Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : linux, linux-source-2.6.15 vulnerabilities (USN-852-1)

Ubuntu Security Notice (C) 2009-2013 Canonical, Inc. / NASL script (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Solar Designer discovered that the z90crypt driver did not correctly
check capabilities. A local attacker could exploit this to shut down
the device, leading to a denial of service. Only affected Ubuntu 6.06.
(CVE-2009-1883)

Michael Buesch discovered that the SGI GRU driver did not correctly
check the length when setting options. A local attacker could exploit
this to write to the kernel stack, leading to root privilege
escalation or a denial of service. Only affected Ubuntu 8.10 and 9.04.
(CVE-2009-2584)

It was discovered that SELinux did not fully implement the
mmap_min_addr restrictions. A local attacker could exploit this to
allocate the NULL memory page which could lead to further attacks
against kernel NULL-dereference vulnerabilities. Ubuntu 6.06 was not
affected. (CVE-2009-2695)

Cagri Coltekin discovered that the UDP stack did not correctly handle
certain flags. A local user could send specially crafted commands and
traffic to gain root privileges or crash the systeam, leading to a
denial of service. Only affected Ubuntu 6.06. (CVE-2009-2698)

Hiroshi Shimamoto discovered that monotonic timers did not correctly
validate parameters. A local user could make a specially crafted timer
request to gain root privileges or crash the system, leading to a
denial of service. Only affected Ubuntu 9.04. (CVE-2009-2767)

Michael Buesch discovered that the HPPA ISA EEPROM driver did not
correctly validate positions. A local user could make a specially
crafted request to gain root privileges or crash the system, leading
to a denial of service. (CVE-2009-2846)

Ulrich Drepper discovered that kernel signal stacks were not being
correctly padded on 64-bit systems. A local attacker could send
specially crafted calls to expose 4 bytes of kernel stack memory,
leading to a loss of privacy. (CVE-2009-2847)

Jens Rosenboom discovered that the clone method did not correctly
clear certain fields. A local attacker could exploit this to gain
privileges or crash the system, leading to a denial of service.
(CVE-2009-2848)

It was discovered that the MD driver did not check certain sysfs
files. A local attacker with write access to /sys could exploit this
to cause a system crash, leading to a denial of service. Ubuntu 6.06
was not affected. (CVE-2009-2849)

Mark Smith discovered that the AppleTalk stack did not correctly
manage memory. A remote attacker could send specially crafted traffic
to cause the system to consume all available memory, leading to a
denial of service. (CVE-2009-2903)

Loïc Minier discovered that eCryptfs did not correctly handle writing
to certain deleted files. A local attacker could exploit this to gain
root privileges or crash the system, leading to a denial of service.
Ubuntu 6.06 was not affected. (CVE-2009-2908)

It was discovered that the LLC, AppleTalk, IR, EConet, Netrom, and
ROSE network stacks did not correctly initialize their data
structures. A local attacker could make specially crafted calls to
read kernel memory, leading to a loss of privacy. (CVE-2009-3001,
CVE-2009-3002)

It was discovered that the randomization used for Address Space Layout
Randomization was predictable within a small window of time. A local
attacker could exploit this to leverage further attacks that require
knowledge of userspace memory layouts. (CVE-2009-3238)

Eric Paris discovered that NFSv4 did not correctly handle file
creation failures. An attacker with write access to an NFSv4 share
could exploit this to create files with arbitrary mode bits, leading
to privilege escalation or a loss of privacy. (CVE-2009-3286)

Bob Tracy discovered that the SCSI generic driver did not correctly
use the right index for array access. A local attacker with write
access to a CDR could exploit this to crash the system, leading to a
denial of service. Only Ubuntu 9.04 was affected. (CVE-2009-3288)

Jan Kiszka discovered that KVM did not correctly validate certain
hypercalls. A local unprivileged attacker in a virtual guest could
exploit this to crash the guest kernel, leading to a denial of
service. Ubuntu 6.06 was not affected. (CVE-2009-3290).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true