Ubuntu 4.10 / 5.04 : linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities (USN-178-1)

medium Nessus Plugin ID 20588

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

Oleg Nesterov discovered a local Denial of Service vulnerability in the timer handling. When a non group-leader thread called exec() to execute a different program while an itimer was pending, the timer expiry would signal the old group leader task, which did not exist any more. This caused a kernel panic. This vulnerability only affects Ubuntu 5.04. (CAN-2005-1913)

Al Viro discovered that the sendmsg() function did not sufficiently validate its input data. By calling sendmsg() and at the same time modifying the passed message in another thread, he could exploit this to execute arbitrary commands with kernel privileges. This only affects the amd64 bit platform. (CAN-2005-2490)

Al Viro discovered a vulnerability in the raw_sendmsg() function. By calling this function with specially crafted arguments, a local attacker could either read kernel memory contents (leading to information disclosure) or manipulate the hardware state by reading certain IO ports. This vulnerability only affects Ubuntu 5.04.
(CAN-2005-2492)

Jan Blunck discovered a Denial of Service vulnerability in the procfs interface of the SCSI driver. By repeatedly reading /proc/scsi/sg/devices, a local attacker could eventually exhaust kernel memory. (CAN-2005-2800)

A flaw was discovered in the handling of extended attributes on ext2 and ext3 file systems. Under certain condidions, this could prevent the enforcement of Access Control Lists, which eventually could lead to information disclosure, unauthorized program execution, or unauthorized data modification. This does not affect the standard Unix permissions. (CAN-2005-2801)

Chad Walstrom discovered a Denial of Service in the ipt_recent module, which can be used in netfilter (Firewall configuration). A remote attacker could exploit this to crash the kernel by sending certain packets (such as an SSH brute-force attack) to a host which uses the 'recent' module. (CAN-2005-2802).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 20588

File Name: ubuntu_USN-178-1.nasl

Version: 1.21

Type: local

Agent: unix

Published: 1/15/2006

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.8.1, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-386, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp, p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.8.1, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.10, p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.10, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686-smp, p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.8.1, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.10, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-386, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5, p-cpe:/a:canonical:ubuntu_linux:linux-patch-debian-2.6.8.1, cpe:/o:canonical:ubuntu_linux:4.10, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8-smp, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8-smp, cpe:/o:canonical:ubuntu_linux:5.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6, p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.10, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686-smp

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Patch Publication Date: 9/9/2005

Reference Information

CVE: CVE-2005-1913, CVE-2005-2490, CVE-2005-2492, CVE-2005-2800, CVE-2005-2801, CVE-2005-2872

USN: 178-1