Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Ubuntu Local Security Checks >> USN110-1 : linux-source-2.6.8.1 vulnerabilities


Vulnerability Assessment Details

USN110-1 : linux-source-2.6.8.1 vulnerabilities

Vulnerability Assessment Summary
linux-source-2.6.8.1 vulnerabilities

Detailed Explanation for this Vulnerability Assessment

Summary :

These remote packages are missing security patches :
- linux-doc-2.6.8.1
- linux-headers-2.6.8.1-5
- linux-headers-2.6.8.1-5-386
- linux-headers-2.6.8.1-5-686
- linux-headers-2.6.8.1-5-686-smp
- linux-headers-2.6.8.1-5-amd64-generic
- linux-headers-2.6.8.1-5-amd64-k8
- linux-headers-2.6.8.1-5-amd64-k8-smp
- linux-headers-2.6.8.1-5-amd64-xeon
- linux-headers-2.6.8.1-5-k7
- linux-headers-2.6.8.1-5-k7-smp
- linux-headers-2.6.8.1-5-power3
- linux-headers-2.6.8.1-5-power3-smp
- linux-headers-2.6.8.
[...]

Description :

Alexander Nyberg discovered an integer overflow in the
sysfs_write_file() function. A local attacker could exploit this to
crash the kernel or possibly even execute arbitrary code with root
rights by writing to an user-writable file in /sys under certain
low-memory conditions. However, there are very few cases where a
user-writeable sysfs file actually exists. (CVE-2005-0867)

Olof Johansson discovered a Denial of Service vulnerability in the
futex functions, which provide semaphores for exclusive locking of
resources. A local attacker could possibly exploit this to cause a
kernel deadlock. (CVE-2005-0937)

In addition this update fixes two race conditions in the ext3 and jfs
file system drivers, which could lead to a kernel crash under certain
(unusual) conditions. However, these cannot easily be triggered by
users, thus they are not security sensitive.
(http://linux.bkbits.net:8080/linux-2.5/gnupatch@4248d87aETPJX79hVXl4owAUwu2SmQ,
http://linux.bkbits.net:8080/linux-2.6/cset@1.2181.46.242)

Solution :

Upgrade to :
- linux-doc-2.6.8.1-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-386-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-686-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-686-smp-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-amd64-generic-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-amd64-k8-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-amd64-k8-smp-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6
[...]


Network Security Threat Level: High


Networks Security ID:

Vulnerability Assessment Copyright: Ubuntu Security Notice (C) 2005 Canonical, Inc. / NASL script (C) 2005 Michel Arboi

Cables, Connectors

8GB Certified for DELL Memory RAM DDR3L SODIMM PC3L-12800 SNPN2M64C/8G A7022339
$30.66
8GB Certified for DELL Memory RAM DDR3L SODIMM PC3L-12800 SNPN2M64C/8G A7022339 pictureDell Laptop Memory 128 X 2 DDR , 266mhz for 2650
$0.99
Dell Laptop Memory 128 X 2 DDR , 266mhz for 2650 picture(Lot of 16) Micron 2GB PC2-5300S 667MHz DDR2 SODIMM Laptop Memory RAM - R6891
$81.95
(Lot of 16) Micron 2GB PC2-5300S 667MHz DDR2 SODIMM Laptop Memory RAM - R6891 picture8GB (4x2GB) Samsung M378T5663RZ3-CF7 DDR2 PC2-6400U 800MHz Desktop Memory TESTED
$14.0
8GB (4x2GB) Samsung M378T5663RZ3-CF7 DDR2 PC2-6400U 800MHz Desktop Memory TESTED picture


Discussions

No Discussions have been posted on this vulnerability.