Ubuntu 5.04 / 5.10 / 6.06 LTS : linux-source-2.6.10/-2.6.12/-2.6.15 vulnerabilities (USN-311-1)

medium Nessus Plugin ID 27886

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

A race condition was discovered in the do_add_counters() functions.
Processes which do not run with full root privileges, but have the CAP_NET_ADMIN capability can exploit this to crash the machine or read a random piece of kernel memory. In Ubuntu there are no packages that are affected by this, so this can only be an issue for you if you use third-party software that uses Linux capabilities. (CVE-2006-0039)

John Stultz discovered a faulty BUG_ON trigger in the handling of POSIX timers. A local attacker could exploit this to trigger a kernel oops and crash the machine. (CVE-2006-2445)

Dave Jones discovered that the PowerPC kernel did not perform certain required access_ok() checks. A local user could exploit this to read arbitrary kernel memory and crash the kernel on 64-bit systems, and possibly read arbitrary kernel memory on 32-bit systems.
(CVE-2006-2448)

A design flaw was discovered in the prctl(PR_SET_DUMPABLE, ...) system call, which allowed a local user to have core dumps created in a directory he could not normally write to. This could be exploited to drain available disk space on system partitions, or, under some circumstances, to execute arbitrary code with full root privileges.
This flaw only affects Ubuntu 6.06 LTS. (CVE-2006-2451)

In addition, the Ubuntu 6.06 LTS update fixes a range of bugs.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

https://usn.ubuntu.com/311-1/

Plugin Details

Severity: Medium

ID: 27886

File Name: ubuntu_USN-311-1.nasl

Version: 1.22

Type: local

Agent: unix

Published: 11/10/2007

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.3

CVSS v2

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx-dev, p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.12, p-cpe:/a:canonical:ubuntu_linux:fglrx-kernel-source, p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware-2.6.15-26, p-cpe:/a:canonical:ubuntu_linux:avm-fritz-kernel-source, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-server, p-cpe:/a:canonical:ubuntu_linux:nvidia-kernel-source, p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15, p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-dev, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp, p-cpe:/a:canonical:ubuntu_linux:linux-386, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.12, p-cpe:/a:canonical:ubuntu_linux:linux-headers-386, p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-amd64-server, p-cpe:/a:canonical:ubuntu_linux:linux-headers-686, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server, p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-server, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel, p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-386, p-cpe:/a:canonical:ubuntu_linux:linux-image-686, p-cpe:/a:canonical:ubuntu_linux:linux-source, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-686-smp, p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.10, p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.12, p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-server, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-686, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp, p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8-smp, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-amd64-k8, cpe:/o:canonical:ubuntu_linux:5.04, p-cpe:/a:canonical:ubuntu_linux:linux-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-386, p-cpe:/a:canonical:ubuntu_linux:xorg-driver-fglrx, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.12, p-cpe:/a:canonical:ubuntu_linux:linux-686, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-common, p-cpe:/a:canonical:ubuntu_linux:fglrx-control, p-cpe:/a:canonical:ubuntu_linux:linux-server, p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.10, p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386, cpe:/o:canonical:ubuntu_linux:6.06:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-amd64-generic, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-686, p-cpe:/a:canonical:ubuntu_linux:linux-headers-server, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server, p-cpe:/a:canonical:ubuntu_linux:nvidia-glx-legacy-dev, p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6, p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.10, p-cpe:/a:canonical:ubuntu_linux:linux-image-amd64-k8, p-cpe:/a:canonical:ubuntu_linux:linux-headers-amd64-k8, cpe:/o:canonical:ubuntu_linux:5.10, p-cpe:/a:canonical:ubuntu_linux:linux-image-386, p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.10, p-cpe:/a:canonical:ubuntu_linux:linux-doc, p-cpe:/a:canonical:ubuntu_linux:avm-fritz-firmware, p-cpe:/a:canonical:ubuntu_linux:linux-amd64-xeon, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp, p-cpe:/a:canonical:ubuntu_linux:nvidia-legacy-kernel-source, p-cpe:/a:canonical:ubuntu_linux:nvidia-glx, p-cpe:/a:canonical:ubuntu_linux:linux, p-cpe:/a:canonical:ubuntu_linux:linux-restricted-modules-2.6-amd64-generic

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/11/2006

Vulnerability Publication Date: 5/19/2006

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2006-0039, CVE-2006-2445, CVE-2006-2448, CVE-2006-2451

BID: 18874

CWE: 362

USN: 311-1