Test ID:	1.3.6.1.4.1.25623.1.0.840149
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-518-1)
Summary:	The remote host is missing an update for the 'linux-source-2.6.15, linux-source-2.6.17, linux-source-2.6.20' package(s) announced via the USN-518-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-source-2.6.15, linux-source-2.6.17, linux-source-2.6.20' package(s) announced via the USN-518-1 advisory. Vulnerability Insight: Evan Teran discovered that the Linux kernel ptrace routines did not correctly handle certain requests robustly. Local attackers could exploit this to crash the system, causing a denial of service. (CVE-2007-3731) It was discovered that hugetlb kernels on PowerPC systems did not prevent the stack from colliding with reserved kernel memory. Local attackers could exploit this and crash the system, causing a denial of service. (CVE-2007-3739) It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges. (CVE-2007-3740) Wojciech Purczynski discovered that the Linux kernel ia32 syscall emulation in x86_64 kernels did not correctly clear the high bits of registers. Local attackers could exploit this to gain root privileges. (CVE-2007-4573) Affected Software/OS: 'linux-source-2.6.15, linux-source-2.6.17, linux-source-2.6.20' package(s) on Ubuntu 6.06, Ubuntu 6.10, Ubuntu 7.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3731 20080229 rPSA-2008-0094-1 kernel http://www.securityfocus.com/archive/1/488972/100/0/threaded 25801 http://www.securityfocus.com/bid/25801 26935 http://secunia.com/advisories/26935 26955 http://secunia.com/advisories/26955 26978 http://secunia.com/advisories/26978 27322 http://secunia.com/advisories/27322 29159 http://secunia.com/advisories/29159 37286 http://osvdb.org/37286 DSA-1378 http://www.debian.org/security/2007/dsa-1378 RHSA-2007:0940 http://www.redhat.com/support/errata/RHSA-2007-0940.html USN-518-1 http://www.ubuntu.com/usn/usn-518-1 http://bugzilla.kernel.org/show_bug.cgi?id=8765 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=29eb51101c02df517ca64ec472d7501127ad1da8 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=a10d9a71bafd3a283da240d2868e71346d2aef6f http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0094 https://bugzilla.redhat.com/show_bug.cgi?id=248324 https://issues.rpath.com/browse/RPL-2304 oval:org.mitre.oval:def:10394 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10394 Common Vulnerability Exposure (CVE) ID: CVE-2007-3739 23955 http://secunia.com/advisories/23955 26760 http://secunia.com/advisories/26760 27436 http://secunia.com/advisories/27436 27747 http://secunia.com/advisories/27747 27913 http://secunia.com/advisories/27913 29058 http://secunia.com/advisories/29058 DSA-1504 http://www.debian.org/security/2008/dsa-1504 RHSA-2007:0705 http://www.redhat.com/support/errata/RHSA-2007-0705.html RHSA-2007:0939 http://www.redhat.com/support/errata/RHSA-2007-0939.html RHSA-2007:1049 http://www.redhat.com/support/errata/RHSA-2007-1049.html [lkml] 20070129 [PATCH] Don't allow the stack to grow into hugetlb reserved regions http://lkml.org/lkml/2007/1/29/180 http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm https://bugzilla.redhat.com/show_bug.cgi?id=253313 kernel-stack-expansion-dos(36592) https://exchange.xforce.ibmcloud.com/vulnerabilities/36592 oval:org.mitre.oval:def:11455 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11455 Common Vulnerability Exposure (CVE) ID: CVE-2007-3740 25672 http://www.securityfocus.com/bid/25672 27912 http://secunia.com/advisories/27912 28806 http://secunia.com/advisories/28806 MDVSA-2008:008 http://www.mandriva.com/security/advisories?name=MDVSA-2008:008 MDVSA-2008:105 http://www.mandriva.com/security/advisories?name=MDVSA-2008:105 SUSE-SA:2007:064 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html SUSE-SA:2008:006 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 https://bugzilla.redhat.com/show_bug.cgi?id=253314 kernel-cifs-filesystem-dos(36593) https://exchange.xforce.ibmcloud.com/vulnerabilities/36593 oval:org.mitre.oval:def:9953 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9953 Common Vulnerability Exposure (CVE) ID: CVE-2007-4573 1018748 http://securitytracker.com/id?1018748 20070924 COSEINC Linux Advisory #2: IA32 System Call http://marc.info/?l=full-disclosure&m=119062587407908&w=2 20070924 COSEINC Linux Advisory #2: IA32 System Call Emulation Vulnerability http://www.securityfocus.com/archive/1/480451/100/0/threaded 20070926 Re: COSEINC Linux Advisory #2: IA32 System CallEmulation Vulnerability http://www.securityfocus.com/archive/1/480705/100/0/threaded 25774 http://www.securityfocus.com/bid/25774 26917 http://secunia.com/advisories/26917 26919 http://secunia.com/advisories/26919 26934 http://secunia.com/advisories/26934 26953 http://secunia.com/advisories/26953 26994 http://secunia.com/advisories/26994 26995 http://secunia.com/advisories/26995 27212 http://secunia.com/advisories/27212 27227 http://secunia.com/advisories/27227 ADV-2007-3246 http://www.vupen.com/english/advisories/2007/3246 DSA-1381 http://www.debian.org/security/2007/dsa-1381 FEDORA-2007-2298 http://fedoranews.org/updates/FEDORA-2007-229.shtml FEDORA-2007-712 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00355.html MDKSA-2007:195 http://www.mandriva.com/security/advisories?name=MDKSA-2007:195 MDKSA-2007:196 http://www.mandriva.com/security/advisories?name=MDKSA-2007:196 RHSA-2007:0936 http://www.redhat.com/support/errata/RHSA-2007-0936.html RHSA-2007:0937 http://www.redhat.com/support/errata/RHSA-2007-0937.html RHSA-2007:0938 http://www.redhat.com/support/errata/RHSA-2007-0938.html SUSE-SA:2007:053 http://www.novell.com/linux/security/advisories/2007_53_kernel.html [linux-kernel] 20070921 Linux 2.6.22.7 http://lkml.org/lkml/2007/9/21/512 [linux-kernel] 20070921 Re: Linux 2.6.22.7 http://lkml.org/lkml/2007/9/21/513 http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.7 https://issues.rpath.com/browse/RPL-1754 oval:org.mitre.oval:def:9735 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9735
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.