Ubuntu Security Notice (C) 2008-2013 Canonical, Inc. / NASL script (C) 2008-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that the ALSA /proc interface did not write the
correct number of bytes when reporting memory allocations. A local
attacker might be able to access sensitive kernel memory, leading to a
loss of privacy. (CVE-2007-4571)
Multiple buffer overflows were discovered in the handling of CIFS
filesystems. A malicious CIFS server could cause a client system crash
or possibly execute arbitrary code with kernel privileges.
It was discovered that PowerPC kernels did not correctly handle
reporting certain system details. By requesting a specific set of
information, a local attacker could cause a system crash resulting in
a denial of service. (CVE-2007-6694)
It was discovered that some device driver fault handlers did not
correctly verify memory ranges. A local attacker could exploit this to
access sensitive kernel memory, possibly leading to a loss of privacy.
It was discovered that CPU resource limits could be bypassed. A
malicious local user could exploit this to avoid administratively
imposed resource limits. (CVE-2008-1294)
A race condition was discovered between dnotify fcntl() and close() in
the kernel. If a local attacker performed malicious dnotify requests,
they could cause memory consumption leading to a denial of service, or
possibly send arbitrary signals to any process. (CVE-2008-1375)
On SMP systems, a race condition existed in fcntl(). Local attackers
could perform malicious locks, causing system crashes and leading to a
denial of service. (CVE-2008-1669).
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.8