Executive Summary

Summary
Title Linux kernel vulnerabilities
Informations
Name USN-82-1 First vendor Publication 2005-02-15
Vendor Ubuntu Last vendor Modification 2005-02-15
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

linux-image-2.6.8.1-5-386 linux-image-2.6.8.1-5-686 linux-image-2.6.8.1-5-686-smp linux-image-2.6.8.1-5-amd64-generic linux-image-2.6.8.1-5-amd64-k8 linux-image-2.6.8.1-5-amd64-k8-smp linux-image-2.6.8.1-5-amd64-xeon linux-image-2.6.8.1-5-k7 linux-image-2.6.8.1-5-k7-smp linux-image-2.6.8.1-5-power3 linux-image-2.6.8.1-5-power3-smp linux-image-2.6.8.1-5-power4 linux-image-2.6.8.1-5-power4-smp linux-image-2.6.8.1-5-powerpc linux-image-2.6.8.1-5-powerpc-smp linux-source-2.6.8.1

The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.11. You need to reboot the computer after doing a standard system upgrade to effect the necessary changes.

ATTENTION: Due to an unavoidable ABI change this kernel got a new version number, which requires to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version.

Details follow:

CAN-2004-0176:

Michael Kerrisk noticed an insufficient permission checking in the
shmctl() function. Any process was permitted to lock/unlock any
System V shared memory segment that fell within the the
RLIMIT_MEMLOCK limit (that is the maximum size of shared memory that
unprivileged users can acquire). This allowed am unprivileged user
process to unlock locked memory of other processes, thereby allowing
them to be swapped out. Usually locked shared memory is used to
store passphrases and other sensitive content which must not be
written to the swap space (where it could be read out even after a
reboot).

CAN-2005-0177:

OGAWA Hirofumi noticed that the table sizes in nls_ascii.c were
incorrectly set to 128 instead of 256. This caused a buffer overflow
in some cases which could be exploited to crash the kernel.

CAN-2005-0178:

A race condition was found in the terminal handling of the
"setsid()" function, which is used to start new process sessions.

http://oss.sgi.com/archives/netdev/2005-01/msg01036.html:

David Coulson noticed a design flaw in the netfilter/iptables module.
By sending specially crafted packets, a remote attacker could exploit
this to crash the kernel or to bypass firewall rules.

Fixing this vulnerability required a change in the Application
Binary Interface (ABI) of the kernel. This means that third party
user installed modules might not work any more with the new kernel,
so this fixed kernel has a new ABI version number. You have to
recompile and reinstall all third party modules.

Original Source

Url : http://www.ubuntu.com/usn/USN-82-1

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
50 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10187
 
Oval ID: oval:org.mitre.oval:def:10187
Title: Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.
Description: Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0176
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10298
 
Oval ID: oval:org.mitre.oval:def:10298
Title: nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow.
Description: nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0177
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10647
 
Oval ID: oval:org.mitre.oval:def:10647
Title: Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.
Description: Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0178
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10753
 
Oval ID: oval:org.mitre.oval:def:10753
Title: The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function.
Description: The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0449
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1225
 
Oval ID: oval:org.mitre.oval:def:1225
Title: Linux Kernel shmctl() Memory Swap Vulnerability
Description: The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0176
 Version: 1
Platform(s): Red Hat Enterprise Linux 3
 Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8778
 
Oval ID: oval:org.mitre.oval:def:8778
Title: The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.
Description: The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.
Family: unix Class: vulnerability
Reference(s): CVE-2005-0176
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:878
 
Oval ID: oval:org.mitre.oval:def:878
Title: Multiple BO Vulnerabilities in Red Hat Ethereal
Description: Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0176
 Version: 2
Platform(s): Red Hat Linux 9
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:887
 
Oval ID: oval:org.mitre.oval:def:887
Title: Multiple BO Vulnerabilities in Red Hat Enterprise 3 Ethereal
Description: Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0176
 Version: 2
Platform(s): Red Hat Enterprise Linux 3
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 24
Application 2
Application 5
Os 275

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5011171.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200403-07 (ethereal)
File : nvt/glsa_200403_07.nasl
2008-09-04 Name : FreeBSD Ports: ethereal, tethereal
File : nvt/freebsd_ethereal2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1017-1 (kernel-source-2.6.8)
File : nvt/deb_1017_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1018-1 (kernel-source-2.4.27)
File : nvt/deb_1018_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1018-2 (kernel-source-2.4.27)
File : nvt/deb_1018_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 511-1 (ethereal)
File : nvt/deb_511_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
13850 Linux IPTables/Netfilter Module Crafted Packet Bypass
13849 Linux Kernel setsid() Function Race Condition
13848 Linux Kernel nls_ascii.c Table Size Local Overflow DoS
13847 Linux Kernel shmctl() Function Arbitrary Locked Memory Access
6898 Ethereal UCP Dissector Handle Time-Field Overflow

A remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Time field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.
6897 Ethereal UCP Dissector Handle Int-Field Overflow

A remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Integer field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.
6896 Ethereal UCP Dissector Handle String-Field Overflow

A remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of a UCP Packet string resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.
6895 Ethereal TCAP Dissector TID Overflow

A remote overflow exists in Ethereal. The TCAP Dissector fails to check the bounds of the ASN.1 encoded Transaction ID resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary coderesulting in a loss of integrity.
6894 Ethereal ISUP Dissector INTERWORKING FUNCTION ADDRESS Overflow

A remote overflow exists in Ethereal. The ISUP Dissector fails to check the bounds of the IWFA resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.
6893 Ethereal BGP Dissector MPLS Label Overflow

A remote overflow exists in Ethereal. The BGP Dissector fails to check the bounds of the IPv6 label resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, exploitation would be extremely difficult.
6892 Ethereal IRDA Dissector Plugin IRCOM_PORT_NAME Overflow

A remote overflow exists in Ethereal. The IRDA Dissector Plugin fails to check the bounds of the "IRCOM_PORT_NAME" variable resulting in an overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, exploitation would be extremely difficult.
6891 Ethereal PGM Dissector NakList Overflow

A remote overflow exists in Ethereal. The PGM Dissector fails to check the bounds of the Naklist resulting in a integer underflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, code execution would be extremely difficult.
6890 Ethereal EIGRP Protocol TLV_IP_EXT Long IP Address Overflow

A remote overflow exists in Ethereal. The EIGRP Dissector fails to check the bounds of the "TLV_IP_EXT" variable resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.
6889 Ethereal EIGRP Protocol TLV_IP_INT Long IP Address Overflow

A remote overflow exists in Ethereal. The EIGRP Dissector fails to check the bounds of the "TLV_IP_INT" variable resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.
6888 Ethereal IGAP Protocol Dissector Message Overflow

A remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the "message" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.
6887 Ethereal IGAP Protocol Dissector Account Overflow

A remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the "accountname" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.
4490 Ethereal NetFlow v9 Dissector Template Caching Overflow

A remote overflow exists in Ethereal. The NetFlow v9 Dissector fails to check the bounds of the template_entry variable resulting in a caching overflow. With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2014-01-10 Ethereal EIGRP prefix length overflow attempt
RuleID : 2464-community - Revision : 10 - Type : SERVER-OTHER
2014-01-10 Ethereal EIGRP prefix length overflow attempt
RuleID : 2464 - Revision : 10 - Type : SERVER-OTHER
2014-01-10 Ethereal IGMP IGAP message overflow attempt
RuleID : 2463-community - Revision : 10 - Type : SERVER-OTHER
2014-01-10 Ethereal IGMP IGAP message overflow attempt
RuleID : 2463 - Revision : 10 - Type : SERVER-OTHER
2014-01-10 Ethereal IGMP IGAP account overflow attempt
RuleID : 2462-community - Revision : 10 - Type : SERVER-OTHER
2014-01-10 Ethereal IGMP IGAP account overflow attempt
RuleID : 2462 - Revision : 10 - Type : SERVER-OTHER
2014-01-10 Ethereal IGAP Dissector Buffer Overflow attempt
RuleID : 20747 - Revision : 5 - Type : SERVER-OTHER
2014-01-10 Ethereal IGAP Dissector Buffer Overflow attempt
RuleID : 20746 - Revision : 5 - Type : SERVER-OTHER
2014-01-10 Ethereal Netflow dissector buffer overflow attempt
RuleID : 20745 - Revision : 3 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2009-04-23 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_cdf18ed97f4a11d896450020ed76ef5a.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1017.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1018.nasl - Type : ACT_GATHER_INFO
2006-07-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-366.nasl - Type : ACT_GATHER_INFO
2006-07-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-293.nasl - Type : ACT_GATHER_INFO
2006-07-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2005-472.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-82-1.nasl - Type : ACT_GATHER_INFO
2005-09-12 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-313.nasl - Type : ACT_GATHER_INFO
2005-07-01 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-110.nasl - Type : ACT_GATHER_INFO
2005-05-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-472.nasl - Type : ACT_GATHER_INFO
2005-05-19 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-262.nasl - Type : ACT_GATHER_INFO
2005-04-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-283.nasl - Type : ACT_GATHER_INFO
2005-04-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-293.nasl - Type : ACT_GATHER_INFO
2005-04-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-366.nasl - Type : ACT_GATHER_INFO
2005-03-25 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2005_018.nasl - Type : ACT_GATHER_INFO
2005-02-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-092.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-511.nasl - Type : ACT_GATHER_INFO
2004-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200403-07.nasl - Type : ACT_GATHER_INFO
2004-07-31 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2004-024.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-136.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 12:06:12
  • Multiple Updates
2013-05-11 12:26:20
  • Multiple Updates