Test ID:	1.3.6.1.4.1.25623.1.1.12.2005.57.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-57-1)
Summary:	The remote host is missing an update for the 'linux-source-2.6.8.1' package(s) announced via the USN-57-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-source-2.6.8.1' package(s) announced via the USN-57-1 advisory. Vulnerability Insight: Paul Starzetz discovered a race condition in the ELF library and a.out binary format loaders, which can be locally exploited in several different ways to gain root privileges. (CAN-2004-1235) Liang Bin found a design flaw in the capability module. After this module was loaded on demand in a running system, all unprivileged user space processes got all kernel capabilities (thus essentially root privileges). This is mitigated by the fact that the capability module is loaded very early in the boot process of a standard Ubuntu system, when no unprivileged user processes are yet running. (CAN-2004-1337) Finally, this update fixes a memory leak in the ip_conntrack_ftp iptables module. However, it is believed that this is not exploitable. Affected Software/OS: 'linux-source-2.6.8.1' package(s) on Ubuntu 4.10. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1235 BugTraq ID: 12190 http://www.securityfocus.com/bid/12190 Bugtraq: 20050107 Linux kernel sys_uselib local root vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110512575901427&w=2 Conectiva Linux advisory: CLA-2005:930 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 Debian Security Information: DSA-1067 (Google Search) http://www.debian.org/security/2006/dsa-1067 Debian Security Information: DSA-1069 (Google Search) http://www.debian.org/security/2006/dsa-1069 Debian Security Information: DSA-1070 (Google Search) http://www.debian.org/security/2006/dsa-1070 Debian Security Information: DSA-1082 (Google Search) http://www.debian.org/security/2006/dsa-1082 http://www.securityfocus.com/advisories/7806 http://www.securityfocus.com/advisories/7805 https://bugzilla.fedora.us/show_bug.cgi?id=2336 http://www.mandriva.com/security/advisories?name=MDKSA-2005:022 http://isec.pl/vulnerabilities/isec-0021-uselib.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9567 http://www.redhat.com/support/errata/RHSA-2005-016.html http://www.redhat.com/support/errata/RHSA-2005-017.html http://www.redhat.com/support/errata/RHSA-2005-043.html http://www.redhat.com/support/errata/RHSA-2005-092.html http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 SuSE Security Announcement: SUSE-SR:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_sr.html http://www.trustix.org/errata/2005/0001/ XForce ISS Database: linux-uselib-gain-privileges(18800) https://exchange.xforce.ibmcloud.com/vulnerabilities/18800 Common Vulnerability Exposure (CVE) ID: CVE-2004-1337 BugTraq ID: 12093 http://www.securityfocus.com/bid/12093 Bugtraq: 20041223 Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation (Google Search) http://marc.info/?l=bugtraq&m=110384535113035&w=2 XForce ISS Database: linux-security-module-gain-privileges(18673) https://exchange.xforce.ibmcloud.com/vulnerabilities/18673
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.