Executive Summary
Summary | |
---|---|
Title | Linux kernel vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-169-1 | First vendor Publication | 2005-08-19 |
Vendor | Ubuntu | Last vendor Modification | 2005-08-19 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: linux-image-2.6.10-5-386 linux-image-2.6.10-5-686 linux-image-2.6.10-5-686-smp linux-image-2.6.10-5-amd64-generic linux-image-2.6.10-5-amd64-k8 linux-image-2.6.10-5-amd64-k8-smp linux-image-2.6.10-5-amd64-xeon linux-image-2.6.10-5-itanium linux-image-2.6.10-5-itanium-smp linux-image-2.6.10-5-k7 linux-image-2.6.10-5-k7-smp linux-image-2.6.10-5-mckinley linux-image-2.6.10-5-mckinley-smp linux-image-2.6.10-5-power3 linux-image-2.6.10-5-power3-smp linux-image-2.6.10-5-power4 linux-image-2.6.10-5-power4-smp linux-image-2.6.10-5-powerpc linux-image-2.6.10-5-powerpc-smp linux-image-2.6.8.1-5-386 linux-image-2.6.8.1-5-686 linux-image-2.6.8.1-5-686-smp linux-image-2.6.8.1-5-amd64-generic linux-image-2.6.8.1-5-amd64-k8 linux-image-2.6.8.1-5-amd64-k8-smp linux-image-2.6.8.1-5-amd64-xeon linux-image-2.6.8.1-5-k7 linux-image-2.6.8.1-5-k7-smp linux-image-2.6.8.1-5-power3 linux-image-2.6.8.1-5-power3-smp linux-image-2.6.8.1-5-power4 linux-image-2.6.8.1-5-power4-smp linux-image-2.6.8.1-5-powerpc linux-image-2.6.8.1-5-powerpc-smp linux-patch-debian-2.6.8.1 linux-patch-ubuntu-2.6.10 The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.21 (for Ubuntu 4.10), or 2.6.10-34.4 (for Ubuntu 5.04). You need to reboot your computer after a standard system upgrade to effect the necessary changes. Details follow: David Howells discovered a local Denial of Service vulnerability in the key session joining function. Under certain user-triggerable conditions, a semaphore was not released properly, which caused processes which also attempted to join a key session to hang forever. This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2098) David Howells discovered a local Denial of Service vulnerability in the keyring allocator. A local attacker could exploit this to crash the kernel by attempting to add a specially crafted invalid keyring. This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2099) Balazs Scheidler discovered a local Denial of Service vulnerability in the xfrm_compile_policy() function. By calling setsockopt() with an invalid xfrm_user policy message, a local attacker could cause the kernel to write to an array beyond its boundaries, thus causing a kernel crash. (CAN-2005-2456) Tim Yamin discovered that the driver for compressed ISO file systems did not sufficiently validate the iput data. By tricking an user into mounting a malicious CD-ROM with a specially crafted compressed ISO file system, he could cause a kernel crash. (CAN-2005-2457) It was discovered that the kernel's embedded zlib compression library was still vulnerable to two old vulnerabilities of the standalone zlib library. This library is used by various drivers and can also be used by third party modules, so the impact varies. (CAN-2005-2458, CAN-2005-2459) Peter Sandstrom discovered a remote Denial of Service vulnerability in the SNMP handler. Certain UDP packages lead to a function call with the wrong argument, which resulted in a crash of the network stack. This only affects Ubuntu 4.10 (Warty Warthog). (CAN-2005-2548) Herbert Xu discovered that the setsockopt() function was not restricted to privileged users. This allowed a local attacker to bypass intended IPSec policies, set invalid policies to exploit flaws like CAN-2005-2456, or cause a Denial of Service by adding policies until kernel memory is exhausted. Now the call is restricted to processes with the CAP_NET_ADMIN capability. (CAN-2005-2555) The Ubuntu 5.04 kernel update also fixes a memory leak in the "md" (Software RAID) driver which eventually lead to kernel memory exhaustion. Ubuntu 4.10 is not affected by this. (http://bugs.debian.org/317787) |
Original Source
Url : http://www.ubuntu.com/usn/USN-169-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
40 % | CWE-399 | Resource Management Errors |
20 % | CWE-667 | Insufficient Locking |
20 % | CWE-476 | NULL Pointer Dereference |
20 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10444 | |||
Oval ID: | oval:org.mitre.oval:def:10444 | ||
Title: | Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. | ||
Description: | Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2555 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10858 | |||
Oval ID: | oval:org.mitre.oval:def:10858 | ||
Title: | Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p-dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock-sk_policy array. | ||
Description: | Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2456 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9079 | |||
Oval ID: | oval:org.mitre.oval:def:9079 | ||
Title: | The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor. | ||
Description: | The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2099 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9638 | |||
Oval ID: | oval:org.mitre.oval:def:9638 | ||
Title: | The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM. | ||
Description: | The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2098 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5012519.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1017-1 (kernel-source-2.6.8) File : nvt/deb_1017_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1018-1 (kernel-source-2.4.27) File : nvt/deb_1018_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1018-2 (kernel-source-2.4.27) File : nvt/deb_1018_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 921-1 (kernel-source-2.4.27) File : nvt/deb_921_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 922-1 (kernel-source-2.4.27) File : nvt/deb_922_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
19028 | Linux Kernel zlib inflate.c huft_build Function Null Pointer Dereference Loca... |
19027 | Linux Kernel zisofs Driver Crafted ISO File System DoS |
19026 | Linux Kernel zlib inflate.c Improper Tables File Local DoS |
18978 | Linux Kernel CAP_NET_ADMIN Socket Policy Bypass |
18808 | Linux Kernel vlan_dev.c UDP Packet NULL Pointer Dereference DoS |
18652 | Linux Kernel Keyring Management KEYCTL_JOIN_SESSION_KEYRING DoS Linux contains a flaw that may allow a local denial of service. The issue is triggered when a user causes the system to attempt to allocate a new session keyring after either the user's key quota has been reached, or if the new keyring name is blank or is too long, and will result in loss of availability for the keyring management service. |
18651 | Linux Kernel Malformed Keyring Addition DoS Linux contains a flaw that may allow a local denial of service. The issue is triggered when a user attempts to add a keyring with anything other than an empty description payload. Creation of the keyring will fail, and when the system attempts to remove the keyring from the name list, a kernel crash will occur, and will result in loss of availability for the operating system. |
18555 | Linux Kernel xfrm Array Indexing Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1017.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1018.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-921.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-922.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0101.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-663.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0144.nasl - Type : ACT_GATHER_INFO |
2006-03-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0144.nasl - Type : ACT_GATHER_INFO |
2006-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0191.nasl - Type : ACT_GATHER_INFO |
2006-01-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0101.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-169-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-219.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-663.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_050.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-821.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-820.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:01:20 |
|