Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Ubuntu Local Security Checks >> USN110-1 : linux-source-2.6.8.1 vulnerabilities


Vulnerability Assessment Details

USN110-1 : linux-source-2.6.8.1 vulnerabilities

Vulnerability Assessment Summary
linux-source-2.6.8.1 vulnerabilities

Detailed Explanation for this Vulnerability Assessment

Summary :

These remote packages are missing security patches :
- linux-doc-2.6.8.1
- linux-headers-2.6.8.1-5
- linux-headers-2.6.8.1-5-386
- linux-headers-2.6.8.1-5-686
- linux-headers-2.6.8.1-5-686-smp
- linux-headers-2.6.8.1-5-amd64-generic
- linux-headers-2.6.8.1-5-amd64-k8
- linux-headers-2.6.8.1-5-amd64-k8-smp
- linux-headers-2.6.8.1-5-amd64-xeon
- linux-headers-2.6.8.1-5-k7
- linux-headers-2.6.8.1-5-k7-smp
- linux-headers-2.6.8.1-5-power3
- linux-headers-2.6.8.1-5-power3-smp
- linux-headers-2.6.8.
[...]

Description :

Alexander Nyberg discovered an integer overflow in the
sysfs_write_file() function. A local attacker could exploit this to
crash the kernel or possibly even execute arbitrary code with root
rights by writing to an user-writable file in /sys under certain
low-memory conditions. However, there are very few cases where a
user-writeable sysfs file actually exists. (CVE-2005-0867)

Olof Johansson discovered a Denial of Service vulnerability in the
futex functions, which provide semaphores for exclusive locking of
resources. A local attacker could possibly exploit this to cause a
kernel deadlock. (CVE-2005-0937)

In addition this update fixes two race conditions in the ext3 and jfs
file system drivers, which could lead to a kernel crash under certain
(unusual) conditions. However, these cannot easily be triggered by
users, thus they are not security sensitive.
(http://linux.bkbits.net:8080/linux-2.5/gnupatch@4248d87aETPJX79hVXl4owAUwu2SmQ,
http://linux.bkbits.net:8080/linux-2.6/cset@1.2181.46.242)

Solution :

Upgrade to :
- linux-doc-2.6.8.1-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-386-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-686-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-686-smp-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-amd64-generic-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-amd64-k8-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6.8.1-5-amd64-k8-smp-2.6.8.1-16.14 (Ubuntu 4.10)
- linux-headers-2.6
[...]


Network Security Threat Level: High


Networks Security ID:

Vulnerability Assessment Copyright: Ubuntu Security Notice (C) 2005 Canonical, Inc. / NASL script (C) 2005 Michel Arboi

Cables, Connectors

1pcs USB 2.0 unique iron man model 16G Enough Memory Stick Flash pen Drive #03
$0.01
1pcs USB 2.0 unique iron man model 16G Enough Memory Stick Flash pen Drive #03 pictureBRAND NEW SEALED Infinitive USB Flash Drive 16GB For PC And Mac
$9.06
BRAND NEW SEALED Infinitive USB Flash Drive 16GB For PC And Mac  pictureSanDisk SDCZ880-256G-G46 Extreme PRO 256GB USB 3.1 Solid State Flash Drive
$133.95
SanDisk SDCZ880-256G-G46 Extreme PRO 256GB USB 3.1 Solid State Flash Drive  pictureKingston DataTraveler 50 16GB USB Flash Drive
$4.0
Kingston DataTraveler 50 16GB USB Flash Drive picture


Discussions

No Discussions have been posted on this vulnerability.