Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-38-1)

Ubuntu Security Notice (C) 2004-2014 Canonical, Inc. / NASL script (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

CAN-2004-0814 :

Vitaly V. Bursov discovered a Denial of Service vulnerability in the
'serio' code
opening the same tty device twice and doing some
particular operations on it caused a kernel panic and/or a system
lockup.

Fixing this vulnerability required a change in the
Application Binary Interface (ABI) of the kernel. This means
that third-party user installed modules might not work any
more with the new kernel, so this fixed kernel got a new ABI
version number. You have to recompile and reinstall all
third-party modules.

CAN-2004-1016 :

Paul Starzetz discovered a buffer overflow vulnerability in the
'__scm_send' function which handles the sending of UDP network
packets. A wrong validity check of the cmsghdr structure allowed a
local attacker to modify kernel memory, thus causing an endless loop
(Denial of Service) or possibly even root privilege escalation.

CAN-2004-1056 :

Thomas Hellstr�iscovered a Denial of Service vulnerability in the
Direct Rendering Manager (DRM) drivers. Due to an insufficient DMA
lock checking, any authorized client could send arbitrary values to
the video card, which could cause an X server crash or modification of
the video output.

CAN-2004-1058 :

Rob Landley discovered a race condition in the handling of
/proc/.../cmdline. Under very rare circumstances an user could read
the environment variables of another process that was still spawning.
Environment variables are often used to pass passwords and other
private information to other processes.

CAN-2004-1068 :

A race condition was discovered in the handling of AF_UNIX network
packets. This reportedly allowed local users to modify arbitrary
kernel memory, facilitating privilege escalation, or possibly allowing
code execution in the context of the kernel.

CAN-2004-1069 :

Ross Kendall Axe discovered a possible kernel panic (causing a Denial
of Service) while sending AF_UNIX network packages if the kernel
options CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX are
enabled. This is not the case in the kernel packages shipped in Warty
Warthog
however, if you recompiled the kernel using SELinux, you are
affected by this flaw.

CAN-2004-1137 :

Paul Starzetz discovered several flaws in the IGMP handling code. This
allowed users to provoke a Denial of Service, read kernel memory, and
execute arbitrary code with root privileges. This flaw is also
exploitable remotely if an application has bound a multicast socket.

CAN-2004-1151 :

Jeremy Fitzhardinge discovered two buffer overflows in the
sys32_ni_syscall() and sys32_vm86_warning() functions. This could
possibly be exploited to overwrite kernel memory with
attacker-supplied code and cause root privilege escalation.

This vulnerability only affects the amd64 architecture.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20654 ()

Bugtraq ID:

CVE ID: CVE-2004-0814
CVE-2004-1016
CVE-2004-1056
CVE-2004-1058
CVE-2004-1068
CVE-2004-1069
CVE-2004-1137
CVE-2004-1151