English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72151 CVE descriptions
and 38907 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61492
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-614-1 (linux)
Summary:Ubuntu USN-614-1 (linux)
Description:
The remote host is missing an update to linux
announced via advisory USN-614-1.

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

It was discovered that PowerPC kernels did not correctly handle reporting
certain system details. By requesting a specific set of information,
a local attacker could cause a system crash resulting in a denial
of service. (CVE-2007-6694)

A race condition was discovered between dnotify fcntl() and close() in
the kernel. If a local attacker performed malicious dnotify requests,
they could cause memory consumption leading to a denial of service,
or possibly send arbitrary signals to any process. (CVE-2008-1375)

On SMP systems, a race condition existed in fcntl(). Local attackers
could perform malicious locks, causing system crashes and leading to
a denial of service. (CVE-2008-1669)

The tehuti network driver did not correctly handle certain IO functions.
A local attacker could perform malicious requests to the driver,
potentially accessing kernel memory, leading to privilege escalation
or access to private system information. (CVE-2008-1675)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
linux-image-2.6.24-18-386 2.6.24-18.32
linux-image-2.6.24-18-generic 2.6.24-18.32
linux-image-2.6.24-18-hppa32 2.6.24-18.32
linux-image-2.6.24-18-hppa64 2.6.24-18.32
linux-image-2.6.24-18-itanium 2.6.24-18.32
linux-image-2.6.24-18-lpia 2.6.24-18.32
linux-image-2.6.24-18-lpiacompat 2.6.24-18.32
linux-image-2.6.24-18-mckinley 2.6.24-18.32
linux-image-2.6.24-18-openvz 2.6.24-18.32
linux-image-2.6.24-18-powerpc 2.6.24-18.32
linux-image-2.6.24-18-powerpc-smp 2.6.24-18.32
linux-image-2.6.24-18-powerpc64-smp 2.6.24-18.32
linux-image-2.6.24-18-rt 2.6.24-18.32
linux-image-2.6.24-18-server 2.6.24-18.32
linux-image-2.6.24-18-sparc64 2.6.24-18.32
linux-image-2.6.24-18-sparc64-smp 2.6.24-18.32
linux-image-2.6.24-18-virtual 2.6.24-18.32
linux-image-2.6.24-18-xen 2.6.24-18.32

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-386,
linux-powerpc, linux-amd64-generic), a standard system upgrade will
automatically perform this as well.

http://www.securityspace.com/smysecure/catid.html?in=USN-614-1

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-6694
http://marc.info/?l=linux-kernel&m=119576191029571&w=2
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
Debian Security Information: DSA-1565 (Google Search)
http://www.debian.org/security/2008/dsa-1565
RedHat Security Advisories: RHSA-2008:0055
http://rhn.redhat.com/errata/RHSA-2008-0055.html
http://www.redhat.com/support/errata/RHSA-2008-0154.html
http://www.ubuntulinux.org/support/documentation/usn/usn-614-1
http://www.ubuntu.com/usn/usn-618-1
BugTraq ID: 27555
http://www.securityfocus.com/bid/27555
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11215
http://www.vupen.com/english/advisories/2008/0380
http://secunia.com/advisories/28696
http://secunia.com/advisories/28748
http://secunia.com/advisories/29058
http://secunia.com/advisories/29236
http://secunia.com/advisories/30515
http://secunia.com/advisories/30769
http://secunia.com/advisories/30018
Common Vulnerability Exposure (CVE) ID: CVE-2008-1375
Bugtraq: 20080507 rPSA-2008-0157-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/491566/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/491732/100/0/threaded
http://marc.info/?l=linux-kernel&m=120967963803205&w=2
http://marc.info/?l=linux-kernel&m=120967964303224&w=2
http://lists.vmware.com/pipermail/security-announce/2008/000023.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
http://www.mandriva.com/security/advisories?name=MDVSA-2008:104
http://www.redhat.com/support/errata/RHSA-2008-0211.html
http://www.redhat.com/support/errata/RHSA-2008-0233.html
http://www.redhat.com/support/errata/RHSA-2008-0237.html
SuSE Security Announcement: SUSE-SA:2008:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
SuSE Security Announcement: SUSE-SA:2008:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html
SuSE Security Announcement: SUSE-SA:2008:032 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
BugTraq ID: 29003
http://www.securityfocus.com/bid/29003
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11843
http://www.vupen.com/english/advisories/2008/1406/references
http://www.vupen.com/english/advisories/2008/1452/references
http://www.vupen.com/english/advisories/2008/2222/references
http://www.securitytracker.com/id?1019959
http://secunia.com/advisories/30017
http://secunia.com/advisories/30044
http://secunia.com/advisories/30108
http://secunia.com/advisories/30260
http://secunia.com/advisories/30818
http://secunia.com/advisories/30890
http://secunia.com/advisories/30962
http://secunia.com/advisories/31246
http://secunia.com/advisories/30110
http://secunia.com/advisories/30112
http://secunia.com/advisories/30116
XForce ISS Database: linux-kernel-dnotify-privilege-escalation(42131)
http://xforce.iss.net/xforce/xfdb/42131
Common Vulnerability Exposure (CVE) ID: CVE-2008-1669
Bugtraq: 20080507 rPSA-2008-0162-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/491740/100/0/threaded
Debian Security Information: DSA-1575 (Google Search)
http://www.debian.org/security/2008/dsa-1575
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00294.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00357.html
SuSE Security Announcement: SUSE-SA:2008:035 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html
SuSE Security Announcement: SUSE-SA:2008:038 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html
BugTraq ID: 29076
http://www.securityfocus.com/bid/29076
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10065
http://secunia.com/advisories/30982
http://www.vupen.com/english/advisories/2008/1451/references
http://www.securitytracker.com/id?1019974
http://secunia.com/advisories/30077
http://secunia.com/advisories/30276
http://secunia.com/advisories/30252
http://secunia.com/advisories/30164
http://secunia.com/advisories/30101
XForce ISS Database: linux-kernel-fcntlsetlk-dos(42242)
http://xforce.iss.net/xforce/xfdb/42242
Common Vulnerability Exposure (CVE) ID: CVE-2008-1675
http://marc.info/?l=linux-kernel&m=120949204619718&w=2
http://marc.info/?l=linux-kernel&m=120949204519706&w=2
http://marc.info/?l=linux-kernel&m=120949582428998&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2008:109
BugTraq ID: 29014
http://www.securityfocus.com/bid/29014
http://www.securitytracker.com/id?1019960
XForce ISS Database: linux-kernel-tehuti-bo(42132)
http://xforce.iss.net/xforce/xfdb/42132
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.