6.5 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.089 Low
EPSS
Percentile
94.4%
It was discovered that the Xen hypervisor block driver did not correctly
validate requests. A user with root privileges in a guest OS could make a
malicious IO request with a large number of blocks that would crash the
host OS, leading to a denial of service. This only affected Ubuntu 7.10.
(CVE-2007-5498)
It was discovered the the i915 video driver did not correctly validate
memory addresses. A local attacker could exploit this to remap memory that
could cause a system crash, leading to a denial of service. This issue did
not affect Ubuntu 6.06 and was previous fixed for Ubuntu 7.10 and 8.04 in
USN-659-1. Ubuntu 8.10 has now been corrected as well. (CVE-2008-3831)
David Watson discovered that the kernel did not correctly strip permissions
when creating files in setgid directories. A local user could exploit this
to gain additional group privileges. This issue only affected Ubuntu 6.06.
(CVE-2008-4210)
Olaf Kirch and Miklos Szeredi discovered that the Linux kernel did
not correctly reject the “append” flag when handling file splice
requests. A local attacker could bypass append mode and make changes to
arbitrary locations in a file. This issue only affected Ubuntu 7.10 and
8.04. (CVE-2008-4554)
It was discovered that the SCTP stack did not correctly handle INIT-ACK. A
remote user could exploit this by sending specially crafted SCTP traffic
which would trigger a crash in the system, leading to a denial of service.
This issue did not affect Ubuntu 8.10. (CVE-2008-4576)
It was discovered that the SCTP stack did not correctly handle bad packet
lengths. A remote user could exploit this by sending specially crafted SCTP
traffic which would trigger a crash in the system, leading to a denial of
service. This issue did not affect Ubuntu 8.10. (CVE-2008-4618)
Eric Sesterhenn discovered multiple flaws in the HFS+ filesystem. If a
local user or automated system were tricked into mounting a malicious HFS+
filesystem, the system could crash, leading to a denial of service.
(CVE-2008-4933, CVE-2008-4934, CVE-2008-5025)
It was discovered that the Unix Socket handler did not correctly process
the SCM_RIGHTS message. A local attacker could make a malicious socket
request that would crash the system, leading to a denial of service.
(CVE-2008-5029)
It was discovered that the driver for simple i2c audio interfaces did not
correctly validate certain function pointers. A local user could exploit
this to gain root privileges or crash the system, leading to a denial of
service. (CVE-2008-5033)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.10 | noarch | linux-image-2.6.27-9-virtual | < 2.6.27-9.19 | UNKNOWN |
Ubuntu | 8.10 | noarch | acpi-modules-2.6.27-9-generic-di | < 2.6.27-9.19 | UNKNOWN |
Ubuntu | 8.10 | noarch | block-modules-2.6.27-9-generic-di | < 2.6.27-9.19 | UNKNOWN |
Ubuntu | 8.10 | noarch | crypto-modules-2.6.27-9-generic-di | < 2.6.27-9.19 | UNKNOWN |
Ubuntu | 8.10 | noarch | fat-modules-2.6.27-9-generic-di | < 2.6.27-9.19 | UNKNOWN |
Ubuntu | 8.10 | noarch | fb-modules-2.6.27-9-generic-di | < 2.6.27-9.19 | UNKNOWN |
Ubuntu | 8.10 | noarch | firewire-core-modules-2.6.27-9-generic-di | < 2.6.27-9.19 | UNKNOWN |
Ubuntu | 8.10 | noarch | floppy-modules-2.6.27-9-generic-di | < 2.6.27-9.19 | UNKNOWN |
Ubuntu | 8.10 | noarch | fs-core-modules-2.6.27-9-generic-di | < 2.6.27-9.19 | UNKNOWN |
Ubuntu | 8.10 | noarch | fs-secondary-modules-2.6.27-9-generic-di | < 2.6.27-9.19 | UNKNOWN |
ubuntu.com/security/CVE-2007-5498
ubuntu.com/security/CVE-2008-3831
ubuntu.com/security/CVE-2008-4210
ubuntu.com/security/CVE-2008-4554
ubuntu.com/security/CVE-2008-4576
ubuntu.com/security/CVE-2008-4618
ubuntu.com/security/CVE-2008-4933
ubuntu.com/security/CVE-2008-4934
ubuntu.com/security/CVE-2008-5025
ubuntu.com/security/CVE-2008-5029
ubuntu.com/security/CVE-2008-5033