Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-864-1)

Ubuntu Security Notice (C) 2009-2016 Canonical, Inc. / NASL script (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

It was discovered that the AX.25 network subsystem did not correctly
check integer signedness in certain setsockopt calls. A local attacker
could exploit this to crash the system, leading to a denial of
service. Ubuntu 9.10 was not affected. (CVE-2009-2909)

Jan Beulich discovered that the kernel could leak register contents to
32-bit processes that were switched to 64-bit mode. A local attacker
could run a specially crafted binary to read register values from an
earlier process, leading to a loss of privacy. (CVE-2009-2910)

Dave Jones discovered that the gdth SCSI driver did not correctly
validate array indexes in certain ioctl calls. A local attacker could
exploit this to crash the system or gain elevated privileges.
(CVE-2009-3080)

Eric Dumazet and Jiri Pirko discovered that the TC and CLS subsystems
would leak kernel memory via uninitialized structure members. A local
attacker could exploit this to read several bytes of kernel memory,
leading to a loss of privacy. (CVE-2009-3228, CVE-2009-3612)

Earl Chew discovered race conditions in pipe handling. A local
attacker could exploit anonymous pipes via /proc/*/fd/ and crash the
system or gain root privileges. (CVE-2009-3547)

Dave Jones and Francois Romieu discovered that the r8169 network
driver could be made to leak kernel memory. A remote attacker could
send a large number of jumbo frames until the system memory was
exhausted, leading to a denial of service. Ubuntu 9.10 was not
affected. (CVE-2009-3613).

Ben Hutchings discovered that the ATI Rage 128 video driver did not
correctly validate initialization states. A local attacker could make
specially crafted ioctl calls to crash the system or gain root
privileges. (CVE-2009-3620)

Tomoki Sekiyama discovered that Unix sockets did not correctly verify
namespaces. A local attacker could exploit this to cause a system
hang, leading to a denial of service. (CVE-2009-3621)

J. Bruce Fields discovered that NFSv4 did not correctly use the
credential cache. A local attacker using a mount with AUTH_NULL
authentication could exploit this to crash the system or gain root
privileges. Only Ubuntu 9.10 was affected. (CVE-2009-3623)

Alexander Zangerl discovered that the kernel keyring did not correctly
reference count. A local attacker could issue a series of specially
crafted keyring calls to crash the system or gain root privileges.
Only Ubuntu 9.10 was affected. (CVE-2009-3624)

David Wagner discovered that KVM did not correctly bounds-check CPUID
entries. A local attacker could exploit this to crash the system or
possibly gain elevated privileges. Ubuntu 6.06 and 9.10 were not
affected. (CVE-2009-3638)

Avi Kivity discovered that KVM did not correctly check privileges when
accessing debug registers. A local attacker could exploit this to
crash a host system from within a guest system, leading to a denial of
service. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3722)

Philip Reisner discovered that the connector layer for uvesafb,
pohmelfs, dst, and dm did not correctly check capabilties. A local
attacker could exploit this to crash the system or gain elevated
privileges. Ubuntu 6.06 was not affected. (CVE-2009-3725)

Trond Myklebust discovered that NFSv4 clients did not robustly verify
attributes. A malicious remote NFSv4 server could exploit this to
crash a client or gain root privileges. Ubuntu 9.10 was not affected.
(CVE-2009-3726)

Robin Getz discovered that NOMMU systems did not correctly validate
NULL pointers in do_mmap_pgoff calls. A local attacker could attempt
to allocate large amounts of memory to crash the system, leading to a
denial of service. Only Ubuntu 6.06 and 9.10 were affected.
(CVE-2009-3888)

Joseph Malicki discovered that the MegaRAID SAS driver had
world-writable option files. A local attacker could exploit these to
disrupt the behavior of the controller, leading to a denial of
service. (CVE-2009-3889, CVE-2009-3939)

Roel Kluin discovered that the Hisax ISDN driver did not correctly
check the size of packets. A remote attacker could send specially
crafted packets to cause a system crash, leading to a denial of
service. (CVE-2009-4005)

Lennert Buytenhek discovered that certain 802.11 states were not
handled correctly. A physically-proximate remote attacker could send
specially crafted wireless traffic that would crash the system,
leading to a denial of service. Only Ubuntu 9.10 was affected.
(CVE-2009-4026, CVE-2009-4027).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.1
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial