Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-578-1)

high Nessus Plugin ID 31093
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

The minix filesystem did not properly validate certain filesystem values. If a local attacker could trick the system into attempting to mount a corrupted minix filesystem, the kernel could be made to hang for long periods of time, resulting in a denial of service.
(CVE-2006-6058)

Alexander Schulze discovered that the skge driver does not properly use the spin_lock and spin_unlock functions. Remote attackers could exploit this by sending a flood of network traffic and cause a denial of service (crash). (CVE-2006-7229)

Hugh Dickins discovered that hugetlbfs performed certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE. A local user could exploit this and cause a denial of service via kernel panic.
(CVE-2007-4133)

Chris Evans discovered an issue with certain drivers that use the ieee80211_rx function. Remote attackers could send a crafted 802.11 frame and cause a denial of service via crash. (CVE-2007-4997)

Alex Smith discovered an issue with the pwc driver for certain webcam devices. A local user with physical access to the system could remove the device while a userspace application had it open and cause the USB subsystem to block. (CVE-2007-5093)

Scott James Remnant discovered a coding error in ptrace. Local users could exploit this and cause the kernel to enter an infinite loop.
(CVE-2007-5500)

Venustech AD-LAB discovered a buffer overflow in the isdn net subsystem. This issue is exploitable by local users via crafted input to the isdn_ioctl function. (CVE-2007-6063)

It was discovered that the isdn subsystem did not properly check for NULL termination when performing ioctl handling. A local user could exploit this to cause a denial of service. (CVE-2007-6151)

Blake Frantz discovered that when a root process overwrote an existing core file, the resulting core file retained the previous core file's ownership. Local users could exploit this to gain access to sensitive information. (CVE-2007-6206)

Hugh Dickins discovered the when using the tmpfs filesystem, under rare circumstances, a kernel page may be improperly cleared. A local user may be able to exploit this and read sensitive kernel data or cause a denial of service via crash. (CVE-2007-6417)

Bill Roman discovered that the VFS subsystem did not properly check access modes. A local user may be able to gain removal privileges on directories. (CVE-2008-0001).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

https://usn.ubuntu.com/578-1/

Plugin Details

Severity: High

ID: 31093

File Name: ubuntu_USN-578-1.nasl

Version: 1.21

Type: local

Agent: unix

Published: 2/14/2008

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server, p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel, p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15, cpe:/o:canonical:ubuntu_linux:6.06:-:lts

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 2/13/2008

Vulnerability Publication Date: 11/21/2006

Reference Information

CVE: CVE-2006-6058, CVE-2006-7229, CVE-2007-4133, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6417, CVE-2008-0001

BID: 26337, 26477, 26605, 26701, 27280, 27497, 27694

USN: 578-1

CWE: 16, 119, 189, 200, 399