| Description: | Description:
The remote host is missing an update to linux-source-2.6.12
announced via advisory USN-281-1.
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
linux-image-2.6.10-6-*
linux-image-2.6.12-10-*
linux-patch-ubuntu-2.6.10
linux-patch-ubuntu-2.6.12
The sys_mbind() function did not properly verify the validity of the
'maxnod' argument. A local user could exploit this to trigger a buffer
overflow, which caused a kernel crash. (CVE-2006-0557)
The SELinux module did not correctly handle the tracer SID when a
process was already being traced. A local attacker could exploit this
to cause a kernel crash. (CVE-2006-1052)
Al Viro discovered a local Denial of Service in the sysfs write buffer
handling. By writing a block with a length exactly equal to the
processor's page size to any writable file in /sys, a local attacker
could cause a kernel crash. (CVE-2006-1055)
John Blackwood discovered a race condition with single-step debugging
multiple processes at the same time. A local attacker could exploit
this to crash the system. This only affects the amd64 platform.
(CVE-2006-1066)
Marco Ivaldi discovered a flaw in the handling of the ID number of IP
packets. This number was incremented after receiving unsolicited TCP
SYN-ACK packets. A remote attacker could exploit this to conduct port
scans with the 'Idle scan' method (nmap -sI), which bypassed intended
port scan protections. (CVE-2006-1242)
Pavel Kankovsky discovered that the getsockopt() function, when called
with an SO_ORIGINAL_DST argument, does not properly clear the returned
structure, so that a random piece of kernel memory is exposed to the
user. This could potentially reveal sensitive data like passwords or
encryption keys. (CVE-2006-1343)
A buffer overflow was discovered in the USB Gadget RNDIS
implementation. While creating a reply message, the driver did not
allocate enough memory for the reply structure. A remote attacker
could exploit this to cause a kernel crash. (CVE-2006-1368)
Alexandra Kossovsky discovered an invalid memory access in the
ip_route_input() function. By using the 'ip' command in a particular
way to retrieve multicast routes, a local attacker could exploit this
to crash the kernel. (CVE-2006-1525)
Solution:
The problem can be corrected by upgrading the affected package to
version 2.6.10-34.17 (for Ubuntu 5.04) or 2.6.12-10.32 (for Ubuntu
5.10). After a standard system upgrade you need to reboot your
computer to effect the necessary changes.
http://www.securityspace.com/smysecure/catid.html?in=USN-281-1
Risk factor : Critical
CVSS Score:
10.0
|
