Executive Summary
Summary | |
---|---|
Title | Linux kernel vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-199-1 | First vendor Publication | 2005-10-10 |
Vendor | Ubuntu | Last vendor Modification | 2005-10-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 2.6 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: linux-image-2.6.10-5-386 linux-image-2.6.10-5-686 linux-image-2.6.10-5-686-smp linux-image-2.6.10-5-amd64-generic linux-image-2.6.10-5-amd64-k8 linux-image-2.6.10-5-amd64-k8-smp linux-image-2.6.10-5-amd64-xeon linux-image-2.6.10-5-itanium linux-image-2.6.10-5-itanium-smp linux-image-2.6.10-5-k7 linux-image-2.6.10-5-k7-smp linux-image-2.6.10-5-mckinley linux-image-2.6.10-5-mckinley-smp linux-image-2.6.10-5-power3 linux-image-2.6.10-5-power3-smp linux-image-2.6.10-5-power4 linux-image-2.6.10-5-power4-smp linux-image-2.6.10-5-powerpc linux-image-2.6.10-5-powerpc-smp linux-image-2.6.8.1-5-386 linux-image-2.6.8.1-5-686 linux-image-2.6.8.1-5-686-smp linux-image-2.6.8.1-5-amd64-generic linux-image-2.6.8.1-5-amd64-k8 linux-image-2.6.8.1-5-amd64-k8-smp linux-image-2.6.8.1-5-amd64-xeon linux-image-2.6.8.1-5-k7 linux-image-2.6.8.1-5-k7-smp linux-image-2.6.8.1-5-power3 linux-image-2.6.8.1-5-power3-smp linux-image-2.6.8.1-5-power4 linux-image-2.6.8.1-5-power4-smp linux-image-2.6.8.1-5-powerpc linux-image-2.6.8.1-5-powerpc-smp linux-patch-debian-2.6.8.1 linux-patch-ubuntu-2.6.10 The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.24 (for Ubuntu 4.10), or 2.6.10-34.7 (for Ubuntu 5.04). After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: A Denial of Service vulnerability was discovered in the sys_set_mempolicy() function. By calling the function with a negative first argument, a local attacker could cause a kernel crash. (CAN-2005-3053) A race condition was discovered in the handling of shared memory mappings with CLONE_VM. A local attacker could exploit this to cause a deadlock (Denial of Service) by triggering a core dump while waiting for a thread which had just performed an exec() system call. (CAN-2005-3106) A race condition was found in the handling of traced processes. When one thread was tracing another thread that shared the same memory map, a local attacker could trigger a deadlock (Denial of Service) by forcing a core dump when the traced thread was in the TASK_TRACED state. (CAN-2005-3107) A vulnerability has been found in the "ioremap" module. By performing certain IO mapping operations, a local attacker could either read memory pages he has not normally access to (information leak) or cause a kernel crash (Denial of Service). This only affects the amd64 platform. (CAN-2005-3108) The HFS and HFS+ file system drivers did not properly verify that the file system that was attempted to be mounted really was HFS/HFS+. On machines which allow users to mount arbitrary removable devices as HFS or HFS+ with an /etc/fstab entry, this could be exploited to trigger a kernel crash. (CAN-2005-3109) Steve Herrel discovered a race condition in the "ebtables" netfilter module. A remote attacker could exploit this by sending specially crafted packets that caused a value to be modified after it had been read but before it had been locked. This eventually lead to a kernel crash. This only affects multiprocessor machines (SMP). (CAN-2005-3110) Robert Derr discovered a memory leak in the system call auditing code. On a kernel which has the CONFIG_AUDITSYSCALL option enabled, this leads to memory exhaustion and eventually a Denial of Service. A local attacker could also speed this up by excessively calling system calls. This only affects customized kernels built from the kernel source packages. The standard Ubuntu kernel does not have the CONFIG_AUDITSYSCALL option enabled, and is therefore not affected by this. (http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=829841146878e082613a49581ae252c071057c23) |
Original Source
Url : http://www.ubuntu.com/usn/USN-199-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-667 | Insufficient Locking |
33 % | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
33 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10576 | |||
Oval ID: | oval:org.mitre.oval:def:10576 | ||
Title: | The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument. | ||
Description: | The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3053 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10777 | |||
Oval ID: | oval:org.mitre.oval:def:10777 | ||
Title: | The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus. | ||
Description: | The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3109 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11322 | |||
Oval ID: | oval:org.mitre.oval:def:11322 | ||
Title: | mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist. | ||
Description: | mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3108 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11403 | |||
Oval ID: | oval:org.mitre.oval:def:11403 | ||
Title: | Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be modified after it has been read but before it has been locked. | ||
Description: | Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be modified after it has been read but before it has been locked. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3110 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11473 | |||
Oval ID: | oval:org.mitre.oval:def:11473 | ||
Title: | fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state. | ||
Description: | fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3107 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9108 | |||
Oval ID: | oval:org.mitre.oval:def:9108 | ||
Title: | Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec. | ||
Description: | Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3106 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9467 | |||
Oval ID: | oval:org.mitre.oval:def:9467 | ||
Title: | The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption). | ||
Description: | The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3181 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5015723.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1017-1 (kernel-source-2.6.8) File : nvt/deb_1017_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 922-1 (kernel-source-2.4.27) File : nvt/deb_922_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
19932 | Linux Kernel on AMD64 ioremap Module Local DoS |
19931 | Linux Kernel on AMD64 ioremap Module Arbitrary Memory Disclosure |
19930 | Linux Kernel CLONE_VM Shared Memory Local DoS |
19929 | Linux Kernel Traced Thread Common Memory Map Local DoS |
19928 | Linux Kernel HFS/HFS+ Driver Crafted Filesystem Mount DoS |
19927 | Linux Kernel ebtables Netfilter Module Race Condition DoS |
19924 | Linux Kernel /fs/namei.c CONFIG_AUDITSYSCALL Local DoS |
19734 | Linux Kernel mempolicy.c sys_set_mempolicy Negative Argument DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1017.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-922.nasl - Type : ACT_GATHER_INFO |
2006-08-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0437.nasl - Type : ACT_GATHER_INFO |
2006-07-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0437.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-420.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-808.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0101.nasl - Type : ACT_GATHER_INFO |
2006-01-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0101.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-219.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-235.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-199-1.nasl - Type : ACT_GATHER_INFO |
2005-12-08 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_067.nasl - Type : ACT_GATHER_INFO |
2005-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-808.nasl - Type : ACT_GATHER_INFO |
2005-10-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1007.nasl - Type : ACT_GATHER_INFO |
2005-06-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-420.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:02:37 |
|