| Description: | Summary:
The remote host is missing an update for the 'linux-meta, linux-restricted-modules-2.6.15, linux-source-2.6.10, linux-source-2.6.12, linux-source-2.6.15' package(s) announced via the USN-302-1 advisory.
Vulnerability Insight:
An integer overflow was discovered in the do_replace() function. A
local user process with the CAP_NET_ADMIN capability could exploit
this to execute arbitrary commands with full root privileges.
However, none of Ubuntu's supported packages use this capability with
any non-root user, so this only affects you if you use some third
party software like the OpenVZ virtualization system. (CVE-2006-0038)
On EMT64 CPUs, the kernel did not properly handle uncanonical return
addresses. A local user could exploit this to trigger a kernel crash.
(CVE-2006-0744)
Al Viro discovered a local Denial of Service in the sysfs write buffer
handling. By writing a block with a length exactly equal to the
processor's page size to any writable file in /sys, a local attacker
could cause a kernel crash. (CVE-2006-1055)
Jan Beulich discovered an information leak in the handling of
registers for the numeric coprocessor when running on AMD processors.
This allowed processes to see the coprocessor execution state of
other processes, which could reveal sensitive data in the case of
cryptographic computations. (CVE-2006-1056)
Marcel Holtmann discovered that the sys_add_key() did not check that
a new user key is added to a proper keyring. By attempting to add a
key to a normal user key (which is not a keyring), a local attacker
could exploit this to crash the kernel. (CVE-2006-1522)
Ingo Molnar discovered that the SCTP protocol connection tracking
module in netfilter got stuck in an infinite loop on certain empty
packet chunks. A remote attacker could exploit this to cause the
computer to hang. (CVE-2006-1527)
The SCSI I/O driver did not correctly handle the VM_IO flag for memory
mapped pages used for data transfer. A local user could exploit this
to cause a kernel crash. (CVE-2006-1528)
The choose_new_parent() contained obsolete debugging code. A local
user could exploit this to cause a kernel crash. (CVE-2006-1855)
Kostik Belousov discovered that the readv() and writev() functions did
not query LSM modules for access permission. This could be exploited
to circumvent access restrictions defined by LSM modules such as
SELinux or AppArmor. (CVE-2006-1856)
The SCTP driver did not properly verify certain parameters when
receiving a HB-ACK chunk. By sending a specially crafted packet to an
SCTP socket, a remote attacker could exploit this to trigger a buffer
overflow, which could lead to a crash or possibly even arbitrary code
execution. (CVE-2006-1857)
The sctp_walk_params() function in the SCTP driver incorrectly used
rounded values for bounds checking instead of the precise values. By
sending a specially crafted packet to an SCTP socket, a remote
attacker could exploit this to crash the kernel. (CVE-2006-1858)
Bjoern Steinbrink reported a memory leak in the __setlease() function.
A local attacker could exploit this to exhaust kernel memory and
render the computer unusable (Denial of Service). ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux-meta, linux-restricted-modules-2.6.15, linux-source-2.6.10, linux-source-2.6.12, linux-source-2.6.15' package(s) on Ubuntu 5.04, Ubuntu 5.10, Ubuntu 6.06.
Solution:
Please install the updated package(s).
CVSS Score:
9.0
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:C
|
