Executive Summary

Summary
Title Linux kernel vulnerabilities
Informations
Name USN-103-1 First vendor Publication 2005-04-01
Vendor Ubuntu Last vendor Modification 2005-04-01
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-5-386 linux-image-2.6.8.1-5-686 linux-image-2.6.8.1-5-686-smp linux-image-2.6.8.1-5-amd64-generic linux-image-2.6.8.1-5-amd64-k8 linux-image-2.6.8.1-5-amd64-k8-smp linux-image-2.6.8.1-5-amd64-xeon linux-image-2.6.8.1-5-k7 linux-image-2.6.8.1-5-k7-smp linux-image-2.6.8.1-5-power3 linux-image-2.6.8.1-5-power3-smp linux-image-2.6.8.1-5-power4 linux-image-2.6.8.1-5-power4-smp linux-image-2.6.8.1-5-powerpc linux-image-2.6.8.1-5-powerpc-smp linux-patch-debian-2.6.8.1

The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.13. You need to reboot the computer after doing a standard system upgrade to effect the necessary changes.

Details follow:

Mathieu Lafon discovered an information leak in the ext2 file system driver. When a new directory was created, the ext2 block written to disk was not initialized, so that previous memory contents (which could contain sensitive data like passwords) became visible on the raw device. This is particularly important if the target device is removable and thus can be read by users other than root. (CAN-2005-0400)

Yichen Xie discovered a Denial of Service vulnerability in the ELF loader. A specially crafted ELF library or executable could cause an attempt to free an invalid pointer, which lead to a kernel crash. (CAN-2005-0749)

Ilja van Sprundel discovered that the bluez_sock_create() function did not check its "protocol" argument for negative values. A local attacker could exploit this to execute arbitrary code with root privileges by creating a Bluetooth socket with a specially crafted protocol number. (CAN-2005-0750)

Michal Zalewski discovered that the iso9660 file system driver fails to check ranges properly in several cases. Mounting a specially crafted CD-ROM may have caused a buffer overflow leading to a kernel crash or even arbitrary code execution. (CAN-2005-0815)

Previous kernels did not restrict the use of the N_MOUSE line discipline in the serial driver. This allowed an unprivileged user to inject mouse movement and/or keystrokes (using the sunkbd driver) into the input subsystem, taking over the console or an X session, where another user is logged in. (CAN-2005-0839)

A Denial of Service vulnerability was found in the tmpfs driver, which is commonly used to mount RAM disks below /dev/shm and /tmp. The shm_nopage() did not properly verify its address argument, which could be exploited by a local user to cause a kernel crash with invalid addresses. (http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg)

Original Source

Url : http://www.ubuntu.com/usn/USN-103-1

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10336
 
Oval ID: oval:org.mitre.oval:def:10336
Title: The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761.
Description: The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0400
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10400
 
Oval ID: oval:org.mitre.oval:def:10400
Title: The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address.
Description: The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0977
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10640
 
Oval ID: oval:org.mitre.oval:def:10640
Title: The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer.
Description: The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0749
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11719
 
Oval ID: oval:org.mitre.oval:def:11719
Title: The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
Description: The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0750
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9307
 
Oval ID: oval:org.mitre.oval:def:9307
Title: Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.
Description: Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0815
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9460
 
Oval ID: oval:org.mitre.oval:def:9460
Title: Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions.
Description: Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0839
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1
Os 636
Os 3
Os 1
Os 3
Os 4
Os 2
Os 2

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for kernel
File : nvt/sles9p5009598.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
15730 Linux Kernel shmem_nopage Function Invalid Address Local DoS

Redhat Linux Kernel 2.6 contains a flaw that may allow a local denial of service. The issue is triggered when shmem_nopage function in shmem.c for the tmpfs driver does not properly verify the address argument occurs, and will result in loss of availability for the system.
15116 Linux Kernel load_elf_library elf_phdata Modification DoS

Linux Kernel contains a flaw that may allow a local denial of service. The issue due to load_elf_library modifing `elf_phdata' before freeing it, which will lead to a loss of availability of system.
15115 Linux Kernel ext2 Directory Creation Arbitrary Memory Disclosure

The Linux kernel EXT2 filesystem contains a flaw that may lead to an unauthorized information disclosure. The problem is that the 'ext2_make_empty()' function does not properly clear filesystem contents when creating a directory and the block written to store the '.' and '..' directory entries remains uninitialized. Up to 4,072 bytes of kernel memory may be leaked on each directory creation, which may allow a malicious user to disclose sensitive kernel memory contents resulting in a loss of confidentiality.
15084 Linux Kernel bluez_sock_create() Local Underflow

14964 Linux Kernel N_MOUSE Privilege Escalation

14866 Linux Kernel Malformed ISO9660 File System Command Execution

Nessus® Vulnerability Scanner

Date Description
2006-07-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-293.nasl - Type : ACT_GATHER_INFO
2006-07-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-366.nasl - Type : ACT_GATHER_INFO
2006-07-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-663.nasl - Type : ACT_GATHER_INFO
2006-02-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0191.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-103-1.nasl - Type : ACT_GATHER_INFO
2005-10-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-663.nasl - Type : ACT_GATHER_INFO
2005-09-12 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-313.nasl - Type : ACT_GATHER_INFO
2005-08-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-529.nasl - Type : ACT_GATHER_INFO
2005-07-01 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-110.nasl - Type : ACT_GATHER_INFO
2005-07-01 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-111.nasl - Type : ACT_GATHER_INFO
2005-06-10 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2005_029.nasl - Type : ACT_GATHER_INFO
2005-05-19 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-262.nasl - Type : ACT_GATHER_INFO
2005-04-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-283.nasl - Type : ACT_GATHER_INFO
2005-04-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-293.nasl - Type : ACT_GATHER_INFO
2005-04-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-366.nasl - Type : ACT_GATHER_INFO
2005-04-06 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2005_021.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:58:07
  • Multiple Updates
2013-05-11 12:24:57
  • Multiple Updates