 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.52044 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu 4.10 USN-110-1 (linux-source-2.6.8.1) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to linux-source-2.6.8.1 announced via advisory USN-110-1. Alexander Nyberg discovered an integer overflow in the sysfs_write_file() function. A local attacker could exploit this to crash the kernel or possibly even execute arbitrary code with root privileges by writing to an user-writable file in /sys under certain low-memory conditions. However, there are very few cases where a user-writeable sysfs file actually exists. (CVE-2005-0867) Olof Johansson discovered a Denial of Service vulnerability in the futex functions, which provide semaphores for exclusive locking of resources. A local attacker could possibly exploit this to cause a kernel deadlock. (CVE-2005-0937) In addition this update fixes two race conditions in the ext3 and jfs file system drivers, which could lead to a kernel crash under certain (unusual) conditions. However, these cannot easily be triggered by users, thus they are not security sensitive. (http://linux.bkbits.net:8080/linux-2.5/gnupatch@4248d87aETPJX79hVXl4owAUwu2SmQ, http://linux.bkbits.net:8080/linux-2.6/cset@1.2181.46.242) The following packages are affected: linux-image-2.6.8.1-5-386 linux-image-2.6.8.1-5-686 linux-image-2.6.8.1-5-686-smp linux-image-2.6.8.1-5-amd64-generic linux-image-2.6.8.1-5-amd64-k8 linux-image-2.6.8.1-5-amd64-k8-smp linux-image-2.6.8.1-5-amd64-xeon linux-image-2.6.8.1-5-k7 linux-image-2.6.8.1-5-k7-smp linux-image-2.6.8.1-5-power3 linux-image-2.6.8.1-5-power3-smp linux-image-2.6.8.1-5-power4 linux-image-2.6.8.1-5-power4-smp linux-image-2.6.8.1-5-powerpc linux-image-2.6.8.1-5-powerpc-smp linux-patch-debian-2.6.8.1 linux-source-2.6.8.1 Solution: The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.14. You need to reboot the computer after doing a standard system upgrade to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-110-1 Risk factor : High CVSS Score: 7.2 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-0867 http://www.securityfocus.com/archive/1/427980/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10867 http://www.redhat.com/support/errata/RHSA-2005-366.html SuSE Security Announcement: SUSE-SA:2005:018 (Google Search) http://www.novell.com/linux/security/advisories/2005_18_kernel.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0937 FLSA:157459-3 RHSA-2005:420 http://www.redhat.com/support/errata/RHSA-2005-420.html http://linux.bkbits.net:8080/linux-2.6/cset%40421cfc11zFsK9gxvSJ2t__FCmuUd3Q http://lkml.org/lkml/2005/2/22/123 oval:org.mitre.oval:def:10037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10037 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |