Executive Summary

Summary
Title Linux kernel vulnerabilities
Informations
Name USN-869-1 First vendor Publication 2009-12-10
Vendor Ubuntu Last vendor Modification 2009-12-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 9.10:
linux-image-2.6.31-16-386 2.6.31-16.53
linux-image-2.6.31-16-generic 2.6.31-16.53
linux-image-2.6.31-16-generic-pae 2.6.31-16.53
linux-image-2.6.31-16-ia64 2.6.31-16.53
linux-image-2.6.31-16-lpia 2.6.31-16.53
linux-image-2.6.31-16-powerpc 2.6.31-16.53
linux-image-2.6.31-16-powerpc-smp 2.6.31-16.53
linux-image-2.6.31-16-powerpc64-smp 2.6.31-16.53
linux-image-2.6.31-16-server 2.6.31-16.53
linux-image-2.6.31-16-sparc64 2.6.31-16.53
linux-image-2.6.31-16-sparc64-smp 2.6.31-16.53
linux-image-2.6.31-16-virtual 2.6.31-16.53

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Details follow:

David Ford discovered that the IPv4 defragmentation routine did not correctly handle oversized packets. A remote attacker could send specially crafted traffic that would cause a system to crash, leading to a denial of service. (The fix was included in the earlier kernels from USN-864-1.) (CVE-2009-1298)

Akira Fujita discovered that the Ext4 "move extents" ioctl did not correctly check permissions. A local attacker could exploit this to overwrite arbitrary files on the system, leading to root privilege escalation. (CVE-2009-4131)

Original Source

Url : http://www.ubuntu.com/usn/USN-869-1

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-264 Permissions, Privileges, and Access Controls
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13928
 
Oval ID: oval:org.mitre.oval:def:13928
Title: USN-869-1 -- linux vulnerability
Description: David Ford discovered that the IPv4 defragmentation routine did not correctly handle oversized packets. A remote attacker could send specially crafted traffic that would cause a system to crash, leading to a denial of service. Akira Fujita discovered that the Ext4 "move extents" ioctl did not correctly check permissions. A local attacker could exploit this to overwrite arbitrary files on the system, leading to root privilege escalation
Family: unix Class: patch
Reference(s): USN-869-1
CVE-2009-1298
CVE-2009-4131
 Version: 5
Platform(s): Ubuntu 9.10
 Product(s): linux
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1202

OpenVAS Exploits

Date Description
2010-12-09 Name : Fedora Update for kernel FEDORA-2010-18432
File : nvt/gb_fedora_2010_18432_kernel_fc12.nasl
2010-09-22 Name : Fedora Update for kernel FEDORA-2010-14878
File : nvt/gb_fedora_2010_14878_kernel_fc12.nasl
2010-09-07 Name : Fedora Update for kernel FEDORA-2010-13903
File : nvt/gb_fedora_2010_13903_kernel_fc12.nasl
2010-08-30 Name : Fedora Update for kernel FEDORA-2010-13110
File : nvt/gb_fedora_2010_13110_kernel_fc12.nasl
2010-08-06 Name : Fedora Update for kernel FEDORA-2010-11412
File : nvt/gb_fedora_2010_11412_kernel_fc12.nasl
2010-07-16 Name : Fedora Update for kernel FEDORA-2010-10880
File : nvt/gb_fedora_2010_10880_kernel_fc12.nasl
2010-06-18 Name : Fedora Update for kernel FEDORA-2010-9209
File : nvt/gb_fedora_2010_9209_kernel_fc12.nasl
2010-05-28 Name : Fedora Update for kernel FEDORA-2010-7779
File : nvt/gb_fedora_2010_7779_kernel_fc12.nasl
2010-03-02 Name : Fedora Update for kernel FEDORA-2010-0823
File : nvt/gb_fedora_2010_0823_kernel_fc12.nasl
2010-03-02 Name : Fedora Update for kernel FEDORA-2010-1787
File : nvt/gb_fedora_2010_1787_kernel_fc12.nasl
2010-01-15 Name : SuSE Update for kernel SUSE-SA:2010:001
File : nvt/gb_suse_2010_001.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-13700 (kernel)
File : nvt/fcore_2009_13700.nasl
2009-12-14 Name : Fedora Core 12 FEDORA-2009-13039 (kernel)
File : nvt/fcore_2009_13039.nasl
2009-12-10 Name : Fedora Core 11 FEDORA-2009-12786 (kernel)
File : nvt/fcore_2009_12786.nasl
2009-12-10 Name : Fedora Core 12 FEDORA-2009-12825 (kernel)
File : nvt/fcore_2009_12825.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
60867 Linux Kernel Ext4 EXT4_IOC_MOVE_EXT Crafted IOCTL Local Privilege Escalation
60788 Linux Kernel net/ipv4/ip_fragment.c ip_frag_reasm Function NULL Dereference R...

Information Assurance Vulnerability Management (IAVM)

Date Description
2010-01-07 IAVM : 2010-A-0001 - Multiple Vulnerabilities in Linux Kernel
Severity : Category I - VMSKEY : V0022180

Nessus® Vulnerability Scanner

Date Description
2011-05-28 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-342-01.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-329.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-091218.nasl - Type : ACT_GATHER_INFO
2009-12-11 Name : The remote Fedora host is missing a security update.
File : fedora_2009-13039.nasl - Type : ACT_GATHER_INFO
2009-12-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-869-1.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12786.nasl - Type : ACT_GATHER_INFO
2009-12-08 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12825.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:06:26
  • Multiple Updates