Executive Summary

Summary
Title Linux kernel vulnerabilities
Informations
Name USN-395-1 First vendor Publication 2006-12-13
Vendor Ubuntu Last vendor Modification 2006-12-13
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
linux-image-2.6.12-10-386 2.6.12-10.42
linux-image-2.6.12-10-686 2.6.12-10.42
linux-image-2.6.12-10-686-smp 2.6.12-10.42
linux-image-2.6.12-10-amd64-generic 2.6.12-10.42
linux-image-2.6.12-10-amd64-k8 2.6.12-10.42
linux-image-2.6.12-10-amd64-k8-smp 2.6.12-10.42
linux-image-2.6.12-10-amd64-xeon 2.6.12-10.42
linux-image-2.6.12-10-k7 2.6.12-10.42
linux-image-2.6.12-10-k7-smp 2.6.12-10.42
linux-image-2.6.12-10-powerpc 2.6.12-10.42
linux-image-2.6.12-10-powerpc-smp 2.6.12-10.42
linux-image-2.6.12-10-powerpc64-smp 2.6.12-10.42
linux-image-2.6.12-10-sparc64 2.6.12-10.42
linux-image-2.6.12-10-sparc64-smp 2.6.12-10.42
linux-patch-ubuntu-2.6.12 2.6.12-10.42

Ubuntu 6.06 LTS:
linux-image-2.6.15-27-386 2.6.15-27.50
linux-image-2.6.15-27-686 2.6.15-27.50
linux-image-2.6.15-27-amd64-generic 2.6.15-27.50
linux-image-2.6.15-27-amd64-k8 2.6.15-27.50
linux-image-2.6.15-27-amd64-server 2.6.15-27.50
linux-image-2.6.15-27-amd64-xeon 2.6.15-27.50
linux-image-2.6.15-27-k7 2.6.15-27.50
linux-image-2.6.15-27-powerpc 2.6.15-27.50
linux-image-2.6.15-27-powerpc-smp 2.6.15-27.50
linux-image-2.6.15-27-powerpc64-smp 2.6.15-27.50
linux-image-2.6.15-27-server 2.6.15-27.50
linux-image-2.6.15-27-server-bigiron 2.6.15-27.50
linux-image-2.6.15-27-sparc64 2.6.15-27.50
linux-image-2.6.15-27-sparc64-smp 2.6.15-27.50
linux-source-2.6.15 2.6.15-27.50

Ubuntu 6.10:
linux-image-2.6.17-10-386 2.6.17.1-10.34
linux-image-2.6.17-10-generic 2.6.17.1-10.34
linux-image-2.6.17-10-powerpc 2.6.17.1-10.34
linux-image-2.6.17-10-powerpc-smp 2.6.17.1-10.34
linux-image-2.6.17-10-powerpc64-smp 2.6.17.1-10.34
linux-image-2.6.17-10-server 2.6.17.1-10.34
linux-image-2.6.17-10-server-bigiron 2.6.17.1-10.34
linux-image-2.6.17-10-sparc64 2.6.17.1-10.34
linux-image-2.6.17-10-sparc64-smp 2.6.17.1-10.34

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Details follow:

Mark Dowd discovered that the netfilter iptables module did not correcly handle fragmented packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules. This has only be fixed for Ubuntu 6.10; the corresponding fix for Ubuntu 5.10 and 6.06 will follow soon. (CVE-2006-4572)

Dmitriy Monakhov discovered an information leak in the __block_prepare_write() function. During error recovery, this function did not properly clear memory buffers which could allow local users to read portions of unlinked files. This only affects Ubuntu 5.10. (CVE-2006-4813)

ADLab Venustech Info Ltd discovered that the ATM network driver referenced an already released pointer in some circumstances. By sending specially crafted packets to a host over ATM, a remote attacker could exploit this to crash that host. This does not affect Ubuntu 6.10. (CVE-2006-4997)

Matthias Andree discovered that the NFS locking management daemon (lockd) did not correctly handle mixing of 'lock' and 'nolock' option mounts on the same client. A remote attacker could exploit this to crash lockd and thus rendering the NFS imports inaccessible. This only affects Ubuntu 5.10. (CVE-2006-5158)

The task switching code did not save and restore EFLAGS of processes. By starting a specially crafted executable, a local attacker could exploit this to eventually crash many other running processes. This does not affect Ubuntu 6.10. (CVE-2006-5173)

James Morris discovered that the ip6fl_get_n() function incorrectly handled flow labels. A local attacker could exploit this to crash the kernel. (CVE-2006-5619)

Fabio Massimo Di Nitto discovered that the sys_get_robust_list and sys_set_robust_list system calls lacked proper lock handling on the powerpc platform. A local attacker could exploit this to create unkillable processes, drain all available CPU/memory, and render the machine unrebootable. This only affects Ubuntu 6.10. (CVE-2006-5648)

Fabio Massimo Di Nitto discovered a flaw in the alignment check exception handling on the powerpc platform. A local attacker could exploit this to cause a kernel panic and crash the machine. (CVE-2006-5649)

Certain corrupted squashfs file system images caused a memory allocation to be freed twice. By mounting a specially crafted squashfs file system, a local attacker could exploit this to crash the kernel. This does not affect Ubuntu 5.10. (CVE-2006-5701)

An integer overflow was found in the get_fdb_entries() function of the network bridging code. By executing a specially crafted ioctl, a local attacker could exploit this to execute arbitrary code with root privileges. (CVE-2006-5751)

Original Source

Url : http://www.ubuntu.com/usn/USN-395-1

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-399 Resource Management Errors
50 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10128
 
Oval ID: oval:org.mitre.oval:def:10128
Title: The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.
Description: The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.
Family: unix Class: vulnerability
Reference(s): CVE-2006-5158
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10151
 
Oval ID: oval:org.mitre.oval:def:10151
Title: Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.
Description: Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.
Family: unix Class: vulnerability
Reference(s): CVE-2006-5751
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10388
 
Oval ID: oval:org.mitre.oval:def:10388
Title: The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).
Description: The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).
Family: unix Class: vulnerability
Reference(s): CVE-2006-4997
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11701
 
Oval ID: oval:org.mitre.oval:def:11701
Title: The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked.
Description: The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked.
Family: unix Class: vulnerability
Reference(s): CVE-2006-4813
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9311
 
Oval ID: oval:org.mitre.oval:def:9311
Title: The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels.
Description: The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels.
Family: unix Class: vulnerability
Reference(s): CVE-2006-5619
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 805
Os 1
Os 3

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5012650.nasl
2009-04-09 Name : Mandriva Update for kernel MDKSA-2007:002 (kernel)
File : nvt/gb_mandriva_MDKSA_2007_002.nasl
2009-04-09 Name : Mandriva Update for kernel MDKSA-2007:012 (kernel)
File : nvt/gb_mandriva_MDKSA_2007_012.nasl
2009-04-09 Name : Mandriva Update for kernel MDKSA-2007:047 (kernel)
File : nvt/gb_mandriva_MDKSA_2007_047.nasl
2009-03-23 Name : Ubuntu Update for linux-source-2.6.12/2.6.15/2.6.17 vulnerabilities USN-416-1
File : nvt/gb_ubuntu_USN_416_1.nasl
2009-01-28 Name : SuSE Update for kernel SUSE-SA:2007:021
File : nvt/gb_suse_2007_021.nasl
2008-01-17 Name : Debian Security Advisory DSA 1233-1 (kernel-source-2.6.8)
File : nvt/deb_1233_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1237-1 (kernel-source-2.4.27)
File : nvt/deb_1237_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
31465 Linux kernel EFLAGS Restore Alignment Check DoS

31376 Linux Kernel fs/buffer.c __block_prepare_write Function Unlinked File Discl...

31373 Linux PowerPC kernel Alignment Check Exception Handling DoS

31372 Linux PowerPC kernel sys_get_robust_list/sys_set_robust_list DoS

30923 Linux NFS lockd nlmclnt_mark_reclaim Function DoS

30725 Linux Kernel get_fdb_entries() Local Overflow

30192 Linux Kernel squashfs Crafted Filesystem Mount Local DoS

30066 Linux Kernel netfilter Fragmented IPv6 Packet Filtering Bypass

30002 Linux Kernel ip6_flowlabel.c ip6fl_get_n Function IPv6 Flow Label Handling DoS

29539 Linux Kernel clip_mkip() Function Unspecified Remote DoS

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0488.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0014.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2006-0710.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2006-0617.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070625_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-debug-2393.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0014.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-bigsmp-2399.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-416-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-395-1.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-2705.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-2397.nasl - Type : ACT_GATHER_INFO
2007-06-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0488.nasl - Type : ACT_GATHER_INFO
2007-06-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0488.nasl - Type : ACT_GATHER_INFO
2007-02-22 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-047.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-002.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-197.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-012.nasl - Type : ACT_GATHER_INFO
2007-02-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0014.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0013.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-1470.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-1471.nasl - Type : ACT_GATHER_INFO
2006-12-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1237.nasl - Type : ACT_GATHER_INFO
2006-12-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1233.nasl - Type : ACT_GATHER_INFO
2006-10-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO
2006-10-20 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0710.nasl - Type : ACT_GATHER_INFO
2006-10-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0689.nasl - Type : ACT_GATHER_INFO
2006-10-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0689.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:04:01
  • Multiple Updates