Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Ubuntu Local Security Checks >> USN231-1 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities


Vulnerability Assessment Details

USN231-1 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities

Vulnerability Assessment Summary
linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities

Detailed Explanation for this Vulnerability Assessment

Summary :

These remote packages are missing security patches :
- linux-doc-2.6.10
- linux-doc-2.6.12
- linux-doc-2.6.8.1
- linux-headers-2.6.10-6
- linux-headers-2.6.10-6-386
- linux-headers-2.6.10-6-686
- linux-headers-2.6.10-6-686-smp
- linux-headers-2.6.10-6-amd64-generic
- linux-headers-2.6.10-6-amd64-k8
- linux-headers-2.6.10-6-amd64-k8-smp
- linux-headers-2.6.10-6-amd64-xeon
- linux-headers-2.6.10-6-k7
- linux-headers-2.6.10-6-k7-smp
- linux-headers-2.6.10-6-power3
- linux-headers-2.6.10-6-power3
[...]

Description :

Rudolf Polzer reported an abuse of the 'loadkeys' command. By
redefining one or more keys and tricking another user (like root) into
logging in on a text console and typing something that involves the
redefined keys, a local user could cause execution of arbitrary
commands with the rights of the target user. The updated kernel
restricts the usage of 'loadkeys' to root. (CVE-2005-3257)

The ptrace() system call did not correctly check whether a process
tried to attach to itself. A local attacker could exploit this to
cause a kernel crash. (CVE-2005-3783)

A Denial of Service vulnerability was found in the handler that
automatically cleans up and terminates child processes that are not
correctly handled by their parent process ("auto-reaper"). The check
did not correctly handle processes which were currently traced by
another process. A local attacker could exploit this to cause a kernel
crash. (CVE-2005-3784)

A locking problem was discovered in the POSIX timer cleanup handling
on process exit. A loca
[...]

Solution :

Upgrade to :
- linux-doc-2.6.10-2.6.10-34.9 (Ubuntu 5.04)
- linux-doc-2.6.12-2.6.12-10.25 (Ubuntu 5.10)
- linux-doc-2.6.8.1-2.6.8.1-16.26 (Ubuntu 4.10)
- linux-headers-2.6.10-6-2.6.10-34.9 (Ubuntu 5.04)
- linux-headers-2.6.10-6-386-2.6.10-34.9 (Ubuntu 5.04)
- linux-headers-2.6.10-6-686-2.6.10-34.9 (Ubuntu 5.04)
- linux-headers-2.6.10-6-686-smp-2.6.10-34.9 (Ubuntu 5.04)
- linux-headers-2.6.10-6-amd64-generic-2.6.10-34.9 (Ubuntu 5.04)
- linux-headers-2.6.10-6-amd64-k8-2.6.10-34.9 (Ubuntu 5.04)
- linux-heade
[...]


Network Security Threat Level: High


Networks Security ID:

Vulnerability Assessment Copyright: Ubuntu Security Notice (C) 2005 Canonical, Inc. / NASL script (C) 2005 Michel Arboi

Cables, Connectors

I/O Crest 4 Port SATA III PCI-e 2.0 x1 Controller Card Marvell 9215 Non-Raid ...
$28.13
I/O Crest 4 Port SATA III PCI-e 2.0 x1 Controller Card Marvell 9215 Non-Raid ... pictureAMCC 9650SE-12/16ML PCI-E 16 SATA II Port RAID Controller
$67.9
AMCC 9650SE-12/16ML PCI-E 16 SATA II Port RAID Controller pictureHynix 256MB RAID RAM PC2-3200R HYS72T32000HR-5-A
$7.9
Hynix 256MB RAID RAM PC2-3200R   HYS72T32000HR-5-A picture✔️ TESTED HP COMPAQ LC2 PCI SCSI 68 RAID Controller 192127-001 HD68 Ultra2 ML350
$25.0
✔️ TESTED HP COMPAQ LC2 PCI SCSI 68 RAID Controller 192127-001 HD68 Ultra2 ML350 picture


Discussions

No Discussions have been posted on this vulnerability.