Ubuntu 6.06 LTS / 7.04 / 7.10 : linux-source-2.6.15/20/22 vulnerabilities (USN-618-1)

high Nessus Plugin ID 33255
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 8.4

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

It was discovered that the ALSA /proc interface did not write the correct number of bytes when reporting memory allocations. A local attacker might be able to access sensitive kernel memory, leading to a loss of privacy. (CVE-2007-4571)

Multiple buffer overflows were discovered in the handling of CIFS filesystems. A malicious CIFS server could cause a client system crash or possibly execute arbitrary code with kernel privileges.
(CVE-2007-5904)

It was discovered that PowerPC kernels did not correctly handle reporting certain system details. By requesting a specific set of information, a local attacker could cause a system crash resulting in a denial of service. (CVE-2007-6694)

It was discovered that some device driver fault handlers did not correctly verify memory ranges. A local attacker could exploit this to access sensitive kernel memory, possibly leading to a loss of privacy.
(CVE-2008-0007)

It was discovered that CPU resource limits could be bypassed. A malicious local user could exploit this to avoid administratively imposed resource limits. (CVE-2008-1294)

A race condition was discovered between dnotify fcntl() and close() in the kernel. If a local attacker performed malicious dnotify requests, they could cause memory consumption leading to a denial of service, or possibly send arbitrary signals to any process. (CVE-2008-1375)

On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. (CVE-2008-1669).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

https://usn.ubuntu.com/618-1/

Plugin Details

Severity: High

ID: 33255

File Name: ubuntu_USN-618-1.nasl

Version: 1.20

Type: local

Agent: unix

Published: 6/24/2008

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

Risk Factor: High

VPR Score: 8.4

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.1

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-52, p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.20-17, p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.22-15, p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source, p-cpe:/a:canonical:ubuntu_linux:fglrx-control, p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source, p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-386, p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-686, p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-amd64-server, p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-generic, p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-rt, p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-server, p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-ume, p-cpe:/a:canonical:ubuntu_linux:linux-backports-modules-2.6-xen, p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15, p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.20, p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.22, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-rt, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-ume, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-xen, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-cell, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ume, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen, p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-386, p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-server, p-cpe:/a:canonical:ubuntu_linux:linux-image-debug-2.6-virtual, p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel, p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-generic, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-rt, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-xen, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common, p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15, p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.20, p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.22, p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-386, p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-generic, p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-rt, p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-server, p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-ume, p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-virtual, p-cpe:/a:canonical:ubuntu_linux:linux-ubuntu-modules-2.6-xen, p-cpe:/a:canonical:ubuntu_linux:nvidia-glx, p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev, p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy, p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev, p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new, p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-new-dev, p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source, p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source, p-cpe:/a:canonical:ubuntu_linux:nvidia-new-kernel-source, p-cpe:/a:canonical:ubuntu_linux:vmware-player-kernel-modules-2.6.20-17, p-cpe:/a:canonical:ubuntu_linux:vmware-server-kernel-modules-2.6.20-17, p-cpe:/a:canonical:ubuntu_linux:vmware-tools-kernel-modules-2.6.20-17, p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx, p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev, cpe:/o:canonical:ubuntu_linux:6.06:-:lts, cpe:/o:canonical:ubuntu_linux:7.04, cpe:/o:canonical:ubuntu_linux:7.10

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/19/2008

Vulnerability Publication Date: 9/26/2007

Reference Information

CVE: CVE-2007-4571, CVE-2007-5904, CVE-2007-6694, CVE-2008-0007, CVE-2008-1294, CVE-2008-1375, CVE-2008-1669

BID: 25807, 26438, 27686, 29003, 29076

USN: 618-1

CWE: 20, 94, 119, 362, 399