Lucene search
Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.UBUNTU_USN-82-1.NASLHistoryJan 15, 2006 - 12:00 a.m.
Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-82-1)
2006-01-1500:00:00
Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
www.tenable.com
14
CAN-2004-0176 :
Michael Kerrisk noticed an insufficient permission checking in the shmctl() function. Any process was permitted to lock/unlock any System V shared memory segment that fell within the the RLIMIT_MEMLOCK limit (that is the maximum size of shared memory that unprivileged users can acquire). This allowed am unprivileged user process to unlock locked memory of other processes, thereby allowing them to be swapped out.
Usually locked shared memory is used to store passphrases and other sensitive content which must not be written to the swap space (where it could be read out even after a reboot).
CAN-2005-0177 :
OGAWA Hirofumi noticed that the table sizes in nls_ascii.c were incorrectly set to 128 instead of 256. This caused a buffer overflow in some cases which could be exploited to crash the kernel.
CAN-2005-0178 :
A race condition was found in the terminal handling of the ‘setsid()’ function, which is used to start new process sessions.
http://oss.sgi.com/archives/netdev/2005-01/msg01036.html :
David Coulson noticed a design flaw in the netfilter/iptables module.
By sending specially crafted packets, a remote attacker could exploit this to crash the kernel or to bypass firewall rules.
Fixing this vulnerability required a change in the Application Binary Interface (ABI) of the kernel. This means that third-party user installed modules might not work any more with the new kernel, so this fixed kernel has a new ABI version number. You have to recompile and reinstall all third-party modules.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-82-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(20706);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2004-0176", "CVE-2005-0176", "CVE-2005-0177", "CVE-2005-0178");
script_xref(name:"USN", value:"82-1");
script_name(english:"Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-82-1)");
script_summary(english:"Checks dpkg output for updated packages.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Ubuntu host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"CAN-2004-0176 :
Michael Kerrisk noticed an insufficient permission checking in the
shmctl() function. Any process was permitted to lock/unlock any System
V shared memory segment that fell within the the RLIMIT_MEMLOCK limit
(that is the maximum size of shared memory that unprivileged users can
acquire). This allowed am unprivileged user process to unlock locked
memory of other processes, thereby allowing them to be swapped out.
Usually locked shared memory is used to store passphrases and other
sensitive content which must not be written to the swap space (where
it could be read out even after a reboot).
CAN-2005-0177 :
OGAWA Hirofumi noticed that the table sizes in nls_ascii.c were
incorrectly set to 128 instead of 256. This caused a buffer overflow
in some cases which could be exploited to crash the kernel.
CAN-2005-0178 :
A race condition was found in the terminal handling of the 'setsid()'
function, which is used to start new process sessions.
http://oss.sgi.com/archives/netdev/2005-01/msg01036.html :
David Coulson noticed a design flaw in the netfilter/iptables module.
By sending specially crafted packets, a remote attacker could exploit
this to crash the kernel or to bypass firewall rules.
Fixing this vulnerability required a change in the
Application Binary Interface (ABI) of the kernel. This means
that third-party user installed modules might not work any
more with the new kernel, so this fixed kernel has a new ABI
version number. You have to recompile and reinstall all
third-party modules.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_cwe_id(119);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.8.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-386");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686-smp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-generic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8-smp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-xeon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-386");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686-smp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-generic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8-smp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-xeon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-debian-2.6.8.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.8.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.8.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
script_set_attribute(attribute:"patch_publication_date", value:"2005/02/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"4.10", pkgname:"linux-doc-2.6.8.1", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-386", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-686", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-686-smp", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-amd64-generic", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-amd64-k8", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-amd64-k8-smp", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-amd64-xeon", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-386", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-686", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-686-smp", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-amd64-generic", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-amd64-k8", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-amd64-k8-smp", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-amd64-xeon", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-patch-debian-2.6.8.1", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-source-2.6.8.1", pkgver:"2.6.8.1-16.11")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-tree-2.6.8.1", pkgver:"2.6.8.1-16.11")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-doc-2.6.8.1 / linux-headers-2.6.8.1-5 / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | linux-doc-2.6.8.1 | p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.8.1 |
| canonical | ubuntu_linux | linux-headers-2.6.8.1-5 | p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5 |
| canonical | ubuntu_linux | linux-headers-2.6.8.1-5-386 | p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-386 |
| canonical | ubuntu_linux | linux-headers-2.6.8.1-5-686 | p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686 |
| canonical | ubuntu_linux | linux-headers-2.6.8.1-5-686-smp | p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686-smp |
| canonical | ubuntu_linux | linux-headers-2.6.8.1-5-amd64-generic | p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-generic |
| canonical | ubuntu_linux | linux-headers-2.6.8.1-5-amd64-k8 | p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8 |
| canonical | ubuntu_linux | linux-headers-2.6.8.1-5-amd64-k8-smp | p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8-smp |
| canonical | ubuntu_linux | linux-headers-2.6.8.1-5-amd64-xeon | p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-xeon |
| canonical | ubuntu_linux | linux-image-2.6.8.1-5-386 | p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-386 |
Related
openvas
openvas
Ubuntu: Security Advisory (USN-82-1)
2022-08-26 00:00:00
Debian Security Advisory DSA 511-1 (ethereal)
2008-01-17 00:00:00
FreeBSD Ports: ethereal, tethereal
2008-09-04 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2005-02-15 00:00:00
cert
cert
checkpoint_advisories
checkpoint_advisories
Ethereal Netflow Dissector Buffer Overflow (CVE-2004-0176)
2009-10-22 00:00:00
securityvulns
securityvulns
Advisory 03/2004: Multiple (13) Ethereal remote overflows
2004-03-24 00:00:00
[OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal)
2004-06-05 00:00:00
cve
cve
ubuntucve
ubuntucve
redhat
redhat
(RHSA-2005:092) kernel security update
2005-02-18 00:00:00
(RHSA-2005:472) kernel security update
2005-05-25 00:00:00
(RHSA-2004:136) ethereal security update
2004-03-30 00:00:00
nessus
nessus
RHEL 4 : kernel (RHSA-2005:092)
2005-02-22 00:00:00
Mandrake Linux Security Advisory : ethereal (MDKSA-2004:024)
2004-07-31 00:00:00
GLSA-200403-07 : Multiple remote overflows and vulnerabilities in Ethereal
2004-08-30 00:00:00
freebsd
freebsd
multiple vulnerabilities in ethereal
2004-03-23 00:00:00
debian
debian
[SECURITY] [DSA 511-1] New ethereal packages fix buffer overflows
2004-05-30 00:00:00
osv
osv
ethereal - buffer overflows
2004-05-30 00:00:00
gentoo
gentoo
Multiple remote overflows and vulnerabilities in Ethereal
2004-03-28 00:00:00
centos
centos
kernel security update
2005-05-25 22:54:52
suse
suse
local privilege escalation in mc
2004-05-14 14:09:57
Related for UBUNTU_USN-82-1.NASL