Test ID:	1.3.6.1.4.1.25623.1.0.70861
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1146-1 (linux-image-2.6.24-29-386)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to linux-image-2.6.24-29-386 announced via advisory USN-1146-1. Details: Kees Cook discovered that some ethtool functions did not correctly clear heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit this to read portions of kernel heap memory, leading to a loss of privacy. (CVE-2010-4655) Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. (CVE-2010-4656) Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. (CVE-2011-0463) Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2011-0695) Rafael Dominguez Vega discovered that the caiaq Native Instruments USB driver did not correctly validate string lengths. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. (CVE-2011-0712) Timo Warns discovered that LDM partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1012) Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. (CVE-2011-1017) Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1593) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 8.04 LTS: linux-image-2.6.24-29-386 2.6.24-29.90 linux-image-2.6.24-29-generic 2.6.24-29.90 linux-image-2.6.24-29-hppa32 2.6.24-29.90 linux-image-2.6.24-29-hppa64 2.6.24-29.90 linux-image-2.6.24-29-itanium 2.6.24-29.90 linux-image-2.6.24-29-lpia 2.6.24-29.90 linux-image-2.6.24-29-lpiacompat 2.6.24-29.90 linux-image-2.6.24-29-mckinley 2.6.24-29.90 linux-image-2.6.24-29-openvz 2.6.24-29.90 linux-image-2.6.24-29-powerpc 2.6.24-29.90 linux-image-2.6.24-29-powerpc-smp 2.6.24-29.90 linux-image-2.6.24-29-powerpc64-smp 2.6.24-29.90 linux-image-2.6.24-29-rt 2.6.24-29.90 linux-image-2.6.24-29-server 2.6.24-29.90 linux-image-2.6.24-29-sparc64 2.6.24-29.90 linux-image-2.6.24-29-sparc64-smp 2.6.24-29.90 linux-image-2.6.24-29-virtual 2.6.24-29.90 linux-image-2.6.24-29-xen 2.6.24-29.90 http://www.securityspace.com/smysecure/catid.html?in=USN-1146-1 CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:NR/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4655 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console http://www.securityfocus.com/archive/1/520102/100/0/threaded 45972 http://www.securityfocus.com/bid/45972 46397 http://secunia.com/advisories/46397 USN-1146-1 http://www.ubuntu.com/usn/USN-1146-1 [linux-kernel] 20101007 [PATCH] net: clear heap allocations for privileged ethtool actions https://lkml.org/lkml/2010/10/7/297 [oss-security] 20110124 CVE request: linux kernel heap issues http://openwall.com/lists/oss-security/2011/01/24/9 [oss-security] 20110124 Re: CVE request: linux kernel heap issues http://openwall.com/lists/oss-security/2011/01/25/3 [oss-security] 20110125 Re: CVE request: linux kernel heap issues http://openwall.com/lists/oss-security/2011/01/25/4 http://openwall.com/lists/oss-security/2011/01/25/5 [oss-security] 20110128 Re: CVE request: linux kernel heap issues http://openwall.com/lists/oss-security/2011/01/28/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b00916b189d13a615ff05c9242201135992fcda3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=672428 Common Vulnerability Exposure (CVE) ID: CVE-2010-4656 46069 http://www.securityfocus.com/bid/46069 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3ed780117dbe5acb64280d218f0347f238dafed0 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 https://bugzilla.redhat.com/show_bug.cgi?id=672420 Common Vulnerability Exposure (CVE) ID: CVE-2011-0463 http://oss.oracle.com/pipermail/ocfs2-devel/2011-February/007846.html http://secunia.com/advisories/43966 Common Vulnerability Exposure (CVE) ID: CVE-2011-0695 43693 http://secunia.com/advisories/43693 46839 http://www.securityfocus.com/bid/46839 RHSA-2011:0927 http://rhn.redhat.com/errata/RHSA-2011-0927.html [linux-rdma] 20110223 [PATCH 1/2] rdma/cm: Fix crash in request handlers http://www.spinics.net/lists/linux-rdma/msg07447.html [linux-rdma] 20110223 [PATCH 2/2] ib/cm: Bump reference count on cm_id before invoking callback http://www.spinics.net/lists/linux-rdma/msg07448.html [oss-security] 20110311 CVE-2011-0695 kernel: panic in ib_cm:cm_work_handler http://www.openwall.com/lists/oss-security/2011/03/11/1 kernel-infiniband-dos(66056) https://exchange.xforce.ibmcloud.com/vulnerabilities/66056 Common Vulnerability Exposure (CVE) ID: CVE-2011-0712 46419 http://www.securityfocus.com/bid/46419 [oss-security] 20110216 Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow http://www.openwall.com/lists/oss-security/2011/02/16/11 http://www.openwall.com/lists/oss-security/2011/02/16/12 [oss-security] 20110216 kernel: ALSA: caiaq - Fix possible string-buffer overflow http://www.openwall.com/lists/oss-security/2011/02/16/5 http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=eaae55dac6b64c0616046436b294e69fc5311581 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110215.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=677881 kernel-usbdevice-bo(65461) https://exchange.xforce.ibmcloud.com/vulnerabilities/65461 Common Vulnerability Exposure (CVE) ID: CVE-2011-1012 1025127 http://www.securitytracker.com/id?1025127 20110223 [PRE-SA-2011-01] Multiple Linux kernel vulnerabilities in partition handling code of LDM and MAC partition tables http://www.securityfocus.com/archive/1/516615/100/0/threaded 46512 http://www.securityfocus.com/bid/46512 8115 http://securityreason.com/securityalert/8115 [mm-commits] 20110222 + ldm-corrupted-partition-table-can-cause-kernel-oops.patch added to -mm tree http://www.spinics.net/lists/mm-commits/msg82429.html [oss-security] 20110223 CVE request: kernel: Corrupted LDM partition table issues http://openwall.com/lists/oss-security/2011/02/23/4 [oss-security] 20110223 Re: CVE request: kernel: Corrupted LDM partition table issues http://openwall.com/lists/oss-security/2011/02/23/21 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=294f6cf48666825d23c9372ef37631232746e40d http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.38-rc6-git6.log http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt Common Vulnerability Exposure (CVE) ID: CVE-2011-1017 BugTraq ID: 46512 Bugtraq: 20110223 [PRE-SA-2011-01] Multiple Linux kernel vulnerabilities in partition handling code of LDM and MAC partition tables (Google Search) http://openwall.com/lists/oss-security/2011/02/23/16 http://openwall.com/lists/oss-security/2011/02/24/4 http://openwall.com/lists/oss-security/2011/02/24/14 http://securitytracker.com/id?1025128 http://secunia.com/advisories/43716 http://secunia.com/advisories/43738 Common Vulnerability Exposure (CVE) ID: CVE-2011-1593 1025420 http://securitytracker.com/id?1025420 44164 http://secunia.com/advisories/44164 47497 http://www.securityfocus.com/bid/47497 [linux-kernel] 20110418 Re: Kernel panic (NULL ptr deref?) in find_ge_pid()/next_pidmap() (via sys_getdents or sys_readdir) http://groups.google.com/group/fa.linux.kernel/msg/4a28ecb7f755a88d?dmode=source [oss-security] 20110419 CVE request -- kernel: proc: signedness issue in next_pidmap() http://openwall.com/lists/oss-security/2011/04/19/1 [oss-security] 20110420 Re: CVE request -- kernel: proc: signedness issue in next_pidmap() http://openwall.com/lists/oss-security/2011/04/20/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c78193e9c7bcbf25b8237ad0dec82f805c4ea69b http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8bdc59f215e62098bc5b4256fd9928bf27053a1 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.4 https://bugzilla.redhat.com/show_bug.cgi?id=697822 kernel-nextpidmap-dos(66876) https://exchange.xforce.ibmcloud.com/vulnerabilities/66876
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.