Ubuntu 4.10 / 5.04 / 5.10 : linux-source-220.127.116.11/-2.6.10/-2.6.12 vulnerabilities (USN-244-1)
High Nessus Plugin ID 20791
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionDoug Chapman discovered a flaw in the reference counting in the sys_mq_open() function. By calling this function in a special way, a local attacker could exploit this to cause a kernel crash.
Karl Janmar discovered that the /proc file system module used signed data types in a wrong way. A local attacker could exploit this to read random kernel memory, which could possibly contain sensitive data like passwords or private keys. (CVE-2005-4605)
Yi Yang discovered an off-by-one buffer overflow in the sysctl() system call. By calling sysctl with a specially crafted long string, a local attacker could exploit this to crash the kernel or possibly even execute arbitrary code with full kernel privileges. (CVE-2005-4618)
Perceval Anichini found a buffer overflow in the TwinHan DST Frontend/Card DVB driver. A local user could exploit this to crash the kernel or possibly execute arbitrary code with full kernel privileges.
This only affects Ubuntu 5.10. (CVE-2005-4639)
Stefan Rompf discovered that the dm-crypt module did not clear memory structures before releasing the memory allocation of it. This could lead to the disclosure of encryption keys. (CVE-2006-0095)
The SDLA WAN driver did not restrict firmware upgrades to processes that have the CAP_SYS_RAWIO kernel capability, it just required the CAP_NET_ADMIN privilege. This could allow processes with the latter privilege to update the SDLA firmware. Please note that this does not affect a standard Ubuntu installation, and this cannot be exploited by a normal (unprivileged) user. At most, this flaw might be relevant for installations that use a fine-grained capability granting system like RSBAC, cap_over, or grsecurity. This only affects Ubuntu 4.10.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected packages.