| Description: | Summary:
The remote host is missing an update for the 'linux, linux-source-2.6.15' package(s) announced via the USN-852-1 advisory.
Vulnerability Insight:
Solar Designer discovered that the z90crypt driver did not correctly
check capabilities. A local attacker could exploit this to shut down
the device, leading to a denial of service. Only affected Ubuntu 6.06.
(CVE-2009-1883)
Michael Buesch discovered that the SGI GRU driver did not correctly check
the length when setting options. A local attacker could exploit this
to write to the kernel stack, leading to root privilege escalation or
a denial of service. Only affected Ubuntu 8.10 and 9.04. (CVE-2009-2584)
It was discovered that SELinux did not fully implement the mmap_min_addr
restrictions. A local attacker could exploit this to allocate the
NULL memory page which could lead to further attacks against kernel
NULL-dereference vulnerabilities. Ubuntu 6.06 was not affected.
(CVE-2009-2695)
Cagri Coltekin discovered that the UDP stack did not correctly handle
certain flags. A local user could send specially crafted commands and
traffic to gain root privileges or crash the systeam, leading to a denial
of service. Only affected Ubuntu 6.06. (CVE-2009-2698)
Hiroshi Shimamoto discovered that monotonic timers did not correctly
validate parameters. A local user could make a specially crafted timer
request to gain root privileges or crash the system, leading to a denial
of service. Only affected Ubuntu 9.04. (CVE-2009-2767)
Michael Buesch discovered that the HPPA ISA EEPROM driver did not
correctly validate positions. A local user could make a specially crafted
request to gain root privileges or crash the system, leading to a denial
of service. (CVE-2009-2846)
Ulrich Drepper discovered that kernel signal stacks were not being
correctly padded on 64-bit systems. A local attacker could send specially
crafted calls to expose 4 bytes of kernel stack memory, leading to a
loss of privacy. (CVE-2009-2847)
Jens Rosenboom discovered that the clone method did not correctly clear
certain fields. A local attacker could exploit this to gain privileges
or crash the system, leading to a denial of service. (CVE-2009-2848)
It was discovered that the MD driver did not check certain sysfs files.
A local attacker with write access to /sys could exploit this to cause
a system crash, leading to a denial of service. Ubuntu 6.06 was not
affected. (CVE-2009-2849)
Mark Smith discovered that the AppleTalk stack did not correctly
manage memory. A remote attacker could send specially crafted traffic
to cause the system to consume all available memory, leading to a denial
of service. (CVE-2009-2903)
Loic Minier discovered that eCryptfs did not correctly handle writing
to certain deleted files. A local attacker could exploit this to gain
root privileges or crash the system, leading to a denial of service.
Ubuntu 6.06 was not affected. (CVE-2009-2908)
It was discovered that the LLC, AppleTalk, IR, EConet, Netrom, and
ROSE network stacks did not correctly initialize their data structures.
A local ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux, linux-source-2.6.15' package(s) on Ubuntu 6.06, Ubuntu 8.04, Ubuntu 8.10, Ubuntu 9.04.
Solution:
Please install the updated package(s).
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:N
|
