Executive Summary

Summary
Title Linux kernel vulnerabilities
Informations
Name USN-60-0 First vendor Publication 2005-01-14
Vendor Ubuntu Last vendor Modification 2005-01-14
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-4-386 linux-image-2.6.8.1-4-686 linux-image-2.6.8.1-4-686-smp linux-image-2.6.8.1-4-amd64-generic linux-image-2.6.8.1-4-amd64-k8 linux-image-2.6.8.1-4-amd64-k8-smp linux-image-2.6.8.1-4-amd64-xeon linux-image-2.6.8.1-4-k7 linux-image-2.6.8.1-4-k7-smp linux-image-2.6.8.1-4-power3 linux-image-2.6.8.1-4-power3-smp linux-image-2.6.8.1-4-power4 linux-image-2.6.8.1-4-power4-smp linux-image-2.6.8.1-4-powerpc linux-image-2.6.8.1-4-powerpc-smp linux-patch-debian-2.6.8.1

The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.10. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

CAN-2005-0001:

Paul Starzetz discovered a race condition in the Linux page fault
handler code. This allowed an unprivileged user to gain root
privileges on multiprocessor machines under some circumstances.
This also affects the Hyper-Threading mode on Pentium 4 processors.

http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html:

Brad Spengler discovered that some device drivers used
copy_from_user() (a function to copy data from userspace tools into
kernel memory) with insufficient input validation. This potentially
allowed users and/or malicious hardware to overwrite kernel memory
which could result in a crash (Denial of Service) or even root
privilege escalation.

Additionally, this update corrects the SMB file system driver. USN-30-1 fixed some vulnerabilities in this driver (see CAN-2004-0883, CAN-2004-0949). However, it was found that these new validation checks were too strict, which cause some valid operations to fail.

Original Source

Url : http://www.ubuntu.com/usn/USN-60-0

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10322
 
Oval ID: oval:org.mitre.oval:def:10322
Title: Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
Description: Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0001
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10330
 
Oval ID: oval:org.mitre.oval:def:10330
Title: Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.
Description: Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0883
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10360
 
Oval ID: oval:org.mitre.oval:def:10360
Title: The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.
Description: The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0949
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 99
Os 14
Os 2
Os 2
Os 2
Os 9
Os 5
Os 2

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5010817.nasl
2008-01-17 Name : Debian Security Advisory DSA 1067-1 (kernel 2.4.16)
File : nvt/deb_1067_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-...
File : nvt/deb_1070_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1082-1 (kernel-2.4.17)
File : nvt/deb_1082_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
12914 Linux Kernel Multiprocessor Page Fault Handler Race Condition

Linux Kernel contains a flaw that may allow a malicious user to execute arbitrary code with root privileges on multi-processor systems. The issue is caused by the page fault handler and is triggered when two threads, which share the same virtual memory space, request a stack expansion simultaneously. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
11985 Linux Kernel smb Filesystem smb_receive_trans2 Arbitrary Memory Disclosure

11984 Linux Kernel smb Filesystem smb_proc_readX_data DoS

11983 Linux Kernel smb Filesystem smb_receive_trans2 Overflow

11982 Linux Kernel smb Filesystem smb_proc_readX Arbitrary Memory Disclosure

11981 Linux Kernel smb Filesystem smb_proc_read(X) Overflow

Snort® IPS/IDS

Date Description
2014-01-10 SMB client TRANS response ring0 remote code execution attempt
RuleID : 16531 - Revision : 11 - Type : NETBIOS

Nessus® Vulnerability Scanner

Date Description
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1067.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1069.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1070.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1082.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-30-1.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-60-0.nasl - Type : ACT_GATHER_INFO
2005-02-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-092.nasl - Type : ACT_GATHER_INFO
2005-02-03 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2005_003.nasl - Type : ACT_GATHER_INFO
2005-01-26 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-022.nasl - Type : ACT_GATHER_INFO
2005-01-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-016.nasl - Type : ACT_GATHER_INFO
2005-01-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-043.nasl - Type : ACT_GATHER_INFO
2005-01-14 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-025.nasl - Type : ACT_GATHER_INFO
2005-01-14 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-026.nasl - Type : ACT_GATHER_INFO
2004-12-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-505.nasl - Type : ACT_GATHER_INFO
2004-12-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-537.nasl - Type : ACT_GATHER_INFO
2004-12-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-549.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:05:02
  • Multiple Updates