Executive Summary
Summary | |
---|---|
Title | Linux kernel vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-346-1 | First vendor Publication | 2006-09-14 |
Vendor | Ubuntu | Last vendor Modification | 2006-09-14 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: Ubuntu 5.10: Ubuntu 6.06 LTS: After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: A Denial of service vulnerability was reported in iptables' SCTP conntrack module. On computers which use this iptables module, a remote attacker could expoit this to trigger a kernel crash. (CVE-2006-2934) A buffer overflow has been discovered in the dvd_read_bca() function. By inserting a specially crafted DVD, USB stick, or similar automatically mounted removable device, a local user could crash the machine or potentially even execute arbitrary code with full root privileges. (CVE-2006-2935) The ftdi_sio driver for serial USB ports did not limit the amount of pending data to be written. A local user could exploit this to drain all available kernel memory and thus render the system unusable. (CVE-2006-2936) James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. (CVE-2006-3468) Wei Wang of McAfee Avert Labs discovered a buffer overflow in the sctp_make_abort_user() function of iptables' SCTP module. On computers which use this module, a local attacker could expoit this to execute arbitrary code with root privileges. (CVE-2006-3745) Olof Johansson discovered that the kernel did not disable the 'HID0' bit on PowerPC 970 processors so that the ATTN instruction was enabled. A local user could exploit this to crash the kernel. This flaw only affects the powerpc architecture. (CVE-2006-4093) The UDF file system does not handle extends larger than 1 GB, but did not check for this restriction on truncating files. A local user could exploit this to crash the kernel. (CVE-2006-4145) |
Original Source
Url : http://www.ubuntu.com/usn/USN-346-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
75 % | CWE-399 | Resource Management Errors |
25 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10265 | |||
Oval ID: | oval:org.mitre.oval:def:10265 | ||
Title: | The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued. | ||
Description: | The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-2936 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10666 | |||
Oval ID: | oval:org.mitre.oval:def:10666 | ||
Title: | Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." | ||
Description: | Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4093 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10706 | |||
Oval ID: | oval:org.mitre.oval:def:10706 | ||
Title: | Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors. | ||
Description: | Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-3745 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10796 | |||
Oval ID: | oval:org.mitre.oval:def:10796 | ||
Title: | The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command. | ||
Description: | The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4145 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10886 | |||
Oval ID: | oval:org.mitre.oval:def:10886 | ||
Title: | The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow. | ||
Description: | The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-2935 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10932 | |||
Oval ID: | oval:org.mitre.oval:def:10932 | ||
Title: | SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer. | ||
Description: | SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-2934 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9809 | |||
Oval ID: | oval:org.mitre.oval:def:9809 | ||
Title: | Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only. | ||
Description: | Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-3468 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5011429.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5012650.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5019905.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5020521.nasl |
2009-01-28 | Name : SuSE Update for kernel-bigsmp SUSE-SA:2007:018 File : nvt/gb_suse_2007_018.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:021 File : nvt/gb_suse_2007_021.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:035 File : nvt/gb_suse_2007_035.nasl |
2009-01-28 | Name : SuSE Update for kernel SUSE-SA:2007:053 File : nvt/gb_suse_2007_053.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1183-1 (kernel-source-2.4.27) File : nvt/deb_1183_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1184-1 (kernel-source-2.6.8) File : nvt/deb_1184_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1184-2 (kernel-source-2.6.8) File : nvt/deb_1184_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1237-1 (kernel-source-2.4.27) File : nvt/deb_1237_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
28315 | Linux Kernel Universal Disk Format (UDF) Truncated File DoS |
28119 | Linux Kernel SCTP sctp_make_abort_user() Function Local Privilege Escalation |
28034 | Linux Kernel Uncleared HID0[31] Bit DoS |
27973 | Linux Kernel UDF Truncation Local DoS The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when certain file truncations occur on UDF file system, and will result in loss of availability for the platform. |
27812 | Linux Kernel NFS/EXT3 Invalid Inode Number Remote DoS |
27540 | Linux Kernel cdrom.c dvd_read_bca Function USB Storage Device Overflow |
27119 | Linux Kernel ftdi_sio Serial Port Data Saturation Local DoS The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered because the 'ftdi_sio' serial driver cannot handle data at the rate it can be queued for, which may lead to consumption of all system memory resulting in loss of availability for the platform. |
26963 | Linux Kernel SCTP conntrack Chunkless Packet Remote DoS Linux Kernel contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs when handling SCTP packets without a chunk, and will result in loss of availability for the platform. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | kernel SCTP chunkless packet denial of service attempt RuleID : 7021 - Revision : 9 - Type : OS-LINUX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0710.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0617.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-1900.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-2096.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-debug-2393.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-2605.nasl - Type : ACT_GATHER_INFO |
2008-07-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0665.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-1896.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-2097.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-2606.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-bigsmp-2399.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-331-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-346-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-346-2.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-2635.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-2397.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-2099.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-182.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_057.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0013.nasl - Type : ACT_GATHER_INFO |
2006-12-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1237.nasl - Type : ACT_GATHER_INFO |
2006-12-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-151.nasl - Type : ACT_GATHER_INFO |
2006-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO |
2006-10-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1184.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1183.nasl - Type : ACT_GATHER_INFO |
2006-10-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0689.nasl - Type : ACT_GATHER_INFO |
2006-10-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0689.nasl - Type : ACT_GATHER_INFO |
2006-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO |
2006-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0617.nasl - Type : ACT_GATHER_INFO |
2006-08-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0617.nasl - Type : ACT_GATHER_INFO |
2006-08-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0575.nasl - Type : ACT_GATHER_INFO |
2006-05-09 | Name : It is possible to crash the remote host by sending it a malformed SCTP packet. File : linux_sctp_chunk_header_dos.nasl - Type : ACT_KILL_HOST |
Alert History
Date | Informations |
---|---|
2014-02-17 12:03:45 |
|