[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-1089-1 -- linux, linux-ec2 vulnerabilities

ID: oval:org.secpod.oval:def:700267Date: (C)2011-03-21   (M)2024-01-02
Class: PATCHFamily: unix




Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service. Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. If the mmap_min-addr sysctl was changed from the Ubuntu default to a value of 0, a local attacker could exploit this flaw to gain root privileges

Platform:
Ubuntu 9.10
Product:
linux
Reference:
USN-1089-1
CVE-2010-4242
CVE-2010-4175
CVE-2010-4163
CVE-2010-4162
CVE-2010-4158
CVE-2010-4077
CVE-2010-4076
CVE-2010-4075
CVE    8
CVE-2010-4077
CVE-2010-4076
CVE-2010-4158
CVE-2010-4242
...
CPE    1
cpe:/o:ubuntu:ubuntu_linux:9.10

© SecPod Technologies