Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Ubuntu Local Security Checks >> USN110-1 : linux-source-2.6.8.1 vulnerabilities


Vulnerability Assessment Details

USN110-1 : linux-source-2.6.8.1 vulnerabilities

Vulnerability Assessment Summary
linux-source-2.6.8.1 vulnerabilities

Detailed Explanation for this Vulnerability Assessment

Summary :

These remote packages are missing security patches :
- linux-doc-2.6.8.1
- linux-headers-2.6.8.1-5
- linux-headers-2.6.8.1-5-386
- linux-headers-2.6.8.1-5-686
- linux-headers-2.6.8.1-5-686-smp
- linux-headers-2.6.8.1-5-amd64-generic
- linux-headers-2.6.8.1-5-amd64-k8
- linux-headers-2.6.8.1-5-amd64-k8-smp
- linux-headers-2.6.8.1-5-amd64-xeon
- linux-headers-2.6.8.1-5-k7
- linux-headers-2.6.8.1-5-k7-smp
- linux-headers-2.6.8.1-5-power3
- linux-headers-2.6.8.1-5-power3-smp
- linux-headers-2.6.8.
[...]

Description :

Alexander Nyberg discovered an integer overflow in the
sysfs_write_file() function. A local attacker could exploit this to
crash the kernel or possibly even execute arbitrary code with root
rights by writing to an user-writable file in /sys under certain
low-memory conditions. However, there are very few cases where a
user-writeable sysfs file actually exists. (CVE-2005-0867)

Olof Johansson discovered a Denial of Service vulnerability in the
futex functions, which provide semaphores for exclusive locking of
resources. A local attacker could possibly exploit this to cause a
kernel deadlock. (CVE-2005-0937)

In addition this update fixes two race conditions in the ext3 and jfs
file system drivers, which could lead to a kernel crash under certain
(unusual) conditions. However, these cannot easily be triggered by
users, thus they are not security sensitive.
(http://linux.bkbits.net:8080/linux-2.5/gnupatch@4248d87aETPJX79hVXl4owAUwu2SmQ,
http://linux.bkbits.net:8080/linux-2.6/cset@1.2181.46.242)

Solution :

Upgrade to :
- linux-doc-2.6.8.1-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-386-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-686-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-686-smp-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-amd64-generic-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-amd64-k8-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-amd64-k8-smp-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6
[...]


Network Security Threat Level: High


Networks Security ID:

Vulnerability Assessment Copyright: Ubuntu Security Notice (C) 2005 Canonical, Inc. / NASL script (C) 2005 Michel Arboi

Cables, Connectors

Ericsson MC-16 rare touchscreen windows CE handheld computer working plus gift
$79.99
Ericsson MC-16 rare touchscreen windows CE handheld computer working plus gift pictureVintage Apple 2C IIC Computer A2S4000 With Power Supply Extras TESTED WORKS
$249.99
Vintage Apple 2C IIC Computer A2S4000 With Power Supply Extras TESTED WORKS pictureDCA MacIRMA SE/30 PDS Interface Card to IBM 3270 Mainframe
$75.0
DCA MacIRMA SE/30 PDS Interface Card to IBM 3270 Mainframe pictureVintage Keypunch Cards - Unused, box of 2000
$20.0
Vintage Keypunch Cards - Unused, box of 2000 picture


Discussions

No Discussions have been posted on this vulnerability.