Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-508-1)

Ubuntu Security Notice (C) 2007-2013 Canonical, Inc. / NASL script (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

A buffer overflow was discovered in the Moxa serial driver. Local
attackers could execute arbitrary code and gain root privileges.
(CVE-2005-0504)

A flaw was discovered in the IPv6 stack's handling of type 0 route
headers. By sending a specially crafted IPv6 packet, a remote attacker
could cause a denial of service between two IPv6 hosts.
(CVE-2007-2242)

A flaw in the sysfs_readdir function allowed a local user to cause a
denial of service by dereferencing a NULL pointer. (CVE-2007-3104)

A buffer overflow was discovered in the random number generator. In
environments with granular assignment of root privileges, a local
attacker could gain additional privileges. (CVE-2007-3105)

It was discovered that certain setuid-root processes did not correctly
reset process death signal handlers. A local user could manipulate
this to send signals to processes they would not normally have access
to. (CVE-2007-3848)

It was discovered that the aacraid SCSI driver did not correctly check
permissions on certain ioctls. A local attacker could cause a denial
of service or gain privileges. (CVE-2007-4308).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 28112 ()

Bugtraq ID:

CVE ID: CVE-2005-0504
CVE-2007-2242
CVE-2007-3104
CVE-2007-3105
CVE-2007-3848
CVE-2007-4308