Executive Summary
Summary | |
---|---|
Title | Linux kernel vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-103-1 | First vendor Publication | 2005-04-01 |
Vendor | Ubuntu | Last vendor Modification | 2005-04-01 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: linux-image-2.6.8.1-5-386 linux-image-2.6.8.1-5-686 linux-image-2.6.8.1-5-686-smp linux-image-2.6.8.1-5-amd64-generic linux-image-2.6.8.1-5-amd64-k8 linux-image-2.6.8.1-5-amd64-k8-smp linux-image-2.6.8.1-5-amd64-xeon linux-image-2.6.8.1-5-k7 linux-image-2.6.8.1-5-k7-smp linux-image-2.6.8.1-5-power3 linux-image-2.6.8.1-5-power3-smp linux-image-2.6.8.1-5-power4 linux-image-2.6.8.1-5-power4-smp linux-image-2.6.8.1-5-powerpc linux-image-2.6.8.1-5-powerpc-smp linux-patch-debian-2.6.8.1 The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.13. You need to reboot the computer after doing a standard system upgrade to effect the necessary changes. Details follow: Mathieu Lafon discovered an information leak in the ext2 file system driver. When a new directory was created, the ext2 block written to disk was not initialized, so that previous memory contents (which could contain sensitive data like passwords) became visible on the raw device. This is particularly important if the target device is removable and thus can be read by users other than root. (CAN-2005-0400) Yichen Xie discovered a Denial of Service vulnerability in the ELF loader. A specially crafted ELF library or executable could cause an attempt to free an invalid pointer, which lead to a kernel crash. (CAN-2005-0749) Ilja van Sprundel discovered that the bluez_sock_create() function did not check its "protocol" argument for negative values. A local attacker could exploit this to execute arbitrary code with root privileges by creating a Bluetooth socket with a specially crafted protocol number. (CAN-2005-0750) Michal Zalewski discovered that the iso9660 file system driver fails to check ranges properly in several cases. Mounting a specially crafted CD-ROM may have caused a buffer overflow leading to a kernel crash or even arbitrary code execution. (CAN-2005-0815) Previous kernels did not restrict the use of the N_MOUSE line discipline in the serial driver. This allowed an unprivileged user to inject mouse movement and/or keystrokes (using the sunkbd driver) into the input subsystem, taking over the console or an X session, where another user is logged in. (CAN-2005-0839) A Denial of Service vulnerability was found in the tmpfs driver, which is commonly used to mount RAM disks below /dev/shm and /tmp. The shm_nopage() did not properly verify its address argument, which could be exploited by a local user to cause a kernel crash with invalid addresses. (http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg) |
Original Source
Url : http://www.ubuntu.com/usn/USN-103-1 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10336 | |||
Oval ID: | oval:org.mitre.oval:def:10336 | ||
Title: | The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761. | ||
Description: | The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0400 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10400 | |||
Oval ID: | oval:org.mitre.oval:def:10400 | ||
Title: | The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address. | ||
Description: | The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0977 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10640 | |||
Oval ID: | oval:org.mitre.oval:def:10640 | ||
Title: | The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer. | ||
Description: | The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0749 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11719 | |||
Oval ID: | oval:org.mitre.oval:def:11719 | ||
Title: | The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. | ||
Description: | The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0750 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9307 | |||
Oval ID: | oval:org.mitre.oval:def:9307 | ||
Title: | Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem. | ||
Description: | Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0815 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9460 | |||
Oval ID: | oval:org.mitre.oval:def:9460 | ||
Title: | Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions. | ||
Description: | Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0839 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for kernel File : nvt/sles9p5009598.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
15730 | Linux Kernel shmem_nopage Function Invalid Address Local DoS Redhat Linux Kernel 2.6 contains a flaw that may allow a local denial of service. The issue is triggered when shmem_nopage function in shmem.c for the tmpfs driver does not properly verify the address argument occurs, and will result in loss of availability for the system. |
15116 | Linux Kernel load_elf_library elf_phdata Modification DoS Linux Kernel contains a flaw that may allow a local denial of service. The issue due to load_elf_library modifing `elf_phdata' before freeing it, which will lead to a loss of availability of system. |
15115 | Linux Kernel ext2 Directory Creation Arbitrary Memory Disclosure The Linux kernel EXT2 filesystem contains a flaw that may lead to an unauthorized information disclosure. The problem is that the 'ext2_make_empty()' function does not properly clear filesystem contents when creating a directory and the block written to store the '.' and '..' directory entries remains uninitialized. Up to 4,072 bytes of kernel memory may be leaked on each directory creation, which may allow a malicious user to disclose sensitive kernel memory contents resulting in a loss of confidentiality. |
15084 | Linux Kernel bluez_sock_create() Local Underflow |
14964 | Linux Kernel N_MOUSE Privilege Escalation |
14866 | Linux Kernel Malformed ISO9660 File System Command Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-293.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-366.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-663.nasl - Type : ACT_GATHER_INFO |
2006-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0191.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-103-1.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-663.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-313.nasl - Type : ACT_GATHER_INFO |
2005-08-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-529.nasl - Type : ACT_GATHER_INFO |
2005-07-01 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-110.nasl - Type : ACT_GATHER_INFO |
2005-07-01 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-111.nasl - Type : ACT_GATHER_INFO |
2005-06-10 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_029.nasl - Type : ACT_GATHER_INFO |
2005-05-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-262.nasl - Type : ACT_GATHER_INFO |
2005-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-283.nasl - Type : ACT_GATHER_INFO |
2005-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-293.nasl - Type : ACT_GATHER_INFO |
2005-04-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-366.nasl - Type : ACT_GATHER_INFO |
2005-04-06 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_021.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:58:07 |
|
2013-05-11 12:24:57 |
|