English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.840139
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-510-1)
Summary:The remote host is missing an update for the 'linux-source-2.6.20' package(s) announced via the USN-510-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-source-2.6.20' package(s) announced via the USN-510-1 advisory.

Vulnerability Insight:
A flaw was discovered in the PPP over Ethernet implementation. Local
attackers could manipulate ioctls and cause kernel memory consumption
leading to a denial of service. (CVE-2007-2525)

An integer underflow was discovered in the cpuset filesystem. If mounted,
local attackers could obtain kernel memory using large file offsets while
reading the tasks file. This could disclose sensitive data. (CVE-2007-2875)

Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly
validate certain states. A remote attacker could send a specially crafted
packet causing a denial of service. (CVE-2007-2876)

Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit
systems. A local attacker could corrupt a kernel_dirent struct and cause
a denial of service. (CVE-2007-2878)

A flaw in the sysfs_readdir function allowed a local user to cause a
denial of service by dereferencing a NULL pointer. (CVE-2007-3104)

A buffer overflow was discovered in the random number generator. In
environments with granular assignment of root privileges, a local attacker
could gain additional privileges. (CVE-2007-3105)

A flaw was discovered in the usblcd driver. A local attacker could cause
large amounts of kernel memory consumption, leading to a denial of service.
(CVE-2007-3513)

Zhongling Wen discovered that the h323 conntrack handler did not correctly
handle certain bitfields. A remote attacker could send a specially crafted
packet and cause a denial of service. (CVE-2007-3642)

A flaw was discovered in the CIFS mount security checking. Remote attackers
could spoof CIFS network traffic, which could lead a client to trust the
connection. (CVE-2007-3843)

It was discovered that certain setuid-root processes did not correctly
reset process death signal handlers. A local user could manipulate this
to send signals to processes they would not normally have access to.
(CVE-2007-3848)

The Direct Rendering Manager for the i915 driver could be made to write
to arbitrary memory locations. An attacker with access to a running X11
session could send a specially crafted buffer and gain root privileges.
(CVE-2007-3851)

It was discovered that the aacraid SCSI driver did not correctly check
permissions on certain ioctls. A local attacker could cause a denial
of service or gain privileges. (CVE-2007-4308)

Affected Software/OS:
'linux-source-2.6.20' package(s) on Ubuntu 7.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-2525
BugTraq ID: 23870
http://www.securityfocus.com/bid/23870
Debian Security Information: DSA-1356 (Google Search)
http://www.debian.org/security/2007/dsa-1356
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
http://www.mandriva.com/security/advisories?name=MDKSA-2007:171
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10594
RedHat Security Advisories: RHSA-2007:0376
https://rhn.redhat.com/errata/RHSA-2007-0376.html
RedHat Security Advisories: RHSA-2007:0488
http://rhn.redhat.com/errata/RHSA-2007-0488.html
http://secunia.com/advisories/25163
http://secunia.com/advisories/25700
http://secunia.com/advisories/25838
http://secunia.com/advisories/26133
http://secunia.com/advisories/26139
http://secunia.com/advisories/26289
http://secunia.com/advisories/26450
http://secunia.com/advisories/26620
http://secunia.com/advisories/26664
http://secunia.com/advisories/27227
http://secunia.com/advisories/29058
SuSE Security Announcement: SUSE-SA:2007:051 (Google Search)
http://www.novell.com/linux/security/advisories/2007_51_kernel.html
SuSE Security Announcement: SUSE-SA:2007:053 (Google Search)
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.ubuntu.com/usn/usn-486-1
http://www.ubuntu.com/usn/usn-489-1
http://www.ubuntu.com/usn/usn-510-1
http://www.vupen.com/english/advisories/2007/1703
XForce ISS Database: kernel-pppoe-dos(34150)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34150
Common Vulnerability Exposure (CVE) ID: CVE-2007-2875
BugTraq ID: 24389
http://www.securityfocus.com/bid/24389
Debian Security Information: DSA-1363 (Google Search)
http://www.debian.org/security/2007/dsa-1363
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=541
http://osvdb.org/37113
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9251
http://www.redhat.com/support/errata/RHSA-2007-0705.html
http://www.securitytracker.com/id?1018211
http://secunia.com/advisories/26647
http://secunia.com/advisories/26760
http://www.vupen.com/english/advisories/2007/2105
XForce ISS Database: kernel-cpusettasksread-info-disclosure(34779)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34779
Common Vulnerability Exposure (CVE) ID: CVE-2007-2876
BugTraq ID: 24376
http://www.securityfocus.com/bid/24376
http://marc.info/?l=linux-kernel&m=118128610219959&w=2
http://marc.info/?l=linux-kernel&m=118128622431272&w=2
http://osvdb.org/37112
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10116
http://secunia.com/advisories/25961
SuSE Security Announcement: SUSE-SA:2007:043 (Google Search)
http://www.novell.com/linux/security/advisories/2007_43_kernel.html
XForce ISS Database: kernel-sctpnew-dos(34777)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34777
Common Vulnerability Exposure (CVE) ID: CVE-2007-2878
BugTraq ID: 24134
http://www.securityfocus.com/bid/24134
Debian Security Information: DSA-1479 (Google Search)
http://www.debian.org/security/2008/dsa-1479
http://osvdb.org/35926
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11674
http://www.redhat.com/support/errata/RHSA-2007-0939.html
http://secunia.com/advisories/25505
http://secunia.com/advisories/27436
http://secunia.com/advisories/27747
http://secunia.com/advisories/28626
http://www.vupen.com/english/advisories/2007/2023
XForce ISS Database: kernel-vfatioctls-dos(34669)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34669
Common Vulnerability Exposure (CVE) ID: CVE-2007-3104
1018289
http://www.securitytracker.com/id?1018289
24631
http://www.securityfocus.com/bid/24631
25771
http://secunia.com/advisories/25771
25838
26289
26643
http://secunia.com/advisories/26643
26651
http://secunia.com/advisories/26651
27912
http://secunia.com/advisories/27912
28033
http://secunia.com/advisories/28033
28643
http://secunia.com/advisories/28643
37115
http://osvdb.org/37115
DSA-1428
http://www.debian.org/security/2007/dsa-1428
RHSA-2007:0488
RHSA-2008:0089
http://www.redhat.com/support/errata/RHSA-2008-0089.html
SUSE-SA:2007:064
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
USN-508-1
http://www.ubuntu.com/usn/usn-508-1
USN-509-1
http://www.ubuntu.com/usn/usn-509-1
USN-510-1
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=242558
http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm
oval:org.mitre.oval:def:11233
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11233
Common Vulnerability Exposure (CVE) ID: CVE-2007-3105
25348
http://www.securityfocus.com/bid/25348
26500
http://secunia.com/advisories/26500
26647
26664
27212
http://secunia.com/advisories/27212
27227
27322
http://secunia.com/advisories/27322
27436
27747
29058
DSA-1363
DSA-1504
MDKSA-2007:195
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195
MDKSA-2007:196
MDKSA-2007:216
RHSA-2007:0939
RHSA-2007:0940
http://www.redhat.com/support/errata/RHSA-2007-0940.html
SUSE-SA:2007:051
SUSE-SA:2007:053
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.22-git14.log
https://issues.rpath.com/browse/RPL-1650
oval:org.mitre.oval:def:10371
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10371
Common Vulnerability Exposure (CVE) ID: CVE-2007-3513
BugTraq ID: 24734
http://www.securityfocus.com/bid/24734
http://osvdb.org/37116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9883
http://secunia.com/advisories/25895
http://www.vupen.com/english/advisories/2007/2403
XForce ISS Database: kernel-lcdwrite-dos(35302)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35302
Common Vulnerability Exposure (CVE) ID: CVE-2007-3642
BugTraq ID: 24818
http://www.securityfocus.com/bid/24818
http://osvdb.org/37117
http://secunia.com/advisories/25955
http://www.vupen.com/english/advisories/2007/2466
Common Vulnerability Exposure (CVE) ID: CVE-2007-3843
25244
http://www.securityfocus.com/bid/25244
26366
http://secunia.com/advisories/26366
26760
28806
http://secunia.com/advisories/28806
RHSA-2007:0705
SUSE-SA:2008:006
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246595
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc1
oval:org.mitre.oval:def:9670
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9670
Common Vulnerability Exposure (CVE) ID: CVE-2007-3848
20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
http://www.securityfocus.com/archive/1/476464/100/0/threaded
20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process DeathSignal Vulnerability
http://marc.info/?l=bugtraq&m=118711306802632&w=2
20070814 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
http://www.securityfocus.com/archive/1/476538/100/0/threaded
20070815 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
http://www.securityfocus.com/archive/1/476677/100/0/threaded
20070816 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
http://www.securityfocus.com/archive/1/476803/100/0/threaded
25387
http://www.securityfocus.com/bid/25387
26450
27913
http://secunia.com/advisories/27913
29570
http://secunia.com/advisories/29570
33280
http://secunia.com/advisories/33280
DSA-1356
DSA-1503
RHSA-2007:1049
http://www.redhat.com/support/errata/RHSA-2007-1049.html
RHSA-2008:0787
http://www.redhat.com/support/errata/RHSA-2008-0787.html
SUSE-SA:2008:017
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
[openwall-announce] 20070814 Linux 2.4.35-ow2
http://marc.info/?l=openwall-announce&m=118710356812637&w=2
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.4
https://issues.rpath.com/browse/RPL-1648
oval:org.mitre.oval:def:10120
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10120
Common Vulnerability Exposure (CVE) ID: CVE-2007-3851
25263
http://www.securityfocus.com/bid/25263
26389
http://secunia.com/advisories/26389
ADV-2007-2854
http://www.vupen.com/english/advisories/2007/2854
MDVSA-2008:105
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
https://issues.rpath.com/browse/RPL-1620
oval:org.mitre.oval:def:11196
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196
Common Vulnerability Exposure (CVE) ID: CVE-2007-4308
BugTraq ID: 25216
http://www.securityfocus.com/bid/25216
Bugtraq: 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates (Google Search)
http://www.securityfocus.com/archive/1/488457/100/0/threaded
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8872
http://securitytracker.com/id?1019470
http://secunia.com/advisories/26322
http://secunia.com/advisories/29032
SuSE Security Announcement: SUSE-SA:2007:064 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:006 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:017 (Google Search)
http://www.vupen.com/english/advisories/2007/2786
http://www.vupen.com/english/advisories/2008/0637
CopyrightCopyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.