Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.UBUNTU_USN-95-1.NASL
HistoryJan 15, 2006 - 12:00 a.m.

Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-95-1)

2006-01-1500:00:00
Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
www.tenable.com
18
JSON

A remote Denial of Service vulnerability was discovered in the Netfilter IP packet handler. This allowed a remote attacker to crash the machine by sending specially crafted IP packet fragments.
(CAN-2005-0209)

The Netfilter code also contained a memory leak. Certain locally generated packet fragments are reassembled twice, which caused a double allocation of a data structure. This could be locally exploited to crash the machine due to kernel memory exhaustion. (CAN-2005-0210)

Ben Martel and Stephen Blackheath found a remote Denial of Service vulnerability in the PPP driver. This allowed a malicious pppd client to crash the server machine. (CAN-2005-0384)

Georgi Guninski discovered a buffer overflow in the ATM driver. The atm_get_addr() function does not validate its arguments sufficiently, which could allow a local attacker to overwrite large portions of kernel memory by supplying a negative length argument. This could eventually lead to arbitrary code execution. (CAN-2005-0531)

Georgi Guninski also discovered three other integer comparison problems in the TTY layer, in the /proc interface and the ReiserFS driver. However, the previous Ubuntu security update (kernel version 2.6.8.1-16.11) already contained a patch which checks the arguments to these functions at a higher level and thus prevents these flaws from being exploited. (CAN-2005-0529, CAN-2005-0530, CAN-2005-0532)

Georgi Guninski discovered an integer overflow in the sys_epoll_wait() function which allowed local users to overwrite the first few kB of physical memory. However, very few applications actually use this space (dosemu is a notable exception), but potentially this could lead to privilege escalation. (CAN-2005-0736)

Eric Anholt discovered a race condition in the Radeon DRI driver. In some cases this allowed a local user with DRI privileges on a Radeon card to execute arbitrary code with root privileges.

Finally this update fixes a regression in the NFS server driver which was introduced in the previous security update (kernel version 2.6.8.1-16.11). We apologize for the inconvenience.
(https://bugzilla.ubuntulinux.org/show_bug.cgi?id=6749)

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-95-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20721);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2005-0209", "CVE-2005-0210", "CVE-2005-0384", "CVE-2005-0529", "CVE-2005-0530", "CVE-2005-0531", "CVE-2005-0532", "CVE-2005-0736");
  script_xref(name:"USN", value:"95-1");

  script_name(english:"Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-95-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A remote Denial of Service vulnerability was discovered in the
Netfilter IP packet handler. This allowed a remote attacker to crash
the machine by sending specially crafted IP packet fragments.
(CAN-2005-0209)

The Netfilter code also contained a memory leak. Certain locally
generated packet fragments are reassembled twice, which caused a
double allocation of a data structure. This could be locally exploited
to crash the machine due to kernel memory exhaustion. (CAN-2005-0210)

Ben Martel and Stephen Blackheath found a remote Denial of Service
vulnerability in the PPP driver. This allowed a malicious pppd client
to crash the server machine. (CAN-2005-0384)

Georgi Guninski discovered a buffer overflow in the ATM driver. The
atm_get_addr() function does not validate its arguments sufficiently,
which could allow a local attacker to overwrite large portions of
kernel memory by supplying a negative length argument. This could
eventually lead to arbitrary code execution. (CAN-2005-0531)

Georgi Guninski also discovered three other integer comparison
problems in the TTY layer, in the /proc interface and the ReiserFS
driver. However, the previous Ubuntu security update (kernel version
2.6.8.1-16.11) already contained a patch which checks the arguments to
these functions at a higher level and thus prevents these flaws from
being exploited. (CAN-2005-0529, CAN-2005-0530, CAN-2005-0532)

Georgi Guninski discovered an integer overflow in the sys_epoll_wait()
function which allowed local users to overwrite the first few kB of
physical memory. However, very few applications actually use this
space (dosemu is a notable exception), but potentially this could lead
to privilege escalation. (CAN-2005-0736)

Eric Anholt discovered a race condition in the Radeon DRI driver. In
some cases this allowed a local user with DRI privileges on a Radeon
card to execute arbitrary code with root privileges.

Finally this update fixes a regression in the NFS server driver which
was introduced in the previous security update (kernel version
2.6.8.1-16.11). We apologize for the inconvenience.
(https://bugzilla.ubuntulinux.org/show_bug.cgi?id=6749)

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_cwe_id(20, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.8.1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-xeon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-xeon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-patch-debian-2.6.8.1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.8.1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.8.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/03/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"4.10", pkgname:"linux-doc-2.6.8.1", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-386", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-686", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-686-smp", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-amd64-generic", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-amd64-k8", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-amd64-k8-smp", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-headers-2.6.8.1-5-amd64-xeon", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-386", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-686", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-686-smp", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-amd64-generic", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-amd64-k8", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-amd64-k8-smp", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-image-2.6.8.1-5-amd64-xeon", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-patch-debian-2.6.8.1", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-source-2.6.8.1", pkgver:"2.6.8.1-16.12")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"linux-tree-2.6.8.1", pkgver:"2.6.8.1-16.12")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-doc-2.6.8.1 / linux-headers-2.6.8.1-5 / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-doc-2.6.8.1p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.8.1
canonicalubuntu_linuxlinux-headers-2.6.8.1-5p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5
canonicalubuntu_linuxlinux-headers-2.6.8.1-5-386p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-386
canonicalubuntu_linuxlinux-headers-2.6.8.1-5-686p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686
canonicalubuntu_linuxlinux-headers-2.6.8.1-5-686-smpp-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686-smp
canonicalubuntu_linuxlinux-headers-2.6.8.1-5-amd64-genericp-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-generic
canonicalubuntu_linuxlinux-headers-2.6.8.1-5-amd64-k8p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8
canonicalubuntu_linuxlinux-headers-2.6.8.1-5-amd64-k8-smpp-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8-smp
canonicalubuntu_linuxlinux-headers-2.6.8.1-5-amd64-xeonp-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-xeon
canonicalubuntu_linuxlinux-image-2.6.8.1-5-386p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-386
Rows per page:
1-10 of 201

Related

openvas 10
ubuntu 1
nessus 19
suse 1
redhat 6
centos 5
securityvulns 3
ubuntucve 8
cve 9
exploitdb 1
osv 4
debian 5
openvas
openvas
Ubuntu: Security Advisory (USN-95-1)
2022-08-26 00:00:00
SLES9: Security update for Linux kernel
2009-10-10 00:00:00
SLES9: Security update for Linux kernel
2009-10-10 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2005-03-15 00:00:00
nessus
nessus
SUSE-SA:2005:018: kernel
2005-03-25 00:00:00
RHEL 4 : kernel (RHSA-2005:366)
2005-04-19 00:00:00
CentOS 3 / 4 : kernel (CESA-2005:366)
2006-07-05 00:00:00
suse
suse
remote denial of service in kernel
2005-03-24 16:30:19
redhat
redhat
(RHSA-2005:366) kernel security update
2005-04-19 00:00:00
(RHSA-2005:283) kernel security update
2005-04-28 00:00:00
(RHSA-2005:284) kernel security update
2005-04-28 00:00:00
centos
centos
kernel security update
2005-04-20 01:47:21
kernel security update
2005-04-29 05:42:41
kernel security update
2005-06-08 21:44:09
securityvulns
securityvulns
[CLA-2005:945] Conectiva Security Announcement - kernel
2005-04-01 00:00:00
MDKSA-2005:218 - Updated kernel packages fix numerous vulnerabilities
2005-12-01 00:00:00
MDKSA-2005:219 - Updated kernel packages fix numerous vulnerabilities
2005-12-01 00:00:00
ubuntucve
ubuntucve
CVE-2005-0532
2005-05-02 00:00:00
CVE-2005-0531
2005-05-02 00:00:00
CVE-2005-0529
2005-05-02 00:00:00
cve
cve
CVE-2005-0532
2005-05-02 04:00:00
CVE-2005-0531
2005-05-02 04:00:00
CVE-2005-0529
2005-05-02 04:00:00
exploitdb
exploitdb
Linux Kernel 2.6.x - SYS_EPoll_Wait Local Integer Overflow Vulnerability 2
2005-03-09 00:00:00
osv
osv
kernel-source-2.4.18 - several
2006-05-20 00:00:00
kernel-source-2.4.19 - several vulnerabilities
2006-05-21 00:00:00
kernel-source-2.4.17 - several vulnerabilities
2006-05-29 00:00:00
debian
debian
[SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities
2006-05-21 02:53:34
[SECURITY] [DSA 1082-1] New Linux kernel 2.4.17 packages fix several vulnerabilities
2006-05-29 19:29:19
[SECURITY] [DSA 1067-1] New Linux kernel 2.4.16 packages fix several vulnerabilities
2006-05-20 08:20:15
JSON
Related for UBUNTU_USN-95-1.NASL
openvas10ubuntu1nessus19suse1redhat6centos5securityvulns3ubuntucve8cve9exploitdb1osv4debian5