Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Ubuntu Local Security Checks >> USN231-1 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities


Vulnerability Assessment Details

USN231-1 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities

Vulnerability Assessment Summary
linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities

Detailed Explanation for this Vulnerability Assessment

Summary :

These remote packages are missing security patches :
- linux-doc-2.6.10
- linux-doc-2.6.12
- linux-doc-2.6.8.1
- linux-headers-2.6.10-6
- linux-headers-2.6.10-6-386
- linux-headers-2.6.10-6-686
- linux-headers-2.6.10-6-686-smp
- linux-headers-2.6.10-6-amd64-generic
- linux-headers-2.6.10-6-amd64-k8
- linux-headers-2.6.10-6-amd64-k8-smp
- linux-headers-2.6.10-6-amd64-xeon
- linux-headers-2.6.10-6-k7
- linux-headers-2.6.10-6-k7-smp
- linux-headers-2.6.10-6-power3
- linux-headers-2.6.10-6-power3
[...]

Description :

Rudolf Polzer reported an abuse of the 'loadkeys' command. By
redefining one or more keys and tricking another user (like root) into
logging in on a text console and typing something that involves the
redefined keys, a local user could cause execution of arbitrary
commands with the rights of the target user. The updated kernel
restricts the usage of 'loadkeys' to root. (CVE-2005-3257)

The ptrace() system call did not correctly check whether a process
tried to attach to itself. A local attacker could exploit this to
cause a kernel crash. (CVE-2005-3783)

A Denial of Service vulnerability was found in the handler that
automatically cleans up and terminates child processes that are not
correctly handled by their parent process ("auto-reaper"). The check
did not correctly handle processes which were currently traced by
another process. A local attacker could exploit this to cause a kernel
crash. (CVE-2005-3784)

A locking problem was discovered in the POSIX timer cleanup handling
on process exit. A loca
[...]

Solution :

Upgrade to :
- linux-doc-2.6.10-2.6.10-34.9 (Ubuntu 5.04)
- linux-doc-2.6.12-2.6.12-10.25 (Ubuntu 5.10)
- linux-doc-2.6.8.1-2.6.8.1-16.26 (Ubuntu 4.10)
- linux-headers-2.6.10-6-2.6.10-34.9 (Ubuntu 5.04)
- linux-headers-2.6.10-6-386-2.6.10-34.9 (Ubuntu 5.04)
- linux-headers-2.6.10-6-686-2.6.10-34.9 (Ubuntu 5.04)
- linux-headers-2.6.10-6-686-smp-2.6.10-34.9 (Ubuntu 5.04)
- linux-headers-2.6.10-6-amd64-generic-2.6.10-34.9 (Ubuntu 5.04)
- linux-headers-2.6.10-6-amd64-k8-2.6.10-34.9 (Ubuntu 5.04)
- linux-heade
[...]


Network Security Threat Level: High


Networks Security ID:

Vulnerability Assessment Copyright: Ubuntu Security Notice (C) 2005 Canonical, Inc. / NASL script (C) 2005 Michel Arboi

Cables, Connectors

HP 450482-001 Compaq 8710P Socket 478 DDR2 SDRAM Laptop Motherboard
$19.99
HP 450482-001 Compaq 8710P Socket 478 DDR2 SDRAM Laptop Motherboard pictureASUS Sony Branded P4SD-VL Socket 478 Micro-ATX Motherboard Intel 865 Chipset
$39.99
ASUS Sony Branded P4SD-VL Socket 478 Micro-ATX Motherboard Intel 865 Chipset pictureGIGABYTE GA-F2A68HM-DS2H Socket FM2+/ AMD A4-5300
$25.99
GIGABYTE GA-F2A68HM-DS2H Socket FM2+/ AMD A4-5300 pictureHP EliteOne 600 G1 AIO Motherboard 752638-001 A2 747665-001 good
$72.0
HP EliteOne 600 G1 AIO Motherboard 752638-001  A2 747665-001 good  picture


Discussions

No Discussions have been posted on this vulnerability.