Ubuntu 4.10 : linux-source-126.96.36.199 vulnerabilities (USN-95-1)
High Nessus Plugin ID 20721
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionA remote Denial of Service vulnerability was discovered in the Netfilter IP packet handler. This allowed a remote attacker to crash the machine by sending specially crafted IP packet fragments.
The Netfilter code also contained a memory leak. Certain locally generated packet fragments are reassembled twice, which caused a double allocation of a data structure. This could be locally exploited to crash the machine due to kernel memory exhaustion. (CAN-2005-0210)
Ben Martel and Stephen Blackheath found a remote Denial of Service vulnerability in the PPP driver. This allowed a malicious pppd client to crash the server machine. (CAN-2005-0384)
Georgi Guninski discovered a buffer overflow in the ATM driver. The atm_get_addr() function does not validate its arguments sufficiently, which could allow a local attacker to overwrite large portions of kernel memory by supplying a negative length argument. This could eventually lead to arbitrary code execution. (CAN-2005-0531)
Georgi Guninski also discovered three other integer comparison problems in the TTY layer, in the /proc interface and the ReiserFS driver. However, the previous Ubuntu security update (kernel version 188.8.131.52-16.11) already contained a patch which checks the arguments to these functions at a higher level and thus prevents these flaws from being exploited. (CAN-2005-0529, CAN-2005-0530, CAN-2005-0532)
Georgi Guninski discovered an integer overflow in the sys_epoll_wait() function which allowed local users to overwrite the first few kB of physical memory. However, very few applications actually use this space (dosemu is a notable exception), but potentially this could lead to privilege escalation. (CAN-2005-0736)
Eric Anholt discovered a race condition in the Radeon DRI driver. In some cases this allowed a local user with DRI privileges on a Radeon card to execute arbitrary code with root privileges.
Finally this update fixes a regression in the NFS server driver which was introduced in the previous security update (kernel version 184.108.40.206-16.11). We apologize for the inconvenience.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected packages.