| Description: | Summary:
The remote host is missing an update for the 'linux, linux-source-2.6.15, linux-source-2.6.22' package(s) announced via the USN-714-1 advisory.
Vulnerability Insight:
Hugo Dias discovered that the ATM subsystem did not correctly manage socket
counts. A local attacker could exploit this to cause a system hang, leading
to a denial of service. (CVE-2008-5079)
It was discovered that the libertas wireless driver did not correctly
handle beacon and probe responses. A physically near-by attacker could
generate specially crafted wireless network traffic and cause a denial of
service. Ubuntu 6.06 was not affected. (CVE-2008-5134)
It was discovered that the inotify subsystem contained watch removal race
conditions. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2008-5182)
Dann Frazier discovered that in certain situations sendmsg did not
correctly release allocated memory. A local attacker could exploit this to
force the system to run out of free memory, leading to a denial of service.
Ubuntu 6.06 was not affected. (CVE-2008-5300)
It was discovered that the ATA subsystem did not correctly set timeouts. A
local attacker could exploit this to cause a system hang, leading to a
denial of service. (CVE-2008-5700)
It was discovered that the ib700 watchdog timer did not correctly check
buffer sizes. A local attacker could send a specially crafted ioctl to the
device to cause a system crash, leading to a denial of service.
(CVE-2008-5702)
It was discovered that in certain situations the network scheduler did not
correctly handle very large levels of traffic. A local attacker could
produce a high volume of UDP traffic resulting in a system hang, leading to
a denial of service. Ubuntu 8.04 was not affected. (CVE-2008-5713)
Affected Software/OS:
'linux, linux-source-2.6.15, linux-source-2.6.22' package(s) on Ubuntu 6.06, Ubuntu 7.10, Ubuntu 8.04.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
