Lucene search

K
ubuntuUbuntuUSN-852-1
HistoryOct 22, 2009 - 12:00 a.m.

Linux kernel vulnerabilities

2009-10-2200:00:00
ubuntu.com
86

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.028

Percentile

90.7%

Releases

  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04
  • Ubuntu 6.06

Packages

  • linux -
  • linux-source-2.6.15 -

Details

Solar Designer discovered that the z90crypt driver did not correctly
check capabilities. A local attacker could exploit this to shut down
the device, leading to a denial of service. Only affected Ubuntu 6.06.
(CVE-2009-1883)

Michael Buesch discovered that the SGI GRU driver did not correctly check
the length when setting options. A local attacker could exploit this
to write to the kernel stack, leading to root privilege escalation or
a denial of service. Only affected Ubuntu 8.10 and 9.04. (CVE-2009-2584)

It was discovered that SELinux did not fully implement the mmap_min_addr
restrictions. A local attacker could exploit this to allocate the
NULL memory page which could lead to further attacks against kernel
NULL-dereference vulnerabilities. Ubuntu 6.06 was not affected.
(CVE-2009-2695)

Cagri Coltekin discovered that the UDP stack did not correctly handle
certain flags. A local user could send specially crafted commands and
traffic to gain root privileges or crash the systeam, leading to a denial
of service. Only affected Ubuntu 6.06. (CVE-2009-2698)

Hiroshi Shimamoto discovered that monotonic timers did not correctly
validate parameters. A local user could make a specially crafted timer
request to gain root privileges or crash the system, leading to a denial
of service. Only affected Ubuntu 9.04. (CVE-2009-2767)

Michael Buesch discovered that the HPPA ISA EEPROM driver did not
correctly validate positions. A local user could make a specially crafted
request to gain root privileges or crash the system, leading to a denial
of service. (CVE-2009-2846)

Ulrich Drepper discovered that kernel signal stacks were not being
correctly padded on 64-bit systems. A local attacker could send specially
crafted calls to expose 4 bytes of kernel stack memory, leading to a
loss of privacy. (CVE-2009-2847)

Jens Rosenboom discovered that the clone method did not correctly clear
certain fields. A local attacker could exploit this to gain privileges
or crash the system, leading to a denial of service. (CVE-2009-2848)

It was discovered that the MD driver did not check certain sysfs files.
A local attacker with write access to /sys could exploit this to cause
a system crash, leading to a denial of service. Ubuntu 6.06 was not
affected. (CVE-2009-2849)

Mark Smith discovered that the AppleTalk stack did not correctly
manage memory. A remote attacker could send specially crafted traffic
to cause the system to consume all available memory, leading to a denial
of service. (CVE-2009-2903)

Loïc Minier discovered that eCryptfs did not correctly handle writing
to certain deleted files. A local attacker could exploit this to gain
root privileges or crash the system, leading to a denial of service.
Ubuntu 6.06 was not affected. (CVE-2009-2908)

It was discovered that the LLC, AppleTalk, IR, EConet, Netrom, and
ROSE network stacks did not correctly initialize their data structures.
A local attacker could make specially crafted calls to read kernel memory,
leading to a loss of privacy. (CVE-2009-3001, CVE-2009-3002)

It was discovered that the randomization used for Address Space Layout
Randomization was predictable within a small window of time. A local
attacker could exploit this to leverage further attacks that require
knowledge of userspace memory layouts. (CVE-2009-3238)

Eric Paris discovered that NFSv4 did not correctly handle file creation
failures. An attacker with write access to an NFSv4 share could exploit
this to create files with arbitrary mode bits, leading to privilege
escalation or a loss of privacy. (CVE-2009-3286)

Bob Tracy discovered that the SCSI generic driver did not correctly use
the right index for array access. A local attacker with write access
to a CDR could exploit this to crash the system, leading to a denial
of service. Only Ubuntu 9.04 was affected. (CVE-2009-3288)

Jan Kiszka discovered that KVM did not correctly validate certain
hypercalls. A local unprivileged attacker in a virtual guest could exploit
this to crash the guest kernel, leading to a denial of service. Ubuntu
6.06 was not affected. (CVE-2009-3290)

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.028

Percentile

90.7%