Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Linux kernel vulnerabilities
Informations
Name USN-346-1 First vendor Publication 2006-09-14
Vendor Ubuntu Last vendor Modification 2006-09-14
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
linux-image-2.6.10-6-386 2.6.10-34.23
linux-image-2.6.10-6-686 2.6.10-34.23
linux-image-2.6.10-6-686-smp 2.6.10-34.23
linux-image-2.6.10-6-amd64-generic 2.6.10-34.23
linux-image-2.6.10-6-amd64-k8 2.6.10-34.23
linux-image-2.6.10-6-amd64-k8-smp 2.6.10-34.23
linux-image-2.6.10-6-amd64-xeon 2.6.10-34.23
linux-image-2.6.10-6-hppa32 2.6.10-34.23
linux-image-2.6.10-6-hppa32-smp 2.6.10-34.23
linux-image-2.6.10-6-hppa64 2.6.10-34.23
linux-image-2.6.10-6-hppa64-smp 2.6.10-34.23
linux-image-2.6.10-6-itanium 2.6.10-34.23
linux-image-2.6.10-6-itanium-smp 2.6.10-34.23
linux-image-2.6.10-6-k7 2.6.10-34.23
linux-image-2.6.10-6-k7-smp 2.6.10-34.23
linux-image-2.6.10-6-mckinley 2.6.10-34.23
linux-image-2.6.10-6-mckinley-smp 2.6.10-34.23
linux-image-2.6.10-6-power3 2.6.10-34.23
linux-image-2.6.10-6-power3-smp 2.6.10-34.23
linux-image-2.6.10-6-power4 2.6.10-34.23
linux-image-2.6.10-6-power4-smp 2.6.10-34.23
linux-image-2.6.10-6-powerpc 2.6.10-34.23
linux-image-2.6.10-6-powerpc-smp 2.6.10-34.23
linux-image-2.6.10-6-sparc64 2.6.10-34.23
linux-image-2.6.10-6-sparc64-smp 2.6.10-34.23
linux-patch-ubuntu-2.6.10 2.6.10-34.23

Ubuntu 5.10:
linux-image-2.6.12-10-386 2.6.12-10.39
linux-image-2.6.12-10-686 2.6.12-10.39
linux-image-2.6.12-10-686-smp 2.6.12-10.39
linux-image-2.6.12-10-amd64-generic 2.6.12-10.39
linux-image-2.6.12-10-amd64-k8 2.6.12-10.39
linux-image-2.6.12-10-amd64-k8-smp 2.6.12-10.39
linux-image-2.6.12-10-amd64-xeon 2.6.12-10.39
linux-image-2.6.12-10-hppa32 2.6.12-10.39
linux-image-2.6.12-10-hppa32-smp 2.6.12-10.39
linux-image-2.6.12-10-hppa64 2.6.12-10.39
linux-image-2.6.12-10-hppa64-smp 2.6.12-10.39
linux-image-2.6.12-10-iseries-smp 2.6.12-10.39
linux-image-2.6.12-10-itanium 2.6.12-10.39
linux-image-2.6.12-10-itanium-smp 2.6.12-10.39
linux-image-2.6.12-10-k7 2.6.12-10.39
linux-image-2.6.12-10-k7-smp 2.6.12-10.39
linux-image-2.6.12-10-mckinley 2.6.12-10.39
linux-image-2.6.12-10-mckinley-smp 2.6.12-10.39
linux-image-2.6.12-10-powerpc 2.6.12-10.39
linux-image-2.6.12-10-powerpc-smp 2.6.12-10.39
linux-image-2.6.12-10-powerpc64-smp 2.6.12-10.39
linux-image-2.6.12-10-sparc64 2.6.12-10.39
linux-image-2.6.12-10-sparc64-smp 2.6.12-10.39
linux-patch-ubuntu-2.6.12 2.6.12-10.39

Ubuntu 6.06 LTS:
linux-image-2.6.15-26-386 2.6.15-26.47
linux-image-2.6.15-26-686 2.6.15-26.47
linux-image-2.6.15-26-amd64-generic 2.6.15-26.47
linux-image-2.6.15-26-amd64-k8 2.6.15-26.47
linux-image-2.6.15-26-amd64-server 2.6.15-26.47
linux-image-2.6.15-26-amd64-xeon 2.6.15-26.47
linux-image-2.6.15-26-hppa32 2.6.15-26.47
linux-image-2.6.15-26-hppa32-smp 2.6.15-26.47
linux-image-2.6.15-26-hppa64 2.6.15-26.47
linux-image-2.6.15-26-hppa64-smp 2.6.15-26.47
linux-image-2.6.15-26-itanium 2.6.15-26.47
linux-image-2.6.15-26-itanium-smp 2.6.15-26.47
linux-image-2.6.15-26-k7 2.6.15-26.47
linux-image-2.6.15-26-mckinley 2.6.15-26.47
linux-image-2.6.15-26-mckinley-smp 2.6.15-26.47
linux-image-2.6.15-26-powerpc 2.6.15-26.47
linux-image-2.6.15-26-powerpc-smp 2.6.15-26.47
linux-image-2.6.15-26-powerpc64-smp 2.6.15-26.47
linux-image-2.6.15-26-server 2.6.15-26.47
linux-image-2.6.15-26-server-bigiron 2.6.15-26.47
linux-image-2.6.15-26-sparc64 2.6.15-26.47
linux-image-2.6.15-26-sparc64-smp 2.6.15-26.47
linux-source-2.6.15 2.6.15-26.47

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Details follow:

A Denial of service vulnerability was reported in iptables' SCTP conntrack module. On computers which use this iptables module, a remote attacker could expoit this to trigger a kernel crash. (CVE-2006-2934)

A buffer overflow has been discovered in the dvd_read_bca() function. By inserting a specially crafted DVD, USB stick, or similar automatically mounted removable device, a local user could crash the machine or potentially even execute arbitrary code with full root privileges. (CVE-2006-2935)

The ftdi_sio driver for serial USB ports did not limit the amount of pending data to be written. A local user could exploit this to drain all available kernel memory and thus render the system unusable. (CVE-2006-2936)

James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. (CVE-2006-3468)

Wei Wang of McAfee Avert Labs discovered a buffer overflow in the sctp_make_abort_user() function of iptables' SCTP module. On computers which use this module, a local attacker could expoit this to execute arbitrary code with root privileges. (CVE-2006-3745)

Olof Johansson discovered that the kernel did not disable the 'HID0' bit on PowerPC 970 processors so that the ATTN instruction was enabled. A local user could exploit this to crash the kernel. This flaw only affects the powerpc architecture. (CVE-2006-4093)

The UDF file system does not handle extends larger than 1 GB, but did not check for this restriction on truncating files. A local user could exploit this to crash the kernel. (CVE-2006-4145)

Original Source

Url : http://www.ubuntu.com/usn/USN-346-1

CWE : Common Weakness Enumeration

% Id Name
75 % CWE-399 Resource Management Errors
25 % CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10265
 
Oval ID: oval:org.mitre.oval:def:10265
Title: The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued.
Description: The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2936
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10666
 
Oval ID: oval:org.mitre.oval:def:10666
Title: Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."
Description: Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."
Family: unix Class: vulnerability
Reference(s): CVE-2006-4093
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10706
 
Oval ID: oval:org.mitre.oval:def:10706
Title: Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors.
Description: Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3745
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10796
 
Oval ID: oval:org.mitre.oval:def:10796
Title: The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command.
Description: The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command.
Family: unix Class: vulnerability
Reference(s): CVE-2006-4145
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10886
 
Oval ID: oval:org.mitre.oval:def:10886
Title: The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.
Description: The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2935
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10932
 
Oval ID: oval:org.mitre.oval:def:10932
Title: SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.
Description: SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2934
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9809
 
Oval ID: oval:org.mitre.oval:def:9809
Title: Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.
Description: Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.
Family: unix Class: vulnerability
Reference(s): CVE-2006-3468
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 4
Os 1
Os 1396

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5011429.nasl
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5012650.nasl
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5019905.nasl
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5020521.nasl
2009-01-28 Name : SuSE Update for kernel-bigsmp SUSE-SA:2007:018
File : nvt/gb_suse_2007_018.nasl
2009-01-28 Name : SuSE Update for kernel SUSE-SA:2007:021
File : nvt/gb_suse_2007_021.nasl
2009-01-28 Name : SuSE Update for kernel SUSE-SA:2007:035
File : nvt/gb_suse_2007_035.nasl
2009-01-28 Name : SuSE Update for kernel SUSE-SA:2007:053
File : nvt/gb_suse_2007_053.nasl
2008-01-17 Name : Debian Security Advisory DSA 1183-1 (kernel-source-2.4.27)
File : nvt/deb_1183_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1184-1 (kernel-source-2.6.8)
File : nvt/deb_1184_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1184-2 (kernel-source-2.6.8)
File : nvt/deb_1184_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1237-1 (kernel-source-2.4.27)
File : nvt/deb_1237_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
28315 Linux Kernel Universal Disk Format (UDF) Truncated File DoS
28119 Linux Kernel SCTP sctp_make_abort_user() Function Local Privilege Escalation
28034 Linux Kernel Uncleared HID0[31] Bit DoS
27973 Linux Kernel UDF Truncation Local DoS

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when certain file truncations occur on UDF file system, and will result in loss of availability for the platform.
27812 Linux Kernel NFS/EXT3 Invalid Inode Number Remote DoS
27540 Linux Kernel cdrom.c dvd_read_bca Function USB Storage Device Overflow
27119 Linux Kernel ftdi_sio Serial Port Data Saturation Local DoS

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered because the 'ftdi_sio' serial driver cannot handle data at the rate it can be queued for, which may lead to consumption of all system memory resulting in loss of availability for the platform.
26963 Linux Kernel SCTP conntrack Chunkless Packet Remote DoS

Linux Kernel contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs when handling SCTP packets without a chunk, and will result in loss of availability for the platform.

Snort® IPS/IDS

Date Description
2014-01-10 kernel SCTP chunkless packet denial of service attempt
RuleID : 7021 - Revision : 9 - Type : OS-LINUX

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2006-0710.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2006-0617.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-1900.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-2096.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-debug-2393.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-2605.nasl - Type : ACT_GATHER_INFO
2008-07-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0665.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-1896.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-2097.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-2606.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-bigsmp-2399.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-331-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-346-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-346-2.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-2635.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-2397.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-2099.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-182.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2006_057.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0013.nasl - Type : ACT_GATHER_INFO
2006-12-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1237.nasl - Type : ACT_GATHER_INFO
2006-12-16 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-151.nasl - Type : ACT_GATHER_INFO
2006-10-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO
2006-10-20 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1184.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1183.nasl - Type : ACT_GATHER_INFO
2006-10-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0689.nasl - Type : ACT_GATHER_INFO
2006-10-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0689.nasl - Type : ACT_GATHER_INFO
2006-08-30 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO
2006-08-30 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0617.nasl - Type : ACT_GATHER_INFO
2006-08-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0617.nasl - Type : ACT_GATHER_INFO
2006-08-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO
2006-05-09 Name : It is possible to crash the remote host by sending it a malformed SCTP packet.
File : linux_sctp_chunk_header_dos.nasl - Type : ACT_KILL_HOST

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:03:45
  • Multiple Updates