English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58607
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-508-1 (linux-source-2.6.15)
Summary:Ubuntu USN-508-1 (linux-source-2.6.15)
Description:
The remote host is missing an update to linux-source-2.6.15
announced via advisory USN-508-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

A buffer overflow was discovered in the Moxa serial driver. Local
attackers could execute arbitrary code and gain root privileges.
(CVE-2005-0504)

A flaw was discovered in the IPv6 stack's handling of type 0 route headers.
By sending a specially crafted IPv6 packet, a remote attacker could cause
a denial of service between two IPv6 hosts. (CVE-2007-2242)

A flaw in the sysfs_readdir function allowed a local user to cause a
denial of service by dereferencing a NULL pointer. (CVE-2007-3104)

A buffer overflow was discovered in the random number generator. In
environments with granular assignment of root privileges, a local attacker
could gain additional privileges. (CVE-2007-3105)

It was discovered that certain setuid-root processes did not correctly
reset process death signal handlers. A local user could manipulate this
to send signals to processes they would not normally have access to.
(CVE-2007-3848)

It was discovered that the aacraid SCSI driver did not correctly check
permissions on certain ioctls. A local attacker could cause a denial
of service or gain privileges. (CVE-2007-4308)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
linux-image-2.6.15-29-* 2.6.15-29.58

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-386,
linux-powerpc, linux-amd64-generic), a standard system upgrade will
automatically perform this as well.

http://www.securityspace.com/smysecure/catid.html?in=USN-508-1

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-0504
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
Debian Security Information: DSA-1070 (Google Search)
http://www.debian.org/security/2006/dsa-1070
Debian Security Information: DSA-1067 (Google Search)
http://www.debian.org/security/2006/dsa-1067
Debian Security Information: DSA-1069 (Google Search)
http://www.debian.org/security/2006/dsa-1069
Debian Security Information: DSA-1082 (Google Search)
http://www.debian.org/security/2006/dsa-1082
http://www.redhat.com/support/errata/RHSA-2005-529.html
http://www.redhat.com/support/errata/RHSA-2005-551.html
http://www.redhat.com/support/errata/RHSA-2005-663.html
http://www.redhat.com/support/errata/RHSA-2008-0237.html
http://www.ubuntu.com/usn/usn-508-1
BugTraq ID: 12195
http://www.securityfocus.com/bid/12195
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9770
http://www.vupen.com/english/advisories/2005/1878
http://securitytracker.com/id?1013273
http://secunia.com/advisories/17002
http://secunia.com/advisories/20163
http://secunia.com/advisories/20202
http://secunia.com/advisories/20338
http://secunia.com/advisories/26651
http://secunia.com/advisories/30112
Common Vulnerability Exposure (CVE) ID: CVE-2007-2242
Bugtraq: 20070615 rPSA-2007-0124-1 kernel xen (Google Search)
http://www.securityfocus.com/archive/1/471457
Bugtraq: 20070508 FLEA-2007-0016-1: kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/467939/30/6690/threaded
http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
FreeBSD Security Advisory: FreeBSD-SA-07:03.ipv6
http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc
http://www.mandriva.com/security/advisories?name=MDKSA-2007:171
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216
OpenBSD Security Advisory: [3.9] 20070423 022: SECURITY FIX: April 23, 2007
http://openbsd.org/errata39.html#022_route6
OpenBSD Security Advisory: [4.0] 20070423 012: SECURITY FIX: April 23, 2007
http://openbsd.org/errata40.html#012_route6
http://www.redhat.com/support/errata/RHSA-2007-0347.html
SuSE Security Announcement: SUSE-SA:2007:051 (Google Search)
http://www.novell.com/linux/security/advisories/2007_51_kernel.html
SuSE Security Announcement: SUSE-SA:2008:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
http://www.ubuntu.com/usn/usn-486-1
CERT/CC vulnerability note: VU#267289
http://www.kb.cert.org/vuls/id/267289
BugTraq ID: 23615
http://www.securityfocus.com/bid/23615
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9574
http://www.vupen.com/english/advisories/2007/1563
http://www.vupen.com/english/advisories/2007/3050
http://www.vupen.com/english/advisories/2007/2270
http://www.securitytracker.com/id?1017949
http://secunia.com/advisories/24978
http://secunia.com/advisories/25033
http://secunia.com/advisories/25068
http://secunia.com/advisories/25083
http://secunia.com/advisories/25288
http://secunia.com/advisories/25691
http://secunia.com/advisories/25770
http://secunia.com/advisories/26133
http://secunia.com/advisories/26703
http://secunia.com/advisories/26620
http://secunia.com/advisories/26664
http://secunia.com/advisories/28806
XForce ISS Database: openbsd-ipv6-type0-dos(33851)
http://xforce.iss.net/xforce/xfdb/33851
Common Vulnerability Exposure (CVE) ID: CVE-2007-3104
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=242558
Debian Security Information: DSA-1428 (Google Search)
http://www.debian.org/security/2007/dsa-1428
RedHat Security Advisories: RHSA-2007:0488
http://rhn.redhat.com/errata/RHSA-2007-0488.html
http://www.redhat.com/support/errata/RHSA-2008-0089.html
SuSE Security Announcement: SUSE-SA:2007:064 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
http://www.ubuntu.com/usn/usn-510-1
http://www.ubuntu.com/usn/usn-509-1
BugTraq ID: 24631
http://www.securityfocus.com/bid/24631
http://osvdb.org/37115
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11233
http://www.securitytracker.com/id?1018289
http://secunia.com/advisories/25771
http://secunia.com/advisories/25838
http://secunia.com/advisories/26289
http://secunia.com/advisories/26643
http://secunia.com/advisories/27912
http://secunia.com/advisories/28033
http://secunia.com/advisories/28643
Common Vulnerability Exposure (CVE) ID: CVE-2007-3105
Debian Security Information: DSA-1363 (Google Search)
http://www.debian.org/security/2007/dsa-1363
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195
http://www.redhat.com/support/errata/RHSA-2007-0940.html
http://www.redhat.com/support/errata/RHSA-2007-0939.html
SuSE Security Announcement: SUSE-SA:2007:053 (Google Search)
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
BugTraq ID: 25348
http://www.securityfocus.com/bid/25348
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10371
http://secunia.com/advisories/26500
http://secunia.com/advisories/26647
http://secunia.com/advisories/27322
http://secunia.com/advisories/27436
http://secunia.com/advisories/27212
http://secunia.com/advisories/27227
http://secunia.com/advisories/27747
http://secunia.com/advisories/29058
Common Vulnerability Exposure (CVE) ID: CVE-2007-3848
Bugtraq: 20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process DeathSignal Vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=118711306802632&w=2
Bugtraq: 20070814 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/476677/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/476803/100/0/threaded
Bugtraq: 20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/476464/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/476538/100/0/threaded
http://marc.info/?l=openwall-announce&m=118710356812637&w=2
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848
Debian Security Information: DSA-1356 (Google Search)
http://www.debian.org/security/2007/dsa-1356
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
http://www.redhat.com/support/errata/RHSA-2007-1049.html
http://www.redhat.com/support/errata/RHSA-2008-0787.html
SuSE Security Announcement: SUSE-SA:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
BugTraq ID: 25387
http://www.securityfocus.com/bid/25387
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10120
http://secunia.com/advisories/26450
http://secunia.com/advisories/27913
http://secunia.com/advisories/29570
http://secunia.com/advisories/33280
Common Vulnerability Exposure (CVE) ID: CVE-2007-4308
Bugtraq: 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates (Google Search)
http://www.securityfocus.com/archive/1/archive/1/488457/100/0/threaded
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
BugTraq ID: 25216
http://www.securityfocus.com/bid/25216
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8872
http://www.vupen.com/english/advisories/2007/2786
http://www.vupen.com/english/advisories/2008/0637
http://securitytracker.com/id?1019470
http://secunia.com/advisories/26322
http://secunia.com/advisories/29032
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.