| Description: | Description:
The remote host is missing an update to linux-image-2.6.32-316-ec2
announced via advisory USN-1141-1.
Details:
Brad Spengler discovered that the kernel did not correctly account for
userspace memory allocations during exec() calls. A local attacker could
exploit this to consume all system memory, leading to a denial of service.
(CVE-2010-4243)
Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not
correctly handle certain configurations. If such a device was configured
without VLANs, a remote attacker could crash the system, leading to a
denial of service. (CVE-2010-4263)
Nelson Elhage discovered that Econet did not correctly handle AUN packets
over UDP. A local attacker could send specially crafted traffic to crash
the system, leading to a denial of service. (CVE-2010-4342)
Dan Rosenberg discovered that IRDA did not correctly check the size of
buffers. On non-x86 systems, a local attacker could exploit this to read
kernel heap memory, leading to a loss of privacy. (CVE-2010-4529)
Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses
into the /proc filesystem. A local attacker could use this to increase
the chances of a successful memory corruption exploit. (CVE-2010-4565)
Kees Cook discovered that the IOWarrior USB device driver did not
correctly check certain size fields. A local attacker with physical
access could plug in a specially crafted USB device to crash the system
or potentially gain root privileges. (CVE-2010-4656)
Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly
clear memory when writing certain file holes. A local attacker could
exploit this to read uninitialized data from the disk, leading to a loss
of privacy. (CVE-2011-0463)
Dan Carpenter discovered that the TTPCI DVB driver did not check certain
values during an ioctl. If the dvb-ttpci module was loaded, a local
attacker could exploit this to crash the system, leading to a denial of
service, or possibly gain root privileges. (CVE-2011-0521)
Jens Kuehnel discovered that the InfiniBand driver contained a race
condition. On systems using InfiniBand, a local attacker could send
specially crafted requests to crash the system, leading to a denial of
service. (CVE-2011-0695)
Rafael Dominguez Vega discovered that the caiaq Native Instruments USB
driver did not correctly validate string lengths. A local attacker with
physical access could plug in a specially crafted USB device to crash
the system or potentially gain root privileges. (CVE-2011-0712)
Kees Cook reported that /proc/pid/stat did not correctly filter certain
memory locations. A local attacker could determine the memory layout of
processes in an attempt to increase the chances of a successful memory
corruption exploit. (CVE-2011-0726)
Timo Warns discovered that MAC partition parsing routines did not
correctly calculate block counts. A local attacker with physical access
could plug in a specially crafted block device to crash the system or
potentially gain root privileges. (CVE-2011-1010)
Timo Warns discovered that LDM partition parsing routines did not
correctly calculate block counts. A local attacker with physical access
could plug in a specially crafted block device to crash the system, leading
to a denial of service. (CVE-2011-1012)
Matthiew Herrb discovered that the drm modeset interface did not correctly
handle a signed comparison. A local attacker could exploit this to crash
the system or possibly gain root privileges. (CVE-2011-1013)
Marek Ol??k discovered that the Radeon GPU drivers did not correctly
validate certain registers. On systems with specific hardware,
a local attacker could exploit this to write to arbitrary video
memory. (CVE-2011-1016)
Vasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not
needed to load kernel modules. A local attacker with the CAP_NET_ADMIN
capability could load existing kernel modules, possibly increasing the
attack surface available on the system. (CVE-2011-1019)
Nelson Elhage discovered that the epoll subsystem did not correctly handle
certain structures. A local attacker could create malicious requests that
would hang the system, leading to a denial of service. (CVE-2011-1082)
Nelson Elhage discovered that the epoll subsystem did not correctly handle
certain structures. A local attacker could create malicious requests that
would consume large amounts of CPU, leading to a denial of service.
(CVE-2011-1083)
Julien Tinnes discovered that the kernel did not correctly validate
the signal structure from tkill(). A local attacker could exploit
this to send signals to arbitrary threads, possibly bypassing expected
restrictions. (CVE-2011-1182)
Solution:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.32-316-ec2 2.6.32-316.31
linux-image-2.6.32-32-386 2.6.32-32.62
linux-image-2.6.32-32-generic 2.6.32-32.62
linux-image-2.6.32-32-generic-pae 2.6.32-32.62
linux-image-2.6.32-32-ia64 2.6.32-32.62
linux-image-2.6.32-32-lpia 2.6.32-32.62
linux-image-2.6.32-32-powerpc 2.6.32-32.62
linux-image-2.6.32-32-powerpc-smp 2.6.32-32.62
linux-image-2.6.32-32-powerpc64-smp 2.6.32-32.62
linux-image-2.6.32-32-preempt 2.6.32-32.62
linux-image-2.6.32-32-server 2.6.32-32.62
linux-image-2.6.32-32-sparc64 2.6.32-32.62
linux-image-2.6.32-32-sparc64-smp 2.6.32-32.62
linux-image-2.6.32-32-versatile 2.6.32-32.62
linux-image-2.6.32-32-virtual 2.6.32-32.62
http://www.securityspace.com/smysecure/catid.html?in=USN-1141-1
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:NR/C:C/I:C/A:C
|
