UbuntuUSN-169-1Linux kernel vulnerabilities
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.7 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.161 Low
EPSS
Percentile
95.9%
Releases
- Ubuntu 5.04
- Ubuntu 4.10
Details
David Howells discovered a local Denial of Service vulnerability in
the key session joining function. Under certain user-triggerable
conditions, a semaphore was not released properly, which caused
processes which also attempted to join a key session to hang forever.
This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2098)
David Howells discovered a local Denial of Service vulnerability in
the keyring allocator. A local attacker could exploit this to crash
the kernel by attempting to add a specially crafted invalid keyring.
This only affects Ubuntu 5.04 (Hoary Hedgehog). (CAN-2005-2099)
Balazs Scheidler discovered a local Denial of Service vulnerability in
the xfrm_compile_policy() function. By calling setsockopt() with an
invalid xfrm_user policy message, a local attacker could cause the
kernel to write to an array beyond its boundaries, thus causing a
kernel crash. (CAN-2005-2456)
Tim Yamin discovered that the driver for compressed ISO file systems
did not sufficiently validate the iput data. By tricking an user into
mounting a malicious CD-ROM with a specially crafted compressed ISO
file system, he could cause a kernel crash. (CAN-2005-2457)
It was discovered that the kernelโs embedded zlib compression library
was still vulnerable to two old vulnerabilities of the standalone zlib
library. This library is used by various drivers and can also be used
by third party modules, so the impact varies. (CAN-2005-2458,
CAN-2005-2459)
Peter Sandstrom discovered a remote Denial of Service vulnerability in
the SNMP handler. Certain UDP packages lead to a function call with
the wrong argument, which resulted in a crash of the network stack.
This only affects Ubuntu 4.10 (Warty Warthog). (CAN-2005-2548)
Herbert Xu discovered that the setsockopt() function was not
restricted to privileged users. This allowed a local attacker to
bypass intended IPSec policies, set invalid policies to exploit flaws
like CAN-2005-2456, or cause a Denial of Service by adding policies
until kernel memory is exhausted. Now the call is restricted to
processes with the CAP_NET_ADMIN capability. (CAN-2005-2555)
The Ubuntu 5.04 kernel update also fixes a memory leak in the โmdโ
(Software RAID) driver which eventually lead to kernel memory
exhaustion. Ubuntu 4.10 is not affected by this.
(<http://bugs.debian.org/317787>)
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.7 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.161 Low
EPSS
Percentile
95.9%