Executive Summary
Summary | |
---|---|
Title | Linux kernel vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-82-1 | First vendor Publication | 2005-02-15 |
Vendor | Ubuntu | Last vendor Modification | 2005-02-15 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: linux-image-2.6.8.1-5-386 linux-image-2.6.8.1-5-686 linux-image-2.6.8.1-5-686-smp linux-image-2.6.8.1-5-amd64-generic linux-image-2.6.8.1-5-amd64-k8 linux-image-2.6.8.1-5-amd64-k8-smp linux-image-2.6.8.1-5-amd64-xeon linux-image-2.6.8.1-5-k7 linux-image-2.6.8.1-5-k7-smp linux-image-2.6.8.1-5-power3 linux-image-2.6.8.1-5-power3-smp linux-image-2.6.8.1-5-power4 linux-image-2.6.8.1-5-power4-smp linux-image-2.6.8.1-5-powerpc linux-image-2.6.8.1-5-powerpc-smp linux-source-2.6.8.1 The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.11. You need to reboot the computer after doing a standard system upgrade to effect the necessary changes. ATTENTION: Due to an unavoidable ABI change this kernel got a new version number, which requires to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Details follow: CAN-2004-0176: Michael Kerrisk noticed an insufficient permission checking in the CAN-2005-0177: OGAWA Hirofumi noticed that the table sizes in nls_ascii.c were CAN-2005-0178: A race condition was found in the terminal handling of the http://oss.sgi.com/archives/netdev/2005-01/msg01036.html: David Coulson noticed a design flaw in the netfilter/iptables module. Fixing this vulnerability required a change in the Application |
Original Source
Url : http://www.ubuntu.com/usn/USN-82-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10187 | |||
Oval ID: | oval:org.mitre.oval:def:10187 | ||
Title: | Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors. | ||
Description: | Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0176 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:10298 | |||
Oval ID: | oval:org.mitre.oval:def:10298 | ||
Title: | nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow. | ||
Description: | nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0177 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10647 | |||
Oval ID: | oval:org.mitre.oval:def:10647 | ||
Title: | Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores. | ||
Description: | Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0178 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10753 | |||
Oval ID: | oval:org.mitre.oval:def:10753 | ||
Title: | The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function. | ||
Description: | The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0449 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1225 | |||
Oval ID: | oval:org.mitre.oval:def:1225 | ||
Title: | Linux Kernel shmctl() Memory Swap Vulnerability | ||
Description: | The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0176 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | Linux kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8778 | |||
Oval ID: | oval:org.mitre.oval:def:8778 | ||
Title: | The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released. | ||
Description: | The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0176 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:878 | |||
Oval ID: | oval:org.mitre.oval:def:878 | ||
Title: | Multiple BO Vulnerabilities in Red Hat Ethereal | ||
Description: | Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0176 | Version: | 2 |
Platform(s): | Red Hat Linux 9 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:887 | |||
Oval ID: | oval:org.mitre.oval:def:887 | ||
Title: | Multiple BO Vulnerabilities in Red Hat Enterprise 3 Ethereal | ||
Description: | Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0176 | Version: | 2 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5011171.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200403-07 (ethereal) File : nvt/glsa_200403_07.nasl |
2008-09-04 | Name : FreeBSD Ports: ethereal, tethereal File : nvt/freebsd_ethereal2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1017-1 (kernel-source-2.6.8) File : nvt/deb_1017_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1018-1 (kernel-source-2.4.27) File : nvt/deb_1018_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1018-2 (kernel-source-2.4.27) File : nvt/deb_1018_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 511-1 (ethereal) File : nvt/deb_511_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
13850 | Linux IPTables/Netfilter Module Crafted Packet Bypass |
13849 | Linux Kernel setsid() Function Race Condition |
13848 | Linux Kernel nls_ascii.c Table Size Local Overflow DoS |
13847 | Linux Kernel shmctl() Function Arbitrary Locked Memory Access |
6898 | Ethereal UCP Dissector Handle Time-Field Overflow A remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Time field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable. |
6897 | Ethereal UCP Dissector Handle Int-Field Overflow A remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Integer field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable. |
6896 | Ethereal UCP Dissector Handle String-Field Overflow A remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of a UCP Packet string resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable. |
6895 | Ethereal TCAP Dissector TID Overflow A remote overflow exists in Ethereal. The TCAP Dissector fails to check the bounds of the ASN.1 encoded Transaction ID resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary coderesulting in a loss of integrity. |
6894 | Ethereal ISUP Dissector INTERWORKING FUNCTION ADDRESS Overflow A remote overflow exists in Ethereal. The ISUP Dissector fails to check the bounds of the IWFA resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. |
6893 | Ethereal BGP Dissector MPLS Label Overflow A remote overflow exists in Ethereal. The BGP Dissector fails to check the bounds of the IPv6 label resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, exploitation would be extremely difficult. |
6892 | Ethereal IRDA Dissector Plugin IRCOM_PORT_NAME Overflow A remote overflow exists in Ethereal. The IRDA Dissector Plugin fails to check the bounds of the "IRCOM_PORT_NAME" variable resulting in an overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, exploitation would be extremely difficult. |
6891 | Ethereal PGM Dissector NakList Overflow A remote overflow exists in Ethereal. The PGM Dissector fails to check the bounds of the Naklist resulting in a integer underflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, code execution would be extremely difficult. |
6890 | Ethereal EIGRP Protocol TLV_IP_EXT Long IP Address Overflow A remote overflow exists in Ethereal. The EIGRP Dissector fails to check the bounds of the "TLV_IP_EXT" variable resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. |
6889 | Ethereal EIGRP Protocol TLV_IP_INT Long IP Address Overflow A remote overflow exists in Ethereal. The EIGRP Dissector fails to check the bounds of the "TLV_IP_INT" variable resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. |
6888 | Ethereal IGAP Protocol Dissector Message Overflow A remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the "message" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. |
6887 | Ethereal IGAP Protocol Dissector Account Overflow A remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the "accountname" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. |
4490 | Ethereal NetFlow v9 Dissector Template Caching Overflow A remote overflow exists in Ethereal. The NetFlow v9 Dissector fails to check the bounds of the template_entry variable resulting in a caching overflow. With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Ethereal EIGRP prefix length overflow attempt RuleID : 2464-community - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | Ethereal EIGRP prefix length overflow attempt RuleID : 2464 - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | Ethereal IGMP IGAP message overflow attempt RuleID : 2463-community - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | Ethereal IGMP IGAP message overflow attempt RuleID : 2463 - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | Ethereal IGMP IGAP account overflow attempt RuleID : 2462-community - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | Ethereal IGMP IGAP account overflow attempt RuleID : 2462 - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | Ethereal IGAP Dissector Buffer Overflow attempt RuleID : 20747 - Revision : 5 - Type : SERVER-OTHER |
2014-01-10 | Ethereal IGAP Dissector Buffer Overflow attempt RuleID : 20746 - Revision : 5 - Type : SERVER-OTHER |
2014-01-10 | Ethereal Netflow dissector buffer overflow attempt RuleID : 20745 - Revision : 3 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_cdf18ed97f4a11d896450020ed76ef5a.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1017.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1018.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-366.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-293.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-472.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-82-1.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-313.nasl - Type : ACT_GATHER_INFO |
2005-07-01 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-110.nasl - Type : ACT_GATHER_INFO |
2005-05-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-472.nasl - Type : ACT_GATHER_INFO |
2005-05-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-262.nasl - Type : ACT_GATHER_INFO |
2005-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-283.nasl - Type : ACT_GATHER_INFO |
2005-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-293.nasl - Type : ACT_GATHER_INFO |
2005-04-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-366.nasl - Type : ACT_GATHER_INFO |
2005-03-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_018.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-092.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-511.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200403-07.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2004-024.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-136.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:12 |
|
2013-05-11 12:26:20 |
|