Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-331-1)

Ubuntu Security Notice (C) 2006-2014 Canonical, Inc. / NASL script (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

A Denial of service vulnerability was reported in iptables' SCTP
conntrack module. On computers which use this iptables module, a
remote attacker could exploit this to trigger a kernel crash.
(CVE-2006-2934)

A buffer overflow has been discovered in the dvd_read_bca() function.
By inserting a specially crafted DVD, USB stick, or similar
automatically mounted removable device, a local user could crash the
machine or potentially even execute arbitrary code with full root
privileges. (CVE-2006-2935)

The ftdi_sio driver for serial USB ports did not limit the amount of
pending data to be written. A local user could exploit this to drain
all available kernel memory and thus render the system unusable.
(CVE-2006-2936)

Additionally, this update fixes a range of bugs.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 27910 ()

Bugtraq ID:

CVE ID: CVE-2006-2934
CVE-2006-2935
CVE-2006-2936