English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75803 CVE descriptions
and 40037 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58477
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-489-1 (linux-source-2.6.15)
Summary:Ubuntu USN-489-1 (linux-source-2.6.15)
Description:
The remote host is missing an update to linux-source-2.6.15
announced via advisory USN-489-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

A flaw was discovered in dvb ULE decapsulation. A remote attacker could
send a specially crafted message and cause a denial of service.
(CVE-2006-4623)

The compat_sys_mount function allowed local users to cause a denial of
service when mounting a smbfs filesystem in compatibility mode.
(CVE-2006-7203)

The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of
buffers passed to read() and write(). A local attacker could exploit
this to execute arbitrary code with kernel privileges. (CVE-2007-0005)

Due to an variable handling flaw in the ipv6_getsockopt_sticky()
function a local attacker could exploit the getsockopt() calls to read
arbitrary kernel memory. This could disclose sensitive data.
(CVE-2007-1000)

Ilja van Sprundel discovered that Bluetooth setsockopt calls could
leak kernel memory contents via an uninitialized stack buffer. A local
attacker could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)

A flaw was discovered in the handling of netlink messages. Local
attackers could cause infinite recursion leading to a denial of service.
(CVE-2007-1861)

The random number generator was hashing a subset of the available entropy,
leading to slightly less random numbers. Additionally, systems without
an entropy source would be seeded with the same inputs at boot time,
leading to a repeatable series of random numbers. (CVE-2007-2453)

A flaw was discovered in the PPP over Ethernet implementation. Local
attackers could manipulate ioctls and cause kernel memory consumption
leading to a denial of service. (CVE-2007-2525)

An integer underflow was discovered in the cpuset filesystem. If mounted,
local attackers could obtain kernel memory using large file offsets
while reading the tasks file. This could disclose sensitive data.
(CVE-2007-2875)

Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly
validate certain states. A remote attacker could send a specially
crafted packet causing a denial of service. (CVE-2007-2876)

Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit
systems. A local attacker could corrupt a kernel_dirent struct and
cause a denial of service. (CVE-2007-2878)

A flaw was discovered in the cluster manager. A remote attacker could
connect to the DLM port and block further DLM operations.
(CVE-2007-3380)

A flaw was discovered in the usblcd driver. A local attacker could
cause large amounts of kernel memory consumption, leading to a denial
of service. (CVE-2007-3513)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
linux-image-2.6.15-28-* 2.6.15-28.57

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-489-1

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-4623
Bugtraq: 20061017 rPSA-2006-0194-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/448998/100/0/threaded
Bugtraq: 20070615 rPSA-2007-0124-1 kernel xen (Google Search)
http://www.securityfocus.com/archive/1/471457
http://lkml.org/lkml/2006/8/20/278
Debian Security Information: DSA-1304 (Google Search)
http://www.debian.org/security/2007/dsa-1304
http://www.mandriva.com/security/advisories?name=MDKSA-2006:182
http://www.redhat.com/support/errata/RHSA-2006-0689.html
SuSE Security Announcement: SUSE-SA:2006:079 (Google Search)
http://www.novell.com/linux/security/advisories/2006_79_kernel.html
http://www.ubuntu.com/usn/usn-489-1
BugTraq ID: 19939
http://www.securityfocus.com/bid/19939
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9775
http://www.vupen.com/english/advisories/2006/3551
http://secunia.com/advisories/21820
http://secunia.com/advisories/22292
http://secunia.com/advisories/22382
http://secunia.com/advisories/22441
http://secunia.com/advisories/22945
http://secunia.com/advisories/25714
http://secunia.com/advisories/25691
http://secunia.com/advisories/23474
http://secunia.com/advisories/26139
Common Vulnerability Exposure (CVE) ID: CVE-2006-7203
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
http://www.mandriva.com/security/advisories?name=MDKSA-2007:171
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
RedHat Security Advisories: RHSA-2007:0376
https://rhn.redhat.com/errata/RHSA-2007-0376.html
RedHat Security Advisories: RHSA-2007:0488
http://rhn.redhat.com/errata/RHSA-2007-0488.html
SuSE Security Announcement: SUSE-SA:2007:035 (Google Search)
http://www.novell.com/linux/security/advisories/2007_35_kernel.html
SuSE Security Announcement: SUSE-SA:2007:043 (Google Search)
http://www.novell.com/linux/security/advisories/2007_43_kernel.html
http://www.ubuntu.com/usn/usn-486-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10941
http://www.vupen.com/english/advisories/2007/2209
http://secunia.com/advisories/25682
http://secunia.com/advisories/25700
http://secunia.com/advisories/25683
http://secunia.com/advisories/25838
http://secunia.com/advisories/25961
http://secunia.com/advisories/26133
http://secunia.com/advisories/26289
http://secunia.com/advisories/26620
http://secunia.com/advisories/29058
Common Vulnerability Exposure (CVE) ID: CVE-2007-0005
Bugtraq: 20070309 Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/462300/100/0/threaded
Debian Security Information: DSA-1286 (Google Search)
http://www.debian.org/security/2007/dsa-1286
http://fedoranews.org/cms/node/2787
http://fedoranews.org/cms/node/2788
http://www.mandriva.com/security/advisories?name=MDKSA-2007:078
http://www.redhat.com/support/errata/RHSA-2007-0099.html
BugTraq ID: 22870
http://www.securityfocus.com/bid/22870
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11238
http://www.vupen.com/english/advisories/2007/0872
http://www.osvdb.org/33023
http://secunia.com/advisories/24436
http://secunia.com/advisories/24518
http://secunia.com/advisories/24777
http://secunia.com/advisories/24901
http://secunia.com/advisories/25078
XForce ISS Database: kernel-cardman4040drivers-bo(32880)
http://xforce.iss.net/xforce/xfdb/32880
Common Vulnerability Exposure (CVE) ID: CVE-2007-1000
http://www.wslabi.com/wabisabilabi/initPublishedBid.do?
http://www.redhat.com/support/errata/RHSA-2007-0169.html
SuSE Security Announcement: SUSE-SA:2007:029 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-May/0001.html
CERT/CC vulnerability note: VU#920689
http://www.kb.cert.org/vuls/id/920689
BugTraq ID: 22904
http://www.securityfocus.com/bid/22904
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10015
http://www.vupen.com/english/advisories/2007/0907
http://www.osvdb.org/33025
http://secunia.com/advisories/25080
http://secunia.com/advisories/25099
http://secunia.com/advisories/24493
Common Vulnerability Exposure (CVE) ID: CVE-2007-1353
Debian Security Information: DSA-1356 (Google Search)
http://www.debian.org/security/2007/dsa-1356
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
http://www.redhat.com/support/errata/RHSA-2007-0673.html
http://www.redhat.com/support/errata/RHSA-2007-0672.html
http://www.redhat.com/support/errata/RHSA-2007-0671.html
http://www.ubuntu.com/usn/usn-470-1
BugTraq ID: 23594
http://www.securityfocus.com/bid/23594
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10626
http://www.vupen.com/english/advisories/2007/1495
http://secunia.com/advisories/24976
http://secunia.com/advisories/25596
http://secunia.com/advisories/26379
http://secunia.com/advisories/26478
http://secunia.com/advisories/26450
http://secunia.com/advisories/27528
Common Vulnerability Exposure (CVE) ID: CVE-2007-1861
Bugtraq: 20070508 FLEA-2007-0016-1: kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/467939/30/6690/threaded
Debian Security Information: DSA-1289 (Google Search)
http://www.debian.org/security/2007/dsa-1289
http://www.redhat.com/support/errata/RHSA-2007-0347.html
BugTraq ID: 23677
http://www.securityfocus.com/bid/23677
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11616
http://www.vupen.com/english/advisories/2007/1595
http://secunia.com/advisories/25030
http://secunia.com/advisories/25083
http://secunia.com/advisories/25228
http://secunia.com/advisories/25288
XForce ISS Database: kernel-netlinkfiblookup-dos(34014)
http://xforce.iss.net/xforce/xfdb/34014
Common Vulnerability Exposure (CVE) ID: CVE-2007-2453
http://marc.info/?l=linux-kernel&m=118128610219959&w=2
http://marc.info/?l=linux-kernel&m=118128622431272&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216
SuSE Security Announcement: SUSE-SA:2007:051 (Google Search)
http://www.novell.com/linux/security/advisories/2007_51_kernel.html
BugTraq ID: 24390
http://www.securityfocus.com/bid/24390
http://osvdb.org/37114
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9960
http://www.vupen.com/english/advisories/2007/2105
http://www.securitytracker.com/id?1018248
http://secunia.com/advisories/26664
XForce ISS Database: kernel-randomnumber-weak-security(34781)
http://xforce.iss.net/xforce/xfdb/34781
Common Vulnerability Exposure (CVE) ID: CVE-2007-2525
SuSE Security Announcement: SUSE-SA:2007:053 (Google Search)
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.ubuntu.com/usn/usn-510-1
BugTraq ID: 23870
http://www.securityfocus.com/bid/23870
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10594
http://www.vupen.com/english/advisories/2007/1703
http://secunia.com/advisories/25163
http://secunia.com/advisories/27227
XForce ISS Database: kernel-pppoe-dos(34150)
http://xforce.iss.net/xforce/xfdb/34150
Common Vulnerability Exposure (CVE) ID: CVE-2007-2875
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=541
Debian Security Information: DSA-1363 (Google Search)
http://www.debian.org/security/2007/dsa-1363
http://www.redhat.com/support/errata/RHSA-2007-0705.html
BugTraq ID: 24389
http://www.securityfocus.com/bid/24389
http://osvdb.org/37113
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9251
http://www.securitytracker.com/id?1018211
http://secunia.com/advisories/26647
http://secunia.com/advisories/26760
XForce ISS Database: kernel-cpusettasksread-info-disclosure(34779)
http://xforce.iss.net/xforce/xfdb/34779
Common Vulnerability Exposure (CVE) ID: CVE-2007-2876
BugTraq ID: 24376
http://www.securityfocus.com/bid/24376
http://osvdb.org/37112
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10116
XForce ISS Database: kernel-sctpnew-dos(34777)
http://xforce.iss.net/xforce/xfdb/34777
Common Vulnerability Exposure (CVE) ID: CVE-2007-2878
Debian Security Information: DSA-1479 (Google Search)
http://www.debian.org/security/2008/dsa-1479
http://www.redhat.com/support/errata/RHSA-2007-0939.html
BugTraq ID: 24134
http://www.securityfocus.com/bid/24134
http://osvdb.org/35926
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11674
http://www.vupen.com/english/advisories/2007/2023
http://secunia.com/advisories/25505
http://secunia.com/advisories/27436
http://secunia.com/advisories/27747
http://secunia.com/advisories/28626
XForce ISS Database: kernel-vfatioctls-dos(34669)
http://xforce.iss.net/xforce/xfdb/34669
Common Vulnerability Exposure (CVE) ID: CVE-2007-3380
http://www.redhat.com/support/errata/RHSA-2007-0940.html
http://www.ubuntu.com/usn/usn-489-2
BugTraq ID: 24968
http://www.securityfocus.com/bid/24968
http://osvdb.org/37109
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9337
http://secunia.com/advisories/27322
XForce ISS Database: clusterproject-dlm-dos(35516)
http://xforce.iss.net/xforce/xfdb/35516
Common Vulnerability Exposure (CVE) ID: CVE-2007-3513
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195
http://www.ubuntu.com/usn/usn-509-1
BugTraq ID: 24734
http://www.securityfocus.com/bid/24734
http://osvdb.org/37116
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9883
http://www.vupen.com/english/advisories/2007/2403
http://secunia.com/advisories/25895
http://secunia.com/advisories/26643
http://secunia.com/advisories/27212
XForce ISS Database: kernel-lcdwrite-dos(35302)
http://xforce.iss.net/xforce/xfdb/35302
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.