Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : linux, linux-source-2.6.15 vulnerabilities (USN-793-1)

Ubuntu Security Notice (C) 2009-2016 Canonical, Inc. / NASL script (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Igor Zhbanov discovered that NFS clients were able to create device
nodes even when root_squash was enabled. An authenticated remote
attacker could create device nodes with open permissions, leading to a
loss of privacy or escalation of privileges. Only Ubuntu 8.10 and 9.04
were affected. (CVE-2009-1072)

Dan Carpenter discovered that SELinux did not correctly handle certain
network checks when running with compat_net=1. A local attacker could
exploit this to bypass network checks. Default Ubuntu installations do
not enable SELinux, and only Ubuntu 8.10 and 9.04 were affected.
(CVE-2009-1184)

Shaohua Li discovered that memory was not correctly initialized in the
AGP subsystem. A local attacker could potentially read kernel memory,
leading to a loss of privacy. (CVE-2009-1192)

Benjamin Gilbert discovered that the VMX implementation of KVM did not
correctly handle certain registers. An attacker in a guest VM could
exploit this to cause a host system crash, leading to a denial of
service. This only affected 32bit hosts. Ubuntu 6.06 was not affected.
(CVE-2009-1242)

Thomas Pollet discovered that the Amateur Radio X.25 Packet Layer
Protocol did not correctly validate certain fields. A remote attacker
could exploit this to read kernel memory, leading to a loss of
privacy. (CVE-2009-1265)

Trond Myklebust discovered that NFS did not correctly handle certain
long filenames. An authenticated remote attacker could exploit this to
cause a system crash, leading to a denial of service. Only Ubuntu 6.06
was affected. (CVE-2009-1336)

Oleg Nesterov discovered that the kernel did not correctly handle
CAP_KILL. A local user could exploit this to send signals to arbitrary
processes, leading to a denial of service. (CVE-2009-1337)

Daniel Hokka Zakrisson discovered that signal handling was not
correctly limited to process namespaces. A local user could bypass
namespace restrictions, possibly leading to a denial of service. Only
Ubuntu 8.04 was affected. (CVE-2009-1338)

Pavel Emelyanov discovered that network namespace support for IPv6 was
not correctly handled. A remote attacker could send specially crafted
IPv6 traffic that would cause a system crash, leading to a denial of
service. Only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1360)

Neil Horman discovered that the e1000 network driver did not correctly
validate certain fields. A remote attacker could send a specially
crafted packet that would cause a system crash, leading to a denial of
service. (CVE-2009-1385)

Pavan Naregundi discovered that CIFS did not correctly check lengths
when handling certain mount requests. A remote attacker could send
specially crafted traffic to cause a system crash, leading to a denial
of service. (CVE-2009-1439)

Simon Vallet and Frank Filz discovered that execute permissions were
not correctly handled by NFSv4. A local user could bypass permissions
and run restricted programs, possibly leading to an escalation of
privileges. (CVE-2009-1630)

Jeff Layton and Suresh Jayaraman discovered buffer overflows in the
CIFS client code. A malicious remote server could exploit this to
cause a system crash or execute arbitrary code as root.
(CVE-2009-1633)

Mikulas Patocka discovered that /proc/iomem was not correctly
initialized on Sparc. A local attacker could use this file to crash
the system, leading to a denial of service. Ubuntu 6.06 was not
affected. (CVE-2009-1914)

Miklos Szeredi discovered that OCFS2 did not correctly handle certain
splice operations. A local attacker could exploit this to cause a
system hang, leading to a denial of service. Ubuntu 6.06 was not
affected. (CVE-2009-1961).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial