Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Ubuntu Local Security Checks >> USN110-1 : linux-source-2.6.8.1 vulnerabilities


Vulnerability Assessment Details

USN110-1 : linux-source-2.6.8.1 vulnerabilities

Vulnerability Assessment Summary
linux-source-2.6.8.1 vulnerabilities

Detailed Explanation for this Vulnerability Assessment

Summary :

These remote packages are missing security patches :
- linux-doc-2.6.8.1
- linux-headers-2.6.8.1-5
- linux-headers-2.6.8.1-5-386
- linux-headers-2.6.8.1-5-686
- linux-headers-2.6.8.1-5-686-smp
- linux-headers-2.6.8.1-5-amd64-generic
- linux-headers-2.6.8.1-5-amd64-k8
- linux-headers-2.6.8.1-5-amd64-k8-smp
- linux-headers-2.6.8.1-5-amd64-xeon
- linux-headers-2.6.8.1-5-k7
- linux-headers-2.6.8.1-5-k7-smp
- linux-headers-2.6.8.1-5-power3
- linux-headers-2.6.8.1-5-power3-smp
- linux-headers-2.6.8.
[...]

Description :

Alexander Nyberg discovered an integer overflow in the
sysfs_write_file() function. A local attacker could exploit this to
crash the kernel or possibly even execute arbitrary code with root
rights by writing to an user-writable file in /sys under certain
low-memory conditions. However, there are very few cases where a
user-writeable sysfs file actually exists. (CVE-2005-0867)

Olof Johansson discovered a Denial of Service vulnerability in the
futex functions, which provide semaphores for exclusive locking of
resources. A local attacker could possibly exploit this to cause a
kernel deadlock. (CVE-2005-0937)

In addition this update fixes two race conditions in the ext3 and jfs
file system drivers, which could lead to a kernel crash under certain
(unusual) conditions. However, these cannot easily be triggered by
users, thus they are not security sensitive.
(http://linux.bkbits.net:8080/linux-2.5/gnupatch@4248d87aETPJX79hVXl4owAUwu2SmQ,
http://linux.bkbits.net:8080/linux-2.6/cset@1.2181.46.242)

Solution :

Upgrade to :
- linux-doc-2.6.8.1-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-386-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-686-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-686-smp-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-amd64-generic-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-amd64-k8-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-amd64-k8-smp-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6
[...]


Network Security Threat Level: High


Networks Security ID:

Vulnerability Assessment Copyright: Ubuntu Security Notice (C) 2005 Canonical, Inc. / NASL script (C) 2005 Michel Arboi

Cables, Connectors

Vantec 6-Port SATA II 150 PCI Host Card w/RAID - perfect working condition
$20.0
Vantec 6-Port SATA II 150 PCI Host Card w/RAID - perfect working condition pictureStarTech.com PCISATA4R1 4 Port PCI SATA RAID Controller Adapter Card
$45.0
StarTech.com PCISATA4R1 4 Port PCI SATA RAID Controller Adapter Card pictureWestern Digital My Passport Pro 2TB Thunderbolt Portable RAID Portable Storage
$0.99
Western Digital My Passport Pro 2TB Thunderbolt Portable RAID Portable Storage pictureMicrosoft Windows Server 2016 Essentials Raid 1 Office Home Business 2x2TB G330
$1249.0
Microsoft Windows Server 2016 Essentials Raid 1 Office Home Business 2x2TB  G330 picture


Discussions

No Discussions have been posted on this vulnerability.