Ubuntu 4.10 / 5.04 / 5.10 : linux-source- vulnerabilities (USN-244-1)

Ubuntu Security Notice (C) 2006-2015 Canonical, Inc. / NASL script (C) 2006-2015 Tenable Network Security, Inc.

Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Doug Chapman discovered a flaw in the reference counting in the
sys_mq_open() function. By calling this function in a special way, a
local attacker could exploit this to cause a kernel crash.

Karl Janmar discovered that the /proc file system module used signed
data types in a wrong way. A local attacker could exploit this to read
random kernel memory, which could possibly contain sensitive data like
passwords or private keys. (CVE-2005-4605)

Yi Yang discovered an off-by-one buffer overflow in the sysctl()
system call. By calling sysctl with a specially crafted long string, a
local attacker could exploit this to crash the kernel or possibly even
execute arbitrary code with full kernel privileges. (CVE-2005-4618)

Perceval Anichini found a buffer overflow in the TwinHan DST
Frontend/Card DVB driver. A local user could exploit this to crash the
kernel or possibly execute arbitrary code with full kernel privileges.
This only affects Ubuntu 5.10. (CVE-2005-4639)

Stefan Rompf discovered that the dm-crypt module did not clear memory
structures before releasing the memory allocation of it. This could
lead to the disclosure of encryption keys. (CVE-2006-0095)

The SDLA WAN driver did not restrict firmware upgrades to processes
that have the CAP_SYS_RAWIO kernel capability, it just required the
CAP_NET_ADMIN privilege. This could allow processes with the latter
privilege to update the SDLA firmware. Please note that this does not
affect a standard Ubuntu installation, and this cannot be exploited by
a normal (unprivileged) user. At most, this flaw might be relevant for
installations that use a fine-grained capability granting system like
RSBAC, cap_over, or grsecurity. This only affects Ubuntu 4.10.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20791 ()

Bugtraq ID:

CVE ID: CVE-2005-3356