Ubuntu Security Notice (C) 2005-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related
Rudolf Polzer reported an abuse of the 'loadkeys' command. By
redefining one or more keys and tricking another user (like root) into
logging in on a text console and typing something that involves the
redefined keys, a local user could cause execution of arbitrary
commands with the privileges of the target user. The updated kernel
restricts the usage of 'loadkeys' to root. (CVE-2005-3257)
The ptrace() system call did not correctly check whether a process
tried to attach to itself. A local attacker could exploit this to
cause a kernel crash. (CVE-2005-3783)
A Denial of Service vulnerability was found in the handler that
automatically cleans up and terminates child processes that are not
correctly handled by their parent process ('auto-reaper'). The check
did not correctly handle processes which were currently traced by
another process. A local attacker could exploit this to cause a kernel
A locking problem was discovered in the POSIX timer cleanup handling
on process exit. A local attacker could exploit this to cause the
machine to hang (Denial of Service). This flaw only affects
multiprocessor (SMP) systems. (CVE-2005-3805)
A Denial of Service vulnerability was discovered in the IPv6 flowlabel
handling code. By invoking setsockopt(IPV6_FLOWLABEL_MGR) in a special
way, a local attacker could cause memory corruption which eventually
led to a kernel crash. (CVE-2005-3806)
A memory leak was discovered in the VFS lease handling. These
operations are commonly executed by the Samba server, which led to
steady memory exhaustion. By repeatedly triggering the affected
operations in quick succession, a local attacker could exploit this to
drain all memory, which leads to a Denial of Service. (CVE-2005-3807)
An integer overflow was discovered in the
invalidate_inode_pages2_range() function. By issuing 64-bit mmap calls
on a 32 bit system, a local user could exploit this to crash the
machine, thereby causing Denial of Service. This flaw does not affect
the amd64 platform, and does only affect Ubuntu 5.10. (CVE-2005-3808)
Ollie Wild discovered a memory leak in the icmp_push_reply() function.
By sending a large amount of specially crafted packets, a remote
attacker could exploit this to drain all memory, which eventually
leads to a Denial of Service. (CVE-2005-3848)
Chris Wrigth found a Denial of Service vulnerability in the
time_out_leases() function. By allocating a large number of VFS file
lock leases and having them timeout at the same time, a large number
of 'printk' debugging statements was generated at the same time, which
could exhaust kernel memory. (CVE-2005-3857)
Patrick McHardy discovered a memory leak in the ip6_input_finish()
function. A remote attacker could exploit this by sending specially
crafted IPv6 packets, which would eventually drain all available
kernel memory, thus causing a Denial of Service. (CVE-2005-3858).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.8
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 20775 ()
CVE ID: CVE-2005-3257CVE-2005-3783CVE-2005-3784CVE-2005-3805CVE-2005-3806CVE-2005-3807CVE-2005-3808CVE-2005-3848CVE-2005-3857CVE-2005-3858
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.