| Description: | Summary:
The remote host is missing an update for the 'linux, linux-source-2.6.15, linux-source-2.6.20, linux-source-2.6.22' package(s) announced via the USN-637-1 advisory.
Vulnerability Insight:
It was discovered that there were multiple NULL-pointer function
dereferences in the Linux kernel terminal handling code. A local attacker
could exploit this to execute arbitrary code as root, or crash the system,
leading to a denial of service. (CVE-2008-2812)
The do_change_type routine did not correctly validation administrative
users. A local attacker could exploit this to block mount points or cause
private mounts to be shared, leading to denial of service or a possible
loss of privacy. (CVE-2008-2931)
Tobias Klein discovered that the OSS interface through ALSA did not
correctly validate the device number. A local attacker could exploit this
to access sensitive kernel memory, leading to a denial of service or a loss
of privacy. (CVE-2008-3272)
Zoltan Sogor discovered that new directory entries could be added to
already deleted directories. A local attacker could exploit this, filling
up available memory and disk space, leading to a denial of service.
(CVE-2008-3275)
In certain situations, the fix for CVE-2008-0598 from USN-623-1 was causing
infinite loops in the writev syscall. This update corrects the mistake. We
apologize for the inconvenience.
Affected Software/OS:
'linux, linux-source-2.6.15, linux-source-2.6.20, linux-source-2.6.22' package(s) on Ubuntu 6.06, Ubuntu 7.04, Ubuntu 7.10, Ubuntu 8.04.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
