Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-914-1)

Ubuntu Security Notice (C) 2010-2013 Canonical, Inc. / NASL script (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Mathias Krause discovered that the Linux kernel did not correctly
handle missing ELF interpreters. A local attacker could exploit this
to cause the system to crash, leading to a denial of service.
(CVE-2010-0307)

Marcelo Tosatti discovered that the Linux kernel's hardware
virtualization did not correctly handle reading the /dev/port special
device. A local attacker in a guest operating system could issue a
specific read that would cause the host system to crash, leading to a
denial of service. (CVE-2010-0309)

Sebastian Krahmer discovered that the Linux kernel did not correctly
handle netlink connector messages. A local attacker could exploit this
to consume kernel memory, leading to a denial of service.
(CVE-2010-0410)

Ramon de Carvalho Valle discovered that the Linux kernel did not
correctly validate certain memory migration calls. A local attacker
could exploit this to read arbitrary kernel memory or cause a system
crash, leading to a denial of service. (CVE-2010-0415)

Jermome Marchand and Mikael Pettersson discovered that the Linux
kernel did not correctly handle certain futex operations. A local
attacker could exploit this to cause a system crash, leading to a
denial of service. (CVE-2010-0622, CVE-2010-0623).

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 45081 ()

Bugtraq ID: 38027
38058
38144
38165

CVE ID: CVE-2010-0307
CVE-2010-0309
CVE-2010-0410
CVE-2010-0415
CVE-2010-0622
CVE-2010-0623