Executive Summary
Summary | |
---|---|
Title | Linux kernel vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-219-1 | First vendor Publication | 2005-11-22 |
Vendor | Ubuntu | Last vendor Modification | 2005-11-22 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following Ubuntu 4.10 packages are affected: linux-image-2.6.8.1-6-386 linux-image-2.6.8.1-6-686 linux-image-2.6.8.1-6-686-smp linux-image-2.6.8.1-6-k7 linux-image-2.6.8.1-6-k7-smp linux-image-2.6.8.1-6-amd64-generic linux-image-2.6.8.1-6-amd64-k8 linux-image-2.6.8.1-6-amd64-k8-smp linux-image-2.6.8.1-6-amd64-xeon linux-image-2.6.8.1-6-power3 linux-image-2.6.8.1-6-power3-smp linux-image-2.6.8.1-6-power4 linux-image-2.6.8.1-6-power4-smp linux-image-2.6.8.1-6-powerpc linux-image-2.6.8.1-6-powerpc-smp linux-patch-debian-2.6.8.1 The following Ubuntu 5.04 packages are affected: linux-image-2.6.10-6-386 linux-image-2.6.10-6-686 linux-image-2.6.10-6-686-smp linux-image-2.6.10-6-k7 linux-image-2.6.10-6-k7-smp linux-image-2.6.10-6-amd64-generic linux-image-2.6.10-6-amd64-k8 linux-image-2.6.10-6-amd64-k8-smp linux-image-2.6.10-6-amd64-xeon linux-image-2.6.10-6-power3 linux-image-2.6.10-6-power3-smp linux-image-2.6.10-6-power4 linux-image-2.6.10-6-power4-smp linux-image-2.6.10-6-powerpc linux-image-2.6.10-6-powerpc-smp linux-patch-ubuntu-2.6.10 The following Ubuntu 5.10 packages are affected: linux-image-2.6.12-10-386 linux-image-2.6.12-10-686 linux-image-2.6.12-10-686-smp linux-image-2.6.12-10-k7 linux-image-2.6.12-10-k7-smp linux-image-2.6.12-10-amd64-generic linux-image-2.6.12-10-amd64-k8 linux-image-2.6.12-10-amd64-k8-smp linux-image-2.6.12-10-amd64-xeon linux-image-2.6.12-10-powerpc linux-image-2.6.12-10-powerpc-smp linux-image-2.6.12-10-powerpc64-smp linux-patch-ubuntu-2.6.12 The problem can be corrected by installing the affected package, which provides a new kernel. Unless you manually uninstalled the standard kernel metapackages (linux-image-386, linux-image-powerpc, or linux-image-amd64-generic), this will happen automatically with a standard system upgrade. ATTENTION: Due to an unavoidable ABI change this kernel has been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (linux-386, linux-powerpc, linux-amd64-generic), a standard system upgrade will automatically perform this as well. Details follow: Al Viro discovered a race condition in the /proc file handler of network devices. A local attacker could exploit this by opening any file in /proc/sys/net/ipv4/conf/ Tetsuo Handa discovered a local Denial of Service vulnerability in the udp_v6_get_port() function. On computers which use IPv6, a local attacker could exploit this to trigger an infinite loop in the kernel. (CVE-2005-2973) Harald Welte discovered a Denial of Service vulnerability in the USB devio driver. A local attacker could exploit this by sending an "USB Request Block" (URB) and terminating the sending process before the arrival of the answer, which left an invalid pointer and caused a kernel crash. (CVE-2005-3055) Pavel Roskin discovered an information leak in the Orinoco wireless card driver. When increasing the buffer length for storing data, the buffer was not padded with zeros, which exposed a random part of the system memory to the user. (CVE-2005-3180) A resource leak has been discovered in the handling of POSIX timers in the exec() function. This could be exploited to a Denial of Service attack by a group of local users. This vulnerability only affects Ubuntu 4.10. (CVE-2005-3271) Stephen Hemming discovered a weakness in the network bridge driver. Packets which had already been dropped by the packet filter could poison the forwarding table, which could be exploited to make the bridge forward spoofed packages. This vulnerability only affects Ubuntu 4.10 and 5.04. (CVE-2005-3272) David S. Miller discovered a buffer overflow in the rose_rt_ioctl() function. By calling the function with a large "ngidis" argument, a local attacker could cause a kernel crash. This vulnerability only affects Ubuntu 4.10 and 5.04. (CVE-2005-3273) Neil Horman discovered a race condition in the connection timer handling. This allowed a local attacker to set up an expiration handler which modified the connection list while the list still being traversed, which could result in a kernel crash. This vulnerability only affects multiprocessor (SMP) systems. (CVE-2005-3274) Patrick McHardy noticed a logic error in the network address translation (NAT) connection tracker. A remote attacker could exploit this by causing two packets for the same protocol to be NATed at the same time, which resulted in a kernel crash. (CVE-2005-3275) Paolo Giarrusso discovered an information leak in the sys_get_thread_area(). The returned structure was not properly cleared, which exposed a small amount of kernel memory to userspace programs. This could possibly expose confidential data. (CVE-2005-3276) |
Original Source
Url : http://www.ubuntu.com/usn/USN-219-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-476 | NULL Pointer Dereference |
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10142 | |||
Oval ID: | oval:org.mitre.oval:def:10142 | ||
Title: | The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption. | ||
Description: | The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3275 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10157 | |||
Oval ID: | oval:org.mitre.oval:def:10157 | ||
Title: | Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets. | ||
Description: | Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3272 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10746 | |||
Oval ID: | oval:org.mitre.oval:def:10746 | ||
Title: | The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table. | ||
Description: | The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2709 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11332 | |||
Oval ID: | oval:org.mitre.oval:def:11332 | ||
Title: | The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information. | ||
Description: | The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3180 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11723 | |||
Oval ID: | oval:org.mitre.oval:def:11723 | ||
Title: | Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. | ||
Description: | Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3274 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9472 | |||
Oval ID: | oval:org.mitre.oval:def:9472 | ||
Title: | Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference. | ||
Description: | Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3055 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9552 | |||
Oval ID: | oval:org.mitre.oval:def:9552 | ||
Title: | The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats. | ||
Description: | The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3273 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9748 | |||
Oval ID: | oval:org.mitre.oval:def:9748 | ||
Title: | The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information. | ||
Description: | The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3276 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2005-11-09 | Linux Kernel 2.6.x Sysctl Unregistration Local Denial of Service Vulnerability |
2005-10-20 | Linux Kernel 2.6.x IPV6 Local Denial of Service Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5015723.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1017-1 (kernel-source-2.6.8) File : nvt/deb_1017_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1018-1 (kernel-source-2.4.27) File : nvt/deb_1018_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1018-2 (kernel-source-2.4.27) File : nvt/deb_1018_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 921-1 (kernel-source-2.4.27) File : nvt/deb_921_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 922-1 (kernel-source-2.4.27) File : nvt/deb_922_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
21282 | Linux Kernel Exec Multi-threaded posix-timer Exhaustion Local DoS |
21281 | Linux Kernel sys_get_thread_area Function Local Information Disclosure |
21280 | Linux Kernel on SMP ip_vs_conn_flush Function Race Condition DoS |
21279 | Linux Kernel Double Packet NAT Remote DoS |
21278 | Linux Kernel Bridge Forwarding Table Poisoning |
20676 | Linux Kernel sysctl Interface Unregistration Local DoS The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered due to an error in sysctl's handling of interface unregistrations, and will result in loss of availability for the service. |
20163 | Linux Kernel IPv6 udp_v6_get_port() Function Local DoS Linux contains a flaw that may allow a local denial of service. The issue is due to an infinite loop error in the "udp_v6_get_port()" function in "net/ipv6/udp.c", and will result in loss of availability. |
19925 | Linux Kernel Orinoco Driver Remote Memory Segment Disclosure |
19702 | Linux Kernel USB Malformed URB Local DoS |
14864 | Linux Kernel ROSE rose_rt_ioctl Function ndigis Argument Error |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-219-1.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1017.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1018.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-921.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-922.nasl - Type : ACT_GATHER_INFO |
2006-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO |
2006-08-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO |
2006-08-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0437.nasl - Type : ACT_GATHER_INFO |
2006-07-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0437.nasl - Type : ACT_GATHER_INFO |
2006-07-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0579.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-808.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0101.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0493.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-663.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0140.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0144.nasl - Type : ACT_GATHER_INFO |
2006-05-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0493.nasl - Type : ACT_GATHER_INFO |
2006-03-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-059.nasl - Type : ACT_GATHER_INFO |
2006-03-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0144.nasl - Type : ACT_GATHER_INFO |
2006-02-19 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-040.nasl - Type : ACT_GATHER_INFO |
2006-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0191.nasl - Type : ACT_GATHER_INFO |
2006-01-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0140.nasl - Type : ACT_GATHER_INFO |
2006-01-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0101.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-219.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-235.nasl - Type : ACT_GATHER_INFO |
2005-12-08 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_067.nasl - Type : ACT_GATHER_INFO |
2005-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-808.nasl - Type : ACT_GATHER_INFO |
2005-10-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1013.nasl - Type : ACT_GATHER_INFO |
2005-10-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1007.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-514.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-663.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-02-19 09:26:16 |
|
2016-11-19 09:25:13 |
|
2016-11-16 05:36:34 |
|
2016-09-14 01:03:47 |
|
2016-06-28 20:11:02 |
|
2014-02-17 12:03:08 |
|
2013-05-11 12:25:16 |
|