Ubuntu 8.04 LTS : linux vulnerabilities (USN-1170-1)

high Nessus Plugin ID 55607
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4076, CVE-2010-4077)

It was discovered that Xen did not correctly handle certain block requests. A local attacker in a Xen guest could cause the Xen host to use all available CPU resources, leading to a denial of service.
(CVE-2010-4247)

It was discovered that the ICMP stack did not correctly handle certain unreachable messages. If a remote attacker were able to acquire a socket lock, they could send specially crafted traffic that would crash the system, leading to a denial of service. (CVE-2010-4526)

Kees Cook reported that /proc/pid/stat did not correctly filter certain memory locations. A local attacker could determine the memory layout of processes in an attempt to increase the chances of a successful memory corruption exploit. (CVE-2011-0726)

Timo Warns discovered that OSF partition parsing routines did not correctly clear memory. A local attacker with physical access could plug in a specially crafted block device to read kernel memory, leading to a loss of privacy. (CVE-2011-1163)

Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577)

Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-1745, CVE-2011-2022)

Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service. (CVE-2011-1746).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

https://usn.ubuntu.com/1170-1/

Plugin Details

Severity: High

ID: 55607

File Name: ubuntu_USN-1170-1.nasl

Version: 1.13

Type: local

Agent: unix

Published: 7/18/2011

Updated: 9/19/2019

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.6

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen, cpe:/o:canonical:ubuntu_linux:8.04:-:lts

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/15/2011

Vulnerability Publication Date: 11/29/2010

Reference Information

CVE: CVE-2010-4076, CVE-2010-4077, CVE-2010-4247, CVE-2010-4526, CVE-2011-0726, CVE-2011-1163, CVE-2011-1577, CVE-2011-1745, CVE-2011-1746, CVE-2011-1747, CVE-2011-2022

BID: 45029, 45059, 45661, 46878, 47343, 47534, 47535, 47791, 47832, 47843

USN: 1170-1