English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.840280
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-618-1)
Summary:The remote host is missing an update for the 'linux-backports-modules-2.6.15, linux-backports-modules-2.6.20, linux-backports-modules-2.6.22, linux-restricted-modules-2.6.15, linux-restricted-modules-2.6.20, linux-restricted-modules-2.6.22, linux-source-2.6.15, linux-source-2.6.20, linux-source-2.6.22, linux-ubuntu-modules-2.6.22' package(s) announced via the USN-618-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-backports-modules-2.6.15, linux-backports-modules-2.6.20, linux-backports-modules-2.6.22, linux-restricted-modules-2.6.15, linux-restricted-modules-2.6.20, linux-restricted-modules-2.6.22, linux-source-2.6.15, linux-source-2.6.20, linux-source-2.6.22, linux-ubuntu-modules-2.6.22' package(s) announced via the USN-618-1 advisory.

Vulnerability Insight:
It was discovered that the ALSA /proc interface did not write the
correct number of bytes when reporting memory allocations. A local
attacker might be able to access sensitive kernel memory, leading to
a loss of privacy. (CVE-2007-4571)

Multiple buffer overflows were discovered in the handling of CIFS
filesystems. A malicious CIFS server could cause a client system crash
or possibly execute arbitrary code with kernel privileges. (CVE-2007-5904)

It was discovered that PowerPC kernels did not correctly handle reporting
certain system details. By requesting a specific set of information,
a local attacker could cause a system crash resulting in a denial
of service. (CVE-2007-6694)

It was discovered that some device driver fault handlers did not
correctly verify memory ranges. A local attacker could exploit this
to access sensitive kernel memory, possibly leading to a loss of privacy.
(CVE-2008-0007)

It was discovered that CPU resource limits could be bypassed.
A malicious local user could exploit this to avoid administratively
imposed resource limits. (CVE-2008-1294)

A race condition was discovered between dnotify fcntl() and close() in
the kernel. If a local attacker performed malicious dnotify requests,
they could cause memory consumption leading to a denial of service,
or possibly send arbitrary signals to any process. (CVE-2008-1375)

On SMP systems, a race condition existed in fcntl(). Local attackers
could perform malicious locks, causing system crashes and leading to
a denial of service. (CVE-2008-1669)

Affected Software/OS:
'linux-backports-modules-2.6.15, linux-backports-modules-2.6.20, linux-backports-modules-2.6.22, linux-restricted-modules-2.6.15, linux-restricted-modules-2.6.20, linux-restricted-modules-2.6.22, linux-source-2.6.15, linux-source-2.6.20, linux-source-2.6.22, linux-ubuntu-modules-2.6.22' package(s) on Ubuntu 6.06, Ubuntu 7.04, Ubuntu 7.10.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-4571
1018734
http://www.securitytracker.com/id?1018734
20070925 Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
25807
http://www.securityfocus.com/bid/25807
26918
http://secunia.com/advisories/26918
26980
http://secunia.com/advisories/26980
26989
http://secunia.com/advisories/26989
27101
http://secunia.com/advisories/27101
27227
http://secunia.com/advisories/27227
27436
http://secunia.com/advisories/27436
27747
http://secunia.com/advisories/27747
27824
http://secunia.com/advisories/27824
28626
http://secunia.com/advisories/28626
29054
http://secunia.com/advisories/29054
30769
http://secunia.com/advisories/30769
ADV-2007-3272
http://www.vupen.com/english/advisories/2007/3272
DSA-1479
http://www.debian.org/security/2008/dsa-1479
DSA-1505
http://www.debian.org/security/2008/dsa-1505
FEDORA-2007-2349
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html
FEDORA-2007-714
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html
RHSA-2007:0939
http://www.redhat.com/support/errata/RHSA-2007-0939.html
RHSA-2007:0993
http://www.redhat.com/support/errata/RHSA-2007-0993.html
SUSE-SA:2007:053
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
USN-618-1
http://www.ubuntu.com/usn/usn-618-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
https://issues.rpath.com/browse/RPL-1761
linux-sndpagealloc-information-disclosure(36780)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36780
oval:org.mitre.oval:def:9053
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053
Common Vulnerability Exposure (CVE) ID: CVE-2007-5904
BugTraq ID: 26438
http://www.securityfocus.com/bid/26438
Bugtraq: 20080208 rPSA-2008-0048-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/487808/100/0/threaded
Debian Security Information: DSA-1428 (Google Search)
http://www.debian.org/security/2007/dsa-1428
http://marc.info/?l=linux-kernel&m=119455843205403&w=2
http://marc.info/?l=linux-kernel&m=119457447724276&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9901
http://www.redhat.com/support/errata/RHSA-2008-0089.html
http://www.redhat.com/support/errata/RHSA-2008-0167.html
http://www.securitytracker.com/id?1019612
http://secunia.com/advisories/27666
http://secunia.com/advisories/27888
http://secunia.com/advisories/27912
http://secunia.com/advisories/28643
http://secunia.com/advisories/28826
http://secunia.com/advisories/29245
http://secunia.com/advisories/29387
http://secunia.com/advisories/29570
http://secunia.com/advisories/30818
SuSE Security Announcement: SUSE-SA:2007:063 (Google Search)
http://www.novell.com/linux/security/advisories/2007_63_kernel.html
SuSE Security Announcement: SUSE-SA:2007:064 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
SuSE Security Announcement: SUSE-SA:2008:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
SuSE Security Announcement: SUSE-SA:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
SuSE Security Announcement: SUSE-SA:2008:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
http://www.vupen.com/english/advisories/2007/3860
XForce ISS Database: kernel-cifsvfs-sendreceive-bo(38450)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38450
Common Vulnerability Exposure (CVE) ID: CVE-2007-6694
BugTraq ID: 27555
http://www.securityfocus.com/bid/27555
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
Debian Security Information: DSA-1565 (Google Search)
http://www.debian.org/security/2008/dsa-1565
http://marc.info/?l=linux-kernel&m=119576191029571&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11215
RedHat Security Advisories: RHSA-2008:0055
http://rhn.redhat.com/errata/RHSA-2008-0055.html
http://www.redhat.com/support/errata/RHSA-2008-0154.html
http://secunia.com/advisories/28696
http://secunia.com/advisories/28748
http://secunia.com/advisories/29058
http://secunia.com/advisories/29236
http://secunia.com/advisories/30018
http://secunia.com/advisories/30515
https://usn.ubuntu.com/614-1/
http://www.vupen.com/english/advisories/2008/0380
Common Vulnerability Exposure (CVE) ID: CVE-2008-0007
1019357
http://securitytracker.com/id?1019357
20080208 rPSA-2008-0048-1 kernel
27686
http://www.securityfocus.com/bid/27686
27705
http://www.securityfocus.com/bid/27705
28806
http://secunia.com/advisories/28806
28826
29058
29570
30018
30110
http://secunia.com/advisories/30110
30112
http://secunia.com/advisories/30112
30116
http://secunia.com/advisories/30116
31246
http://secunia.com/advisories/31246
33280
http://secunia.com/advisories/33280
ADV-2008-0445
http://www.vupen.com/english/advisories/2008/0445/references
ADV-2008-2222
http://www.vupen.com/english/advisories/2008/2222/references
DSA-1503
DSA-1504
DSA-1565
MDVSA-2008:044
http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
MDVSA-2008:072
http://www.mandriva.com/security/advisories?name=MDVSA-2008:072
MDVSA-2008:112
http://www.mandriva.com/security/advisories?name=MDVSA-2008:112
MDVSA-2008:174
http://www.mandriva.com/security/advisories?name=MDVSA-2008:174
RHSA-2008:0211
http://www.redhat.com/support/errata/RHSA-2008-0211.html
RHSA-2008:0233
http://www.redhat.com/support/errata/RHSA-2008-0233.html
RHSA-2008:0237
http://www.redhat.com/support/errata/RHSA-2008-0237.html
RHSA-2008:0787
http://www.redhat.com/support/errata/RHSA-2008-0787.html
SUSE-SA:2008:006
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
SUSE-SA:2008:017
[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix
http://lists.vmware.com/pipermail/security-announce/2008/000023.html
[linux-kernel] 20080206 [patch 60/73] vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007)
http://lkml.org/lkml/2008/2/6/457
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.17
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1
oval:org.mitre.oval:def:9412
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9412
Common Vulnerability Exposure (CVE) ID: CVE-2008-1294
BugTraq ID: 29004
http://www.securityfocus.com/bid/29004
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9926e4c74300c4b31dee007298c6475d33369df0
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10974
http://www.redhat.com/support/errata/RHSA-2008-0612.html
http://secunia.com/advisories/31341
XForce ISS Database: linux-kernel-rlimitcpu-security-bypass(42145)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42145
Common Vulnerability Exposure (CVE) ID: CVE-2008-1375
1019959
http://www.securitytracker.com/id?1019959
20080502 rPSA-2008-0157-1 kernel
http://www.securityfocus.com/archive/1/491566/100/0/threaded
20080507 rPSA-2008-0157-1 kernel
http://www.securityfocus.com/archive/1/491732/100/0/threaded
29003
http://www.securityfocus.com/bid/29003
30017
http://secunia.com/advisories/30017
30044
http://secunia.com/advisories/30044
30108
http://secunia.com/advisories/30108
30260
http://secunia.com/advisories/30260
30515
30818
30890
http://secunia.com/advisories/30890
30962
http://secunia.com/advisories/30962
ADV-2008-1406
http://www.vupen.com/english/advisories/2008/1406/references
ADV-2008-1452
http://www.vupen.com/english/advisories/2008/1452/references
FEDORA-2008-3873
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html
MDVSA-2008:104
http://www.mandriva.com/security/advisories?name=MDVSA-2008:104
MDVSA-2008:105
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
MDVSA-2008:167
http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
SUSE-SA:2008:030
SUSE-SA:2008:031
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html
SUSE-SA:2008:032
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
USN-614-1
[linux-kernel] 20080501 Linux 2.6.24.6
http://marc.info/?l=linux-kernel&m=120967963803205&w=2
[linux-kernel] 20080501 Linux 2.6.25.1
http://marc.info/?l=linux-kernel&m=120967964303224&w=2
http://wiki.rpath.com/Advisories:rPSA-2008-0157
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1
https://issues.rpath.com/browse/RPL-2501
linux-kernel-dnotify-privilege-escalation(42131)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42131
oval:org.mitre.oval:def:11843
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11843
Common Vulnerability Exposure (CVE) ID: CVE-2008-1669
1019974
http://www.securitytracker.com/id?1019974
20080507 rPSA-2008-0162-1 kernel
http://www.securityfocus.com/archive/1/491740/100/0/threaded
29076
http://www.securityfocus.com/bid/29076
30077
http://secunia.com/advisories/30077
30101
http://secunia.com/advisories/30101
30164
http://secunia.com/advisories/30164
30252
http://secunia.com/advisories/30252
30276
http://secunia.com/advisories/30276
30982
http://secunia.com/advisories/30982
ADV-2008-1451
http://www.vupen.com/english/advisories/2008/1451/references
DSA-1575
http://www.debian.org/security/2008/dsa-1575
FEDORA-2008-3949
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00294.html
FEDORA-2008-4043
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00357.html
SUSE-SA:2008:035
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html
SUSE-SA:2008:038
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0162
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.2
https://issues.rpath.com/browse/RPL-2518
linux-kernel-fcntlsetlk-dos(42242)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42242
oval:org.mitre.oval:def:10065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10065
CopyrightCopyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.