English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63309
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-715-1 (linux)
Summary:Ubuntu USN-715-1 (linux)
Description:The remote host is missing an update to linux
announced via advisory USN-715-1.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

Details follow:

Hugo Dias discovered that the ATM subsystem did not correctly manage
socket counts. A local attacker could exploit this to cause a system hang,
leading to a denial of service. (CVE-2008-5079)

It was discovered that the inotify subsystem contained watch removal
race conditions. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2008-5182)

Dann Frazier discovered that in certain situations sendmsg did not
correctly release allocated memory. A local attacker could exploit
this to force the system to run out of free memory, leading to a denial
of service. (CVE-2008-5300)

Helge Deller discovered that PA-RISC stack unwinding was not handled
correctly. A local attacker could exploit this to crash the system,
leading do a denial of service. This did not affect official Ubuntu
kernels, but was fixed in the source for anyone performing HPPA kernel
builds. (CVE-2008-5395)

It was discovered that the ATA subsystem did not correctly set timeouts. A
local attacker could exploit this to cause a system hang, leading to a
denial of service. (CVE-2008-5700)

It was discovered that the ib700 watchdog timer did not correctly check
buffer sizes. A local attacker could send a specially crafted ioctl
to the device to cause a system crash, leading to a denial of service.
(CVE-2008-5702)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
linux-image-2.6.27-11-generic 2.6.27-11.27
linux-image-2.6.27-11-server 2.6.27-11.27
linux-image-2.6.27-11-virtual 2.6.27-11.27

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-715-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-5079
Bugtraq: 20081205 CVE-2008-5079: multiple listen()s on same socket corrupts the vcc table (Google Search)
http://www.securityfocus.com/archive/1/archive/1/498943/100/0/threaded
Bugtraq: 20081209 rPSA-2008-0332-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/499044/100/0/threaded
http://marc.info/?l=linux-netdev&m=122841256115780&w=2
Debian Security Information: DSA-1787 (Google Search)
http://www.debian.org/security/2009/dsa-1787
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01358.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:032
http://www.redhat.com/support/errata/RHSA-2009-0225.html
http://www.redhat.com/support/errata/RHSA-2009-0053.html
SuSE Security Announcement: SUSE-SA:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html
SuSE Security Announcement: SUSE-SA:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html
SuSE Security Announcement: SUSE-SA:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
http://www.ubuntu.com/usn/usn-715-1
http://www.ubuntulinux.org/support/documentation/usn/usn-714-1
BugTraq ID: 32676
http://www.securityfocus.com/bid/32676
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11288
http://www.securitytracker.com/id?1021360
http://secunia.com/advisories/32913
http://secunia.com/advisories/33623
http://secunia.com/advisories/33641
http://secunia.com/advisories/33704
http://secunia.com/advisories/33756
http://secunia.com/advisories/33706
http://secunia.com/advisories/33854
http://secunia.com/advisories/33348
http://secunia.com/advisories/33083
http://secunia.com/advisories/34981
http://securityreason.com/securityalert/4694
Common Vulnerability Exposure (CVE) ID: CVE-2008-5182
Debian Security Information: DSA-1681 (Google Search)
http://www.debian.org/security/2008/dsa-1681
BugTraq ID: 33503
http://www.securityfocus.com/bid/33503
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10584
http://secunia.com/advisories/32998
Common Vulnerability Exposure (CVE) ID: CVE-2008-5300
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/512019/100/0/threaded
http://marc.info/?l=linux-netdev&m=122721862313564&w=2
http://marc.info/?l=linux-netdev&m=122765505415944&w=2
http://www.redhat.com/support/errata/RHSA-2009-0014.html
RedHat Security Advisories: RHSA-2009:1550
https://rhn.redhat.com/errata/RHSA-2009-1550.html
BugTraq ID: 32516
http://www.securityfocus.com/bid/32516
http://osvdb.org/50272
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10283
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11427
http://secunia.com/advisories/33556
http://securityreason.com/securityalert/4673
XForce ISS Database: linux-kernel-sendmsg-dos(46943)
http://xforce.iss.net/xforce/xfdb/46943
Common Vulnerability Exposure (CVE) ID: CVE-2008-5395
http://marc.info/?l=linux-parisc&m=121736357203624&w=2
Debian Security Information: DSA-1794 (Google Search)
http://www.debian.org/security/2009/dsa-1794
BugTraq ID: 32636
http://www.securityfocus.com/bid/32636
http://secunia.com/advisories/32933
http://secunia.com/advisories/35011
XForce ISS Database: linux-kernel-pariscshowstack-dos(47075)
http://xforce.iss.net/xforce/xfdb/47075
Common Vulnerability Exposure (CVE) ID: CVE-2008-5700
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
http://openwall.com/lists/oss-security/2008/12/09/2
http://www.redhat.com/support/errata/RHSA-2009-0331.html
http://www.redhat.com/support/errata/RHSA-2009-0326.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10948
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8606
http://secunia.com/advisories/34252
http://secunia.com/advisories/33758
http://secunia.com/advisories/34762
http://secunia.com/advisories/37471
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: linux-kernel-libata-dos(47669)
http://xforce.iss.net/xforce/xfdb/47669
Common Vulnerability Exposure (CVE) ID: CVE-2008-5702
http://lkml.org/lkml/2008/10/5/173
http://openwall.com/lists/oss-security/2008/12/10/2
http://openwall.com/lists/oss-security/2008/12/17/6
http://openwall.com/lists/oss-security/2008/12/17/9
http://openwall.com/lists/oss-security/2008/12/17/20
SuSE Security Announcement: SUSE-SA:2009:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11344
http://secunia.com/advisories/35390
XForce ISS Database: linux-kernel-ibwdtioctl-unknown(47667)
http://xforce.iss.net/xforce/xfdb/47667
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.