Ubuntu 6.06 LTS / 7.04 / 7.10 : linux-source-2.6.15/20/22 vulnerabilities (USN-618-1)
High Nessus Plugin ID 33255
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionIt was discovered that the ALSA /proc interface did not write the correct number of bytes when reporting memory allocations. A local attacker might be able to access sensitive kernel memory, leading to a loss of privacy. (CVE-2007-4571)
Multiple buffer overflows were discovered in the handling of CIFS filesystems. A malicious CIFS server could cause a client system crash or possibly execute arbitrary code with kernel privileges.
It was discovered that PowerPC kernels did not correctly handle reporting certain system details. By requesting a specific set of information, a local attacker could cause a system crash resulting in a denial of service. (CVE-2007-6694)
It was discovered that some device driver fault handlers did not correctly verify memory ranges. A local attacker could exploit this to access sensitive kernel memory, possibly leading to a loss of privacy.
It was discovered that CPU resource limits could be bypassed. A malicious local user could exploit this to avoid administratively imposed resource limits. (CVE-2008-1294)
A race condition was discovered between dnotify fcntl() and close() in the kernel. If a local attacker performed malicious dnotify requests, they could cause memory consumption leading to a denial of service, or possibly send arbitrary signals to any process. (CVE-2008-1375)
On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. (CVE-2008-1669).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected packages.