5 - USN-178-1

Executive Summary

Summary
Title	Linux kernel vulnerabilities

Informations
Name	USN-178-1	First vendor Publication	2005-09-09
Vendor	Ubuntu	Last vendor Modification	2005-09-09
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

linux-image-2.6.10-5-386 linux-image-2.6.10-5-686 linux-image-2.6.10-5-686-smp linux-image-2.6.10-5-amd64-generic linux-image-2.6.10-5-amd64-k8 linux-image-2.6.10-5-amd64-k8-smp linux-image-2.6.10-5-amd64-xeon linux-image-2.6.10-5-itanium linux-image-2.6.10-5-itanium-smp linux-image-2.6.10-5-k7 linux-image-2.6.10-5-k7-smp linux-image-2.6.10-5-mckinley linux-image-2.6.10-5-mckinley-smp linux-image-2.6.10-5-power3 linux-image-2.6.10-5-power3-smp linux-image-2.6.10-5-power4 linux-image-2.6.10-5-power4-smp linux-image-2.6.10-5-powerpc linux-image-2.6.10-5-powerpc-smp linux-image-2.6.8.1-5-386 linux-image-2.6.8.1-5-686 linux-image-2.6.8.1-5-686-smp linux-image-2.6.8.1-5-amd64-generic linux-image-2.6.8.1-5-amd64-k8 linux-image-2.6.8.1-5-amd64-k8-smp linux-image-2.6.8.1-5-amd64-xeon linux-image-2.6.8.1-5-k7 linux-image-2.6.8.1-5-k7-smp linux-image-2.6.8.1-5-power3 linux-image-2.6.8.1-5-power3-smp linux-image-2.6.8.1-5-power4 linux-image-2.6.8.1-5-power4-smp linux-image-2.6.8.1-5-powerpc linux-image-2.6.8.1-5-powerpc-smp linux-patch-debian-2.6.8.1 linux-patch-ubuntu-2.6.10

The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.22 (for Ubuntu 4.10), or 2.6.10-34.5 (for Ubuntu 5.04). After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Details follow:

Oleg Nesterov discovered a local Denial of Service vulnerability in the timer handling. When a non group-leader thread called exec() to execute a different program while an itimer was pending, the timer expiry would signal the old group leader task, which did not exist any more. This caused a kernel panic. This vulnerability only affects Ubuntu 5.04. (CAN-2005-1913)

Al Viro discovered that the sendmsg() function did not sufficiently validate its input data. By calling sendmsg() and at the same time modifying the passed message in another thread, he could exploit this to execute arbitrary commands with kernel privileges. This only affects the amd64 bit platform. (CAN-2005-2490)

Al Viro discovered a vulnerability in the raw_sendmsg() function. By calling this function with specially crafted arguments, a local attacker could either read kernel memory contents (leading to information disclosure) or manipulate the hardware state by reading certain IO ports. This vulnerability only affects Ubuntu 5.04. (CAN-2005-2492)

Jan Blunck discovered a Denial of Service vulnerability in the procfs interface of the SCSI driver. By repeatedly reading /proc/scsi/sg/devices, a local attacker could eventually exhaust kernel memory. (CAN-2005-2800)

A flaw was discovered in the handling of extended attributes on ext2 and ext3 file systems. Under certain condidions, this could prevent the enforcement of Access Control Lists, which eventually could lead to information disclosure, unauthorized program execution, or unauthorized data modification. This does not affect the standard Unix permissions. (CAN-2005-2801)

Chad Walstrom discovered a Denial of Service in the ipt_recent module, which can be used in netfilter (Firewall configuration). A remote attacker could exploit this to crash the kernel by sending certain packets (such as an SSH brute force attack) to a host which uses the "recent" module. (CAN-2005-2802)

Original Source

Url : http://www.ubuntu.com/usn/USN-178-1

CAPEC : Common Attack Pattern Enumeration & Classification

Id	Name
CAPEC-1	Accessing Functionality Not Properly Constrained by ACLs
CAPEC-13	Subverting Environment Variable Values
CAPEC-17	Accessing, Modifying or Executing Executable Files
CAPEC-39	Manipulating Opaque Client-based Data Tokens
CAPEC-45	Buffer Overflow via Symbolic Links
CAPEC-51	Poison Web Service Registry
CAPEC-59	Session Credential Falsification through Prediction
CAPEC-60	Reusing Session IDs (aka Session Replay)
CAPEC-76	Manipulating Input to File System Calls
CAPEC-77	Manipulating User-Controlled Variables
CAPEC-87	Forceful Browsing
CAPEC-104	Cross Zone Scripting

CWE : Common Weakness Enumeration

%	Id	Name
33 %	CWE-697	Insufficient Comparison
33 %	CWE-399	Resource Management Errors
33 %	CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10481

Oval ID:	oval:org.mitre.oval:def:10481
Title:	Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code by calling sendmsg and modifying the message contents in another thread.
Description:	Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users execute arbitrary code by calling sendmsg and modifying the message contents in another thread.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-2490	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kernel-BOOT is earlier than 0:2.4.21-37.EL AND kernel-unsupported is earlier than 0:2.4.21-37.EL AND kernel-smp-unsupported is earlier than 0:2.4.21-37.EL AND kernel-hugemem-unsupported is earlier than 0:2.4.21-37.EL AND kernel-hugemem is earlier than 0:2.4.21-37.EL AND kernel is earlier than 0:2.4.21-37.EL AND kernel-source is earlier than 0:2.4.21-37.EL AND kernel-doc is earlier than 0:2.4.21-37.EL AND kernel-smp is earlier than 0:2.4.21-37.EL OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kernel-smp-devel is earlier than 0:2.6.9-22.EL AND kernel-hugemem is earlier than 0:2.6.9-22.EL AND kernel-devel is earlier than 0:2.6.9-22.EL AND kernel is earlier than 0:2.6.9-22.EL AND kernel-hugemem-devel is earlier than 0:2.6.9-22.EL AND kernel-doc is earlier than 0:2.6.9-22.EL AND kernel-smp is earlier than 0:2.6.9-22.EL

Definition Id: oval:org.mitre.oval:def:10495

Oval ID:	oval:org.mitre.oval:def:10495
Title:	xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied.
Description:	xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-2801	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kernel-BOOT is earlier than 0:2.4.21-40.EL AND kernel-unsupported is earlier than 0:2.4.21-40.EL AND kernel-smp-unsupported is earlier than 0:2.4.21-40.EL AND kernel-hugemem-unsupported is earlier than 0:2.4.21-40.EL AND kernel-hugemem is earlier than 0:2.4.21-40.EL AND kernel is earlier than 0:2.4.21-40.EL AND kernel-source is earlier than 0:2.4.21-40.EL AND kernel-doc is earlier than 0:2.4.21-40.EL AND kernel-smp is earlier than 0:2.4.21-40.EL OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kernel-smp-devel is earlier than 0:2.6.9-22.EL AND kernel-hugemem is earlier than 0:2.6.9-22.EL AND kernel-devel is earlier than 0:2.6.9-22.EL AND kernel is earlier than 0:2.6.9-22.EL AND kernel-hugemem-devel is earlier than 0:2.6.9-22.EL AND kernel-doc is earlier than 0:2.6.9-22.EL AND kernel-smp is earlier than 0:2.6.9-22.EL

Definition Id: oval:org.mitre.oval:def:11031

Oval ID:	oval:org.mitre.oval:def:11031
Title:	The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.
Description:	The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-2492	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kernel-smp-devel is earlier than 0:2.6.9-22.EL AND kernel-hugemem is earlier than 0:2.6.9-22.EL AND kernel-devel is earlier than 0:2.6.9-22.EL AND kernel is earlier than 0:2.6.9-22.EL AND kernel-hugemem-devel is earlier than 0:2.6.9-22.EL AND kernel-doc is earlier than 0:2.6.9-22.EL AND kernel-smp is earlier than 0:2.6.9-22.EL

Definition Id: oval:org.mitre.oval:def:9954

Oval ID:	oval:org.mitre.oval:def:9954
Title:	Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error.
Description:	Memory leak in the seq_file implemenetation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-2800	Version:	8
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kernel-smp-devel is earlier than 0:2.6.9-22.0.2.EL AND kernel-hugemem is earlier than 0:2.6.9-22.0.2.EL AND kernel-devel is earlier than 0:2.6.9-22.0.2.EL AND kernel is earlier than 0:2.6.9-22.0.2.EL AND kernel-hugemem-devel is earlier than 0:2.6.9-22.0.2.EL AND kernel-doc is earlier than 0:2.6.9-22.0.2.EL AND kernel-smp is earlier than 0:2.6.9-22.0.2.EL

CPE : Common Platform Enumeration

Type	Description	Count
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:5.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:4.10:::::::*	2
Os	Linux Linux Kernel cpe:2.3:o:linux:linux_kernel:2.6.9:2.6.20:::::: cpe:2.3:o:linux:linux_kernel:2.6.8:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.8:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.8:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.7:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.7:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.6:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.6:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.5:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.4:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.3:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.2:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.13:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.12:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.11.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11:rc4:::::: cpe:2.3:o:linux:linux_kernel:2.6.11:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.11:rc3:::::: cpe:2.3:o:linux:linux_kernel:2.6.11:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.10:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.10:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:::::: cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:::::: cpe:2.3:o:linux:linux_kernel:2.6.1:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test4:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test8:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test10:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test6:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test9:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test5:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test7:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test11:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test1:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test3:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:test2:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:-:::::: cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:::::::*	44
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:4.0:::::::*	1

OpenVAS Exploits

Date	Description
2009-10-10	Name : SLES9: Security update for Linux kernel File : nvt/sles9p5015723.nasl
2008-01-17	Name : Debian Security Advisory DSA 1017-1 (kernel-source-2.6.8) File : nvt/deb_1017_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 921-1 (kernel-source-2.4.27) File : nvt/deb_921_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 922-1 (kernel-source-2.4.27) File : nvt/deb_922_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
19430	Linux Kernel ipt_recent u_int32_t Memset Remote DoS
19316	Linux Kernel procfs seq_file Memory Leak DoS
19315	Linux Kernel ipt_recent jiffies/LONG_MAX Timing DoS
19314	Linux Kernel ext2/ext3 xattr.c name_index Error ACL Failure
19261	Linux Kernel raw_sendmsg() Unspecified Memory Manipulation Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an error in the "raw_sendmsg()" function, which may allow a local unprivileged user to read kernel memory contents to obtain sensitive information or on some architectures cause a denial of service by manipulating hardware state, resulting in a loss of confidentiality and/or availability.
19260	Linux Kernel sendmsg() 32bit msg_control Copy Overflow
17478	Linux Kernel Timer Pending Subthread Exec Local DoS

Nessus® Vulnerability Scanner

Date	Description
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1017.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-921.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-922.nasl - Type : ACT_GATHER_INFO
2006-07-05	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0101.nasl - Type : ACT_GATHER_INFO
2006-07-05	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-514.nasl - Type : ACT_GATHER_INFO
2006-07-03	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-663.nasl - Type : ACT_GATHER_INFO
2006-07-03	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0144.nasl - Type : ACT_GATHER_INFO
2006-03-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0144.nasl - Type : ACT_GATHER_INFO
2006-01-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0101.nasl - Type : ACT_GATHER_INFO
2006-01-15	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-178-1.nasl - Type : ACT_GATHER_INFO
2006-01-15	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-235.nasl - Type : ACT_GATHER_INFO
2006-01-15	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-219.nasl - Type : ACT_GATHER_INFO
2005-10-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-514.nasl - Type : ACT_GATHER_INFO
2005-10-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-663.nasl - Type : ACT_GATHER_INFO
2005-10-05	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-906.nasl - Type : ACT_GATHER_INFO
2005-10-05	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-905.nasl - Type : ACT_GATHER_INFO
2005-07-05	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-510.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:01:45	Multiple Updates
2013-05-11 12:25:10	Multiple Updates

Global Informations

Type	Count
Capec ID(s)	12
CWE ID(s)	5
Oval ID(s)	4
CPE ID(s)	47
osvdb(s)	7
Openvas Exploit(s)	4
Nessus® Exploit(s)	17

	Related
7.5	CVE-2005-2801
4.6	CVE-2005-2490
3.6	CVE-2005-2492
2.1	CVE-2005-2800
2.1	CVE-2005-1913
0	CVE-2005-2802
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)

5 - USN-178-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CAPEC : Common Attack Pattern Enumeration & Classification

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU