English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75516 CVE descriptions
and 39786 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56702
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-281-1 (linux-source-2.6.12)
Summary:Ubuntu USN-281-1 (linux-source-2.6.12)
Description:
The remote host is missing an update to linux-source-2.6.12
announced via advisory USN-281-1.

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

linux-image-2.6.10-6-*
linux-image-2.6.12-10-*
linux-patch-ubuntu-2.6.10
linux-patch-ubuntu-2.6.12

The sys_mbind() function did not properly verify the validity of the
'maxnod' argument. A local user could exploit this to trigger a buffer
overflow, which caused a kernel crash. (CVE-2006-0557)

The SELinux module did not correctly handle the tracer SID when a
process was already being traced. A local attacker could exploit this
to cause a kernel crash. (CVE-2006-1052)

Al Viro discovered a local Denial of Service in the sysfs write buffer
handling. By writing a block with a length exactly equal to the
processor's page size to any writable file in /sys, a local attacker
could cause a kernel crash. (CVE-2006-1055)

John Blackwood discovered a race condition with single-step debugging
multiple processes at the same time. A local attacker could exploit
this to crash the system. This only affects the amd64 platform.
(CVE-2006-1066)

Marco Ivaldi discovered a flaw in the handling of the ID number of IP
packets. This number was incremented after receiving unsolicited TCP
SYN-ACK packets. A remote attacker could exploit this to conduct port
scans with the 'Idle scan' method (nmap -sI), which bypassed intended
port scan protections. (CVE-2006-1242)

Pavel Kankovsky discovered that the getsockopt() function, when called
with an SO_ORIGINAL_DST argument, does not properly clear the returned
structure, so that a random piece of kernel memory is exposed to the
user. This could potentially reveal sensitive data like passwords or
encryption keys. (CVE-2006-1343)

A buffer overflow was discovered in the USB Gadget RNDIS
implementation. While creating a reply message, the driver did not
allocate enough memory for the reply structure. A remote attacker
could exploit this to cause a kernel crash. (CVE-2006-1368)

Alexandra Kossovsky discovered an invalid memory access in the
ip_route_input() function. By using the 'ip' command in a particular
way to retrieve multicast routes, a local attacker could exploit this
to crash the kernel. (CVE-2006-1525)

Solution:
The problem can be corrected by upgrading the affected package to
version 2.6.10-34.17 (for Ubuntu 5.04) or 2.6.12-10.32 (for Ubuntu
5.10). After a standard system upgrade you need to reboot your
computer to effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-281-1

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-0557
Debian Security Information: DSA-1103 (Google Search)
http://www.debian.org/security/2006/dsa-1103
http://www.mandriva.com/security/advisories?name=MDKSA-2006:059
RedHat Security Advisories: RHBA-2007-0304
http://rhn.redhat.com/errata/RHBA-2007-0304.html
SuSE Security Announcement: SUSE-SA:2006:028 (Google Search)
http://www.novell.com/linux/security/advisories/2006-05-31.html
http://www.ubuntulinux.org/support/documentation/usn/usn-281-1
BugTraq ID: 16924
http://www.securityfocus.com/bid/16924
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9674
http://www.vupen.com/english/advisories/2006/2554
http://www.osvdb.org/23895
http://securitytracker.com/id?1015752
http://secunia.com/advisories/19955
http://secunia.com/advisories/20914
http://secunia.com/advisories/20398
XForce ISS Database: linux-get-nodes-dos(25204)
http://xforce.iss.net/xforce/xfdb/25204
Common Vulnerability Exposure (CVE) ID: CVE-2006-1052
http://marc.theaimsgroup.com/?l=selinux&m=114226465106131&w=2
http://marc.theaimsgroup.com/?l=git-commits-head&m=114210002712363&w=2
http://selinuxnews.org/wp/index.php/2006/03/13/security-ptrace-bug-cve-2006-1052/
Debian Security Information: DSA-1184 (Google Search)
http://www.debian.org/security/2006/dsa-1184
http://www.mandriva.com/security/advisories?name=MDKSA-2006:086
http://www.redhat.com/support/errata/RHSA-2006-0575.html
BugTraq ID: 17830
http://www.securityfocus.com/bid/17830
http://www.osvdb.org/25232
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10102
http://secunia.com/advisories/20157
http://secunia.com/advisories/21465
http://secunia.com/advisories/22093
http://secunia.com/advisories/22417
Common Vulnerability Exposure (CVE) ID: CVE-2006-1055
http://lwn.net/Alerts/180820/
http://www.trustix.org/errata/2006/0020
http://www.ubuntu.com/usn/usn-302-1
BugTraq ID: 17402
http://www.securityfocus.com/bid/17402
http://www.vupen.com/english/advisories/2006/1273
http://www.vupen.com/english/advisories/2006/1475
http://www.osvdb.org/24443
http://secunia.com/advisories/19495
http://secunia.com/advisories/20716
http://secunia.com/advisories/19735
XForce ISS Database: linux-fillwritebuffer-dos(25693)
http://xforce.iss.net/xforce/xfdb/25693
Common Vulnerability Exposure (CVE) ID: CVE-2006-1066
http://marc.theaimsgroup.com/?l=linux-kernel&m=113932292516359&w=2
Debian Security Information: DSA-1017 (Google Search)
http://www.debian.org/security/2006/dsa-1017
http://www.mandriva.com/security/advisories?name=MDKSA-2006:151
BugTraq ID: 17216
http://www.securityfocus.com/bid/17216
http://www.osvdb.org/24098
http://secunia.com/advisories/19374
http://secunia.com/advisories/21614
Common Vulnerability Exposure (CVE) ID: CVE-2006-1242
Bugtraq: 20060314 Linux zero IP ID vulnerability? (Google Search)
http://www.securityfocus.com/archive/1/archive/1/427622/100/0/threaded
Bugtraq: 20060323 Re: Linux zero IP ID vulnerability? (Google Search)
http://www.securityfocus.com/archive/1/archive/1/427753/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/427893/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/428605/30/6210/threaded
Debian Security Information: DSA-1097 (Google Search)
http://www.debian.org/security/2006/dsa-1097
http://www.redhat.com/support/errata/RHSA-2006-0437.html
BugTraq ID: 17109
http://www.securityfocus.com/bid/17109
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10317
http://www.vupen.com/english/advisories/2006/1140
http://secunia.com/advisories/19402
http://secunia.com/advisories/20671
http://secunia.com/advisories/21136
http://secunia.com/advisories/21983
Common Vulnerability Exposure (CVE) ID: CVE-2006-1343
Bugtraq: 20060531 rPSA-2006-0087-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/435490/100/0/threaded
Bugtraq: 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/451404/100/0/threaded
Bugtraq: 20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/451419/100/200/threaded
Bugtraq: 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/451417/100/200/threaded
Bugtraq: 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/451426/100/200/threaded
http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
http://www.redhat.com/support/errata/RHSA-2006-0579.html
http://www.redhat.com/support/errata/RHSA-2006-0580.html
http://www.trustix.org/errata/2006/0032/
BugTraq ID: 17203
http://www.securityfocus.com/bid/17203
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10875
http://www.vupen.com/english/advisories/2006/2071
http://www.vupen.com/english/advisories/2006/4502
http://www.osvdb.org/29841
http://secunia.com/advisories/19357
http://secunia.com/advisories/21045
http://secunia.com/advisories/22875
XForce ISS Database: linux-sockaddr-memory-leak(25425)
http://xforce.iss.net/xforce/xfdb/25425
Common Vulnerability Exposure (CVE) ID: CVE-2006-1368
BugTraq ID: 17831
http://www.securityfocus.com/bid/17831
http://www.vupen.com/english/advisories/2006/1046
http://secunia.com/advisories/19330
Common Vulnerability Exposure (CVE) ID: CVE-2006-1525
http://www.redhat.com/support/errata/RHSA-2006-0493.html
BugTraq ID: 17593
http://www.securityfocus.com/bid/17593
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10146
http://www.vupen.com/english/advisories/2006/1399
http://www.osvdb.org/24715
http://secunia.com/advisories/19709
http://secunia.com/advisories/20237
http://secunia.com/advisories/21745
http://secunia.com/advisories/21476
XForce ISS Database: linux-ip-route-input-dos(25872)
http://xforce.iss.net/xforce/xfdb/25872
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 39786 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.