1-5-k7-smp
linux-image-2.6.8.1-5-power3
linux-image-2.6.8.1-5-power3-smp
linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-source-2.6.8.1

ATTENTION: Due to an unavoidable ABI change this kernel got a new
version number, which requires to recompile and reinstall all third
party kernel modules you might have installed. If you use
linux-restricted-modules, you have to update that package as well to
get modules which work with the new kernel version.

Details follow:

CVE-2004-0176:

Michael Kerrisk noticed an insufficient permission checking in the
shmctl() function. Any process was permitted to lock/unlock any
System V shared memory segment that fell within the the
RLIMIT_MEMLOCK limit (that is the maximum size of shared memory that
unprivileged users can acquire). This allowed am unprivileged user
process to unlock locked memory of other processes, thereby allowing
them to be swapped out. Usually locked shared memory is used to
store passphrases and other sensitive content which must not be
written to the swap space (where it could be read out even after a
reboot).

CVE-2005-0177:

OGAWA Hirofumi noticed that the table sizes in nls_ascii.c were
incorrectly set to 128 instead of 256. This caused a buffer overflow
in some cases which could be exploited to crash the kernel.

CVE-2005-0178:

A race condition was found in the terminal handling of the
setsid() function, which is used to start new process sessions.

http://oss.sgi.com/archives/netdev/2005-01/msg01036.html:

David Coulson noticed a design flaw in the netfilter/iptables module.
By sending specially crafted packets, a remote attacker could exploit
this to crash the kernel or to bypass firewall rules.

Fixing this vulnerability required a change in the Application
Binary Interface (ABI) of the kernel. This means that third party
user installed modules might not work any more with the new kernel,
so this fixed kernel has a new ABI version number. You have to
recompile and reinstall all third party modules.

Solution:
The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.11. You need to reboot the computer after doing a
standard system upgrade to effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-82-1

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-0176
BugTraq ID: 12598
http://www.securityfocus.com/bid/12598
Bugtraq: 20050215 [USN-82-1] Linux kernel vulnerabilities (Google Search)
http://marc.info/?l=full-disclosure&m=110846102231365&w=2
Conectiva Linux advisory: CLA-2005:930
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1225
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8778
http://www.redhat.com/support/errata/RHSA-2005-092.html
http://www.redhat.com/support/errata/RHSA-2005-472.html
http://secunia.com/advisories/19607
SGI Security Advisory: 20060402-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
Common Vulnerability Exposure (CVE) ID: CVE-2005-0177
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10298
Common Vulnerability Exposure (CVE) ID: CVE-2005-0178
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10647
Common Vulnerability Exposure (CVE) ID: CVE-2004-0176
Bugtraq: 20040323 Advisory 03/2004: Multiple (13) Ethereal remote overflows (Google Search)
http://marc.info/?l=bugtraq&m=108007072215742&w=2
Bugtraq: 20040329 LNSA-#2004-0007: Multiple security problems in Ethereal (Google Search)
http://marc.info/?l=bugtraq&m=108058005324316&w=2
Bugtraq: 20040416 [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal) (Google Search)
http://marc.info/?l=bugtraq&m=108213710306260&w=2
CERT/CC vulnerability note: VU#119876
http://www.kb.cert.org/vuls/id/119876
CERT/CC vulnerability note: VU#125156
http://www.kb.cert.org/vuls/id/125156
CERT/CC vulnerability note: VU#433596
http://www.kb.cert.org/vuls/id/433596
CERT/CC vulnerability note: VU#591820
http://www.kb.cert.org/vuls/id/591820
CERT/CC vulnerability note: VU#644886
http://www.kb.cert.org/vuls/id/644886
CERT/CC vulnerability note: VU#659140
http://www.kb.cert.org/vuls/id/659140
CERT/CC vulnerability note: VU#740188
http://www.kb.cert.org/vuls/id/740188
CERT/CC vulnerability note: VU#864884
http://www.kb.cert.org/vuls/id/864884
CERT/CC vulnerability note: VU#931588
http://www.kb.cert.org/vuls/id/931588
Conectiva Linux advisory: CLA-2004:835
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835
Debian Security Information: DSA-511 (Google Search)
http://www.debian.org/security/2004/dsa-511
http://security.gentoo.org/glsa/glsa-200403-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:024
http://security.e-matters.de/advisories/032004.html
http://www.osvdb.org/6893
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10187
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A887
http://www.redhat.com/support/errata/RHSA-2004-136.html
http://www.redhat.com/support/errata/RHSA-2004-137.html
http://secunia.com/advisories/11185
XForce ISS Database: ethereal-multiple-dissectors-bo(15569)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15569
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.