English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.840028
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-489-1)
Summary:The remote host is missing an update for the 'linux-source-2.6.15' package(s) announced via the USN-489-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-source-2.6.15' package(s) announced via the USN-489-1 advisory.

Vulnerability Insight:
A flaw was discovered in dvb ULE decapsulation. A remote attacker could
send a specially crafted message and cause a denial of service.
(CVE-2006-4623)

The compat_sys_mount function allowed local users to cause a denial of
service when mounting a smbfs filesystem in compatibility mode.
(CVE-2006-7203)

The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of
buffers passed to read() and write(). A local attacker could exploit
this to execute arbitrary code with kernel privileges. (CVE-2007-0005)

Due to an variable handling flaw in the ipv6_getsockopt_sticky()
function a local attacker could exploit the getsockopt() calls to read
arbitrary kernel memory. This could disclose sensitive data.
(CVE-2007-1000)

Ilja van Sprundel discovered that Bluetooth setsockopt calls could
leak kernel memory contents via an uninitialized stack buffer. A local
attacker could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)

A flaw was discovered in the handling of netlink messages. Local
attackers could cause infinite recursion leading to a denial of service.
(CVE-2007-1861)

The random number generator was hashing a subset of the available entropy,
leading to slightly less random numbers. Additionally, systems without
an entropy source would be seeded with the same inputs at boot time,
leading to a repeatable series of random numbers. (CVE-2007-2453)

A flaw was discovered in the PPP over Ethernet implementation. Local
attackers could manipulate ioctls and cause kernel memory consumption
leading to a denial of service. (CVE-2007-2525)

An integer underflow was discovered in the cpuset filesystem. If mounted,
local attackers could obtain kernel memory using large file offsets
while reading the tasks file. This could disclose sensitive data.
(CVE-2007-2875)

Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly
validate certain states. A remote attacker could send a specially
crafted packet causing a denial of service. (CVE-2007-2876)

Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit
systems. A local attacker could corrupt a kernel_dirent struct and
cause a denial of service. (CVE-2007-2878)

A flaw was discovered in the cluster manager. A remote attacker could
connect to the DLM port and block further DLM operations.
(CVE-2007-3380)

A flaw was discovered in the usblcd driver. A local attacker could
cause large amounts of kernel memory consumption, leading to a denial
of service. (CVE-2007-3513)

Affected Software/OS:
'linux-source-2.6.15' package(s) on Ubuntu 6.06.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-4623
BugTraq ID: 19939
http://www.securityfocus.com/bid/19939
Bugtraq: 20061017 rPSA-2006-0194-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/448998/100/0/threaded
Bugtraq: 20070615 rPSA-2007-0124-1 kernel xen (Google Search)
http://www.securityfocus.com/archive/1/471457
Debian Security Information: DSA-1304 (Google Search)
http://www.debian.org/security/2007/dsa-1304
http://www.mandriva.com/security/advisories?name=MDKSA-2006:182
http://lkml.org/lkml/2006/8/20/278
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9775
http://www.redhat.com/support/errata/RHSA-2006-0689.html
http://secunia.com/advisories/21820
http://secunia.com/advisories/22292
http://secunia.com/advisories/22382
http://secunia.com/advisories/22441
http://secunia.com/advisories/22945
http://secunia.com/advisories/23474
http://secunia.com/advisories/25691
http://secunia.com/advisories/25714
http://secunia.com/advisories/26139
SuSE Security Announcement: SUSE-SA:2006:079 (Google Search)
http://www.novell.com/linux/security/advisories/2006_79_kernel.html
http://www.ubuntu.com/usn/usn-489-1
http://www.vupen.com/english/advisories/2006/3551
Common Vulnerability Exposure (CVE) ID: CVE-2006-7203
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
http://www.mandriva.com/security/advisories?name=MDKSA-2007:171
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10941
RedHat Security Advisories: RHSA-2007:0376
https://rhn.redhat.com/errata/RHSA-2007-0376.html
RedHat Security Advisories: RHSA-2007:0488
http://rhn.redhat.com/errata/RHSA-2007-0488.html
http://secunia.com/advisories/25682
http://secunia.com/advisories/25683
http://secunia.com/advisories/25700
http://secunia.com/advisories/25838
http://secunia.com/advisories/25961
http://secunia.com/advisories/26133
http://secunia.com/advisories/26289
http://secunia.com/advisories/26620
http://secunia.com/advisories/29058
SuSE Security Announcement: SUSE-SA:2007:035 (Google Search)
http://www.novell.com/linux/security/advisories/2007_35_kernel.html
SuSE Security Announcement: SUSE-SA:2007:043 (Google Search)
http://www.novell.com/linux/security/advisories/2007_43_kernel.html
http://www.ubuntu.com/usn/usn-486-1
http://www.vupen.com/english/advisories/2007/2209
Common Vulnerability Exposure (CVE) ID: CVE-2007-0005
20070309 Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005)
http://www.securityfocus.com/archive/1/462300/100/0/threaded
20070615 rPSA-2007-0124-1 kernel xen
22870
http://www.securityfocus.com/bid/22870
24436
http://secunia.com/advisories/24436
24518
http://secunia.com/advisories/24518
24777
http://secunia.com/advisories/24777
24901
http://secunia.com/advisories/24901
25078
http://secunia.com/advisories/25078
25691
26133
26139
33023
http://www.osvdb.org/33023
ADV-2007-0872
http://www.vupen.com/english/advisories/2007/0872
DSA-1286
http://www.debian.org/security/2007/dsa-1286
FEDORA-2007-335
http://fedoranews.org/cms/node/2787
FEDORA-2007-336
http://fedoranews.org/cms/node/2788
MDKSA-2007:078
http://www.mandriva.com/security/advisories?name=MDKSA-2007:078
RHSA-2007:0099
http://www.redhat.com/support/errata/RHSA-2007-0099.html
USN-486-1
USN-489-1
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc3
https://issues.rpath.com/browse/RPL-1035
kernel-cardman4040drivers-bo(32880)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32880
oval:org.mitre.oval:def:11238
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11238
Common Vulnerability Exposure (CVE) ID: CVE-2007-1000
22904
http://www.securityfocus.com/bid/22904
24493
http://secunia.com/advisories/24493
25080
http://secunia.com/advisories/25080
25099
http://secunia.com/advisories/25099
33025
http://www.osvdb.org/33025
ADV-2007-0907
http://www.vupen.com/english/advisories/2007/0907
RHSA-2007:0169
http://www.redhat.com/support/errata/RHSA-2007-0169.html
SUSE-SA:2007:029
http://lists.suse.com/archive/suse-security-announce/2007-May/0001.html
VU#920689
http://www.kb.cert.org/vuls/id/920689
http://bugzilla.kernel.org/show_bug.cgi?id=8134
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.2
http://www.wslabi.com/wabisabilabi/initPublishedBid.do?
https://issues.rpath.com/browse/RPL-1153
oval:org.mitre.oval:def:10015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10015
Common Vulnerability Exposure (CVE) ID: CVE-2007-1353
BugTraq ID: 23594
http://www.securityfocus.com/bid/23594
Debian Security Information: DSA-1356 (Google Search)
http://www.debian.org/security/2007/dsa-1356
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10626
http://www.redhat.com/support/errata/RHSA-2007-0671.html
http://www.redhat.com/support/errata/RHSA-2007-0672.html
http://www.redhat.com/support/errata/RHSA-2007-0673.html
http://secunia.com/advisories/24976
http://secunia.com/advisories/25596
http://secunia.com/advisories/26379
http://secunia.com/advisories/26450
http://secunia.com/advisories/26478
http://secunia.com/advisories/27528
http://www.ubuntu.com/usn/usn-470-1
http://www.vupen.com/english/advisories/2007/1495
Common Vulnerability Exposure (CVE) ID: CVE-2007-1861
BugTraq ID: 23677
http://www.securityfocus.com/bid/23677
Bugtraq: 20070508 FLEA-2007-0016-1: kernel (Google Search)
http://www.securityfocus.com/archive/1/467939/30/6690/threaded
Debian Security Information: DSA-1289 (Google Search)
http://www.debian.org/security/2007/dsa-1289
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11616
http://www.redhat.com/support/errata/RHSA-2007-0347.html
http://secunia.com/advisories/25030
http://secunia.com/advisories/25083
http://secunia.com/advisories/25228
http://secunia.com/advisories/25288
http://www.vupen.com/english/advisories/2007/1595
XForce ISS Database: kernel-netlinkfiblookup-dos(34014)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34014
Common Vulnerability Exposure (CVE) ID: CVE-2007-2453
BugTraq ID: 24390
http://www.securityfocus.com/bid/24390
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216
http://marc.info/?l=linux-kernel&m=118128610219959&w=2
http://marc.info/?l=linux-kernel&m=118128622431272&w=2
http://osvdb.org/37114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9960
http://www.securitytracker.com/id?1018248
http://secunia.com/advisories/26664
SuSE Security Announcement: SUSE-SA:2007:051 (Google Search)
http://www.novell.com/linux/security/advisories/2007_51_kernel.html
http://www.vupen.com/english/advisories/2007/2105
XForce ISS Database: kernel-randomnumber-weak-security(34781)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34781
Common Vulnerability Exposure (CVE) ID: CVE-2007-2525
BugTraq ID: 23870
http://www.securityfocus.com/bid/23870
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10594
http://secunia.com/advisories/25163
http://secunia.com/advisories/27227
SuSE Security Announcement: SUSE-SA:2007:053 (Google Search)
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.ubuntu.com/usn/usn-510-1
http://www.vupen.com/english/advisories/2007/1703
XForce ISS Database: kernel-pppoe-dos(34150)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34150
Common Vulnerability Exposure (CVE) ID: CVE-2007-2875
BugTraq ID: 24389
http://www.securityfocus.com/bid/24389
Debian Security Information: DSA-1363 (Google Search)
http://www.debian.org/security/2007/dsa-1363
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=541
http://osvdb.org/37113
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9251
http://www.redhat.com/support/errata/RHSA-2007-0705.html
http://www.securitytracker.com/id?1018211
http://secunia.com/advisories/26647
http://secunia.com/advisories/26760
XForce ISS Database: kernel-cpusettasksread-info-disclosure(34779)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34779
Common Vulnerability Exposure (CVE) ID: CVE-2007-2876
BugTraq ID: 24376
http://www.securityfocus.com/bid/24376
http://osvdb.org/37112
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10116
XForce ISS Database: kernel-sctpnew-dos(34777)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34777
Common Vulnerability Exposure (CVE) ID: CVE-2007-2878
BugTraq ID: 24134
http://www.securityfocus.com/bid/24134
Debian Security Information: DSA-1479 (Google Search)
http://www.debian.org/security/2008/dsa-1479
http://osvdb.org/35926
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11674
http://www.redhat.com/support/errata/RHSA-2007-0939.html
http://secunia.com/advisories/25505
http://secunia.com/advisories/27436
http://secunia.com/advisories/27747
http://secunia.com/advisories/28626
http://www.vupen.com/english/advisories/2007/2023
XForce ISS Database: kernel-vfatioctls-dos(34669)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34669
Common Vulnerability Exposure (CVE) ID: CVE-2007-3380
24968
http://www.securityfocus.com/bid/24968
27322
http://secunia.com/advisories/27322
37109
http://osvdb.org/37109
RHSA-2007:0940
http://www.redhat.com/support/errata/RHSA-2007-0940.html
USN-489-2
http://www.ubuntu.com/usn/usn-489-2
clusterproject-dlm-dos(35516)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35516
oval:org.mitre.oval:def:9337
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9337
Common Vulnerability Exposure (CVE) ID: CVE-2007-3513
BugTraq ID: 24734
http://www.securityfocus.com/bid/24734
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195
http://osvdb.org/37116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9883
http://secunia.com/advisories/25895
http://secunia.com/advisories/26643
http://secunia.com/advisories/27212
http://www.ubuntu.com/usn/usn-509-1
http://www.vupen.com/english/advisories/2007/2403
XForce ISS Database: kernel-lcdwrite-dos(35302)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35302
CopyrightCopyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.