Eng

Services

Security Assessment

Website Security Audit

Network Penetration Testing

Solutions

DataCenter GreenZone

Web Application Security

Vulnerability Assessment

Intrusion Protection System

News and Events

Search: Advanced search

server monitoring

USN103-1 : linux-source-2.6.8.1 vulnerabilities

Article ID: 20489

Last updated: 27 Jan, 2009

Print

Email to friend

Views: 337

Posted: 22 Jan, 2009
by: Tech Pubs S.

Updated: 27 Jan, 2009
by: Tech Pubs S.

USN103-1 : linux-source-2.6.8.1 vulnerabilities

Ubuntu Security Notice (C) 2005 Canonical, Inc. / NASL script (C) 2005 Tenable Network Security, Inc.


Family	Ubuntu Local Security Checks
Plugin ID	20489
Bugtraq ID
CVE ID	CVE-2005-0400 CVE-2005-0749 CVE-2005-0750 CVE-2005-0815 CVE-2005-0839

Description:
Synopsis : These remote packages are missing security patches : - linux-doc-2.6.8.1 - linux-headers-2.6.8.1-5 - linux-headers-2.6.8.1-5-386 - linux-headers-2.6.8.1-5-686 - linux-headers-2.6.8.1-5-686-smp - linux-headers-2.6.8.1-5-amd64-generic - linux-headers-2.6.8.1-5-amd64-k8 - linux-headers-2.6.8.1-5-amd64-k8-smp - linux-headers-2.6.8.1-5-amd64-xeon - linux-headers-2.6.8.1-5-k7 - linux-headers-2.6.8.1-5-k7-smp - linux-headers-2.6.8.1-5-power3 - linux-headers-2.6.8.1-5-power3-smp - linux-headers-2.6.8. [...] Description : Mathieu Lafon discovered an information leak in the ext2 file system driver. When a new directory was created, the ext2 block written to disk was not initialized, so that previous memory contents (which could contain sensitive data like passwords) became visible on the raw device. This is particularly important if the target device is removable and thus can be read by users other than root. (CVE-2005-0400) Yichen Xie discovered a Denial of Service vulnerability in the ELF loader. A specially crafted ELF library or executable could cause an attempt to free an invalid pointer, which lead to a kernel crash. (CVE-2005-0749) Ilja van Sprundel discovered that the bluez_sock_create() function did not check its "protocol" argument for negative values. A local attacker could exploit this to execute arbitrary code with root privileges by creating a Bluetooth socket with a specially crafted protocol number. (CVE-2005-0750) Michal Zalewski discovered that the iso9660 file system driver fails to check ranges properly [...] Solution : Upgrade to : - linux-doc-2.6.8.1-2.6.8.1-16.13 (Ubuntu 4.10) - linux-headers-2.6.8.1-5-2.6.8.1-16.13 (Ubuntu 4.10) - linux-headers-2.6.8.1-5-386-2.6.8.1-16.13 (Ubuntu 4.10) - linux-headers-2.6.8.1-5-686-2.6.8.1-16.13 (Ubuntu 4.10) - linux-headers-2.6.8.1-5-686-smp-2.6.8.1-16.13 (Ubuntu 4.10) - linux-headers-2.6.8.1-5-amd64-generic-2.6.8.1-16.13 (Ubuntu 4.10) - linux-headers-2.6.8.1-5-amd64-k8-2.6.8.1-16.13 (Ubuntu 4.10) - linux-headers-2.6.8.1-5-amd64-k8-smp-2.6.8.1-16.13 (Ubuntu 4.10) - linux-headers-2.6 [...] Risk factor : High

This article was: Helpful | Not Helpful

Prev		Next
USN216-1 : gtk+2.0, gdk-pixbuf vulnerabilities		USN402-1 : Avahi vulnerability

server monitoring