Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Linux kernel vulnerabilities
Informations
Name USN-331-1 First vendor Publication 2006-08-03
Vendor Ubuntu Last vendor Modification 2006-08-03
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
linux-image-2.6.15-26-386 2.6.15-26.46
linux-image-2.6.15-26-686 2.6.15-26.46
linux-image-2.6.15-26-amd64-generic 2.6.15-26.46
linux-image-2.6.15-26-amd64-k8 2.6.15-26.46
linux-image-2.6.15-26-amd64-server 2.6.15-26.46
linux-image-2.6.15-26-amd64-xeon 2.6.15-26.46
linux-image-2.6.15-26-hppa32 2.6.15-26.46
linux-image-2.6.15-26-hppa32-smp 2.6.15-26.46
linux-image-2.6.15-26-hppa64 2.6.15-26.46
linux-image-2.6.15-26-hppa64-smp 2.6.15-26.46
linux-image-2.6.15-26-itanium 2.6.15-26.46
linux-image-2.6.15-26-itanium-smp 2.6.15-26.46
linux-image-2.6.15-26-k7 2.6.15-26.46
linux-image-2.6.15-26-mckinley 2.6.15-26.46
linux-image-2.6.15-26-mckinley-smp 2.6.15-26.46
linux-image-2.6.15-26-powerpc 2.6.15-26.46
linux-image-2.6.15-26-powerpc-smp 2.6.15-26.46
linux-image-2.6.15-26-powerpc64-smp 2.6.15-26.46
linux-image-2.6.15-26-server 2.6.15-26.46
linux-image-2.6.15-26-server-bigiron 2.6.15-26.46
linux-image-2.6.15-26-sparc64 2.6.15-26.46
linux-image-2.6.15-26-sparc64-smp 2.6.15-26.46

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Please note that Ubuntu 5.04 and 5.10 are also affected by these flaws. An update is in preparation and will be released shortly.

Details follow:

A Denial of service vulnerability was reported in iptables' SCTP conntrack module. On computers which use this iptables module, a remote attacker could expoit this to trigger a kernel crash. (CVE-2006-2934)

A buffer overflow has been discovered in the dvd_read_bca() function. By inserting a specially crafted DVD, USB stick, or similar automatically mounted removable device, a local user could crash the machine or potentially even execute arbitrary code with full root privileges. (CVE-2006-2935)

The ftdi_sio driver for serial USB ports did not limit the amount of pending data to be written. A local user could exploit this to drain all available kernel memory and thus render the system unusable. (CVE-2006-2936)

Additionally, this update fixes a range of bugs.

Original Source

Url : http://www.ubuntu.com/usn/USN-331-1

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-399 Resource Management Errors
33 % CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10265
 
Oval ID: oval:org.mitre.oval:def:10265
Title: The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued.
Description: The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2936
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10886
 
Oval ID: oval:org.mitre.oval:def:10886
Title: The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.
Description: The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2935
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10932
 
Oval ID: oval:org.mitre.oval:def:10932
Title: SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.
Description: SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2934
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 3
Os 1
Os 1396

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5011429.nasl
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5020521.nasl
2009-01-28 Name : SuSE Update for kernel-bigsmp SUSE-SA:2007:018
File : nvt/gb_suse_2007_018.nasl
2009-01-28 Name : SuSE Update for kernel SUSE-SA:2007:021
File : nvt/gb_suse_2007_021.nasl
2009-01-28 Name : SuSE Update for kernel SUSE-SA:2007:035
File : nvt/gb_suse_2007_035.nasl
2008-01-17 Name : Debian Security Advisory DSA 1183-1 (kernel-source-2.4.27)
File : nvt/deb_1183_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1184-1 (kernel-source-2.6.8)
File : nvt/deb_1184_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1184-2 (kernel-source-2.6.8)
File : nvt/deb_1184_2.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
27540 Linux Kernel cdrom.c dvd_read_bca Function USB Storage Device Overflow
27119 Linux Kernel ftdi_sio Serial Port Data Saturation Local DoS

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered because the 'ftdi_sio' serial driver cannot handle data at the rate it can be queued for, which may lead to consumption of all system memory resulting in loss of availability for the platform.
26963 Linux Kernel SCTP conntrack Chunkless Packet Remote DoS

Linux Kernel contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs when handling SCTP packets without a chunk, and will result in loss of availability for the platform.

Snort® IPS/IDS

Date Description
2014-01-10 kernel SCTP chunkless packet denial of service attempt
RuleID : 7021 - Revision : 9 - Type : OS-LINUX

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2006-0617.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2006-0710.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-1900.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-2605.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-2606.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-1896.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-346-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-331-1.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-2635.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0013.nasl - Type : ACT_GATHER_INFO
2006-12-16 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-151.nasl - Type : ACT_GATHER_INFO
2006-10-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO
2006-10-20 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1183.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1184.nasl - Type : ACT_GATHER_INFO
2006-08-30 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0617.nasl - Type : ACT_GATHER_INFO
2006-08-30 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO
2006-08-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0617.nasl - Type : ACT_GATHER_INFO
2006-08-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO
2006-05-09 Name : It is possible to crash the remote host by sending it a malformed SCTP packet.
File : linux_sctp_chunk_header_dos.nasl - Type : ACT_KILL_HOST

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:03:42
  • Multiple Updates