Ubuntu Security Notice (C) 2006-2014 Canonical, Inc. / NASL script (C) 2007-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
A Denial of service vulnerability was reported in iptables' SCTP
conntrack module. On computers which use this iptables module, a
remote attacker could exploit this to trigger a kernel crash.
A buffer overflow has been discovered in the dvd_read_bca() function.
By inserting a specially crafted DVD, USB stick, or similar
automatically mounted removable device, a local user could crash the
machine or potentially even execute arbitrary code with full root
The ftdi_sio driver for serial USB ports did not limit the amount of
pending data to be written. A local user could exploit this to drain
all available kernel memory and thus render the system unusable.
James McKenzie discovered a Denial of Service vulnerability in the NFS
driver. When exporting an ext3 file system over NFS, a remote attacker
could exploit this to trigger a file system panic by sending a
specially crafted UDP packet. (CVE-2006-3468)
Wei Wang of McAfee Avert Labs discovered a buffer overflow in the
sctp_make_abort_user() function of iptables' SCTP module. On computers
which use this module, a local attacker could exploit this to execute
arbitrary code with root privileges. (CVE-2006-3745)
Olof Johansson discovered that the kernel did not disable the 'HID0'
bit on PowerPC 970 processors so that the ATTN instruction was
enabled. A local user could exploit this to crash the kernel. This
flaw only affects the powerpc architecture. (CVE-2006-4093)
The UDF file system does not handle extends larger than 1 GB, but did
not check for this restriction on truncating files. A local user could
exploit this to crash the kernel. (CVE-2006-4145).
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.8