Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-95-1)

high Nessus Plugin ID 20721

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

A remote Denial of Service vulnerability was discovered in the Netfilter IP packet handler. This allowed a remote attacker to crash the machine by sending specially crafted IP packet fragments.
(CAN-2005-0209)

The Netfilter code also contained a memory leak. Certain locally generated packet fragments are reassembled twice, which caused a double allocation of a data structure. This could be locally exploited to crash the machine due to kernel memory exhaustion. (CAN-2005-0210)

Ben Martel and Stephen Blackheath found a remote Denial of Service vulnerability in the PPP driver. This allowed a malicious pppd client to crash the server machine. (CAN-2005-0384)

Georgi Guninski discovered a buffer overflow in the ATM driver. The atm_get_addr() function does not validate its arguments sufficiently, which could allow a local attacker to overwrite large portions of kernel memory by supplying a negative length argument. This could eventually lead to arbitrary code execution. (CAN-2005-0531)

Georgi Guninski also discovered three other integer comparison problems in the TTY layer, in the /proc interface and the ReiserFS driver. However, the previous Ubuntu security update (kernel version 2.6.8.1-16.11) already contained a patch which checks the arguments to these functions at a higher level and thus prevents these flaws from being exploited. (CAN-2005-0529, CAN-2005-0530, CAN-2005-0532)

Georgi Guninski discovered an integer overflow in the sys_epoll_wait() function which allowed local users to overwrite the first few kB of physical memory. However, very few applications actually use this space (dosemu is a notable exception), but potentially this could lead to privilege escalation. (CAN-2005-0736)

Eric Anholt discovered a race condition in the Radeon DRI driver. In some cases this allowed a local user with DRI privileges on a Radeon card to execute arbitrary code with root privileges.

Finally this update fixes a regression in the NFS server driver which was introduced in the previous security update (kernel version 2.6.8.1-16.11). We apologize for the inconvenience.
(https://bugzilla.ubuntulinux.org/show_bug.cgi?id=6749)

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 20721

File Name: ubuntu_USN-95-1.nasl

Version: 1.16

Type: local

Agent: unix

Published: 1/15/2006

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.5

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.8.1, cpe:/o:canonical:ubuntu_linux:4.10, p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.8.1, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-386, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686-smp, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8-smp, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-386, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686-smp, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8-smp, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-patch-debian-2.6.8.1, p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.8.1

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Patch Publication Date: 3/15/2005

Reference Information

CVE: CVE-2005-0209, CVE-2005-0210, CVE-2005-0384, CVE-2005-0529, CVE-2005-0530, CVE-2005-0531, CVE-2005-0532, CVE-2005-0736

CWE: 20, 399

USN: 95-1