[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-752-1 -- linux-source-2.6.15 vulnerabilities

ID: oval:org.secpod.oval:def:700328Date: (C)2011-05-13   (M)2017-10-04
Class: PATCHFamily: unix




NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. Sparc syscalls did not correctly check mmap regions. A local attacker could cause a system panic, leading to a denial of service. In certain situations, cloned processes were able to send signals to parent processes, crossing privilege boundaries. A local attacker could send arbitrary signals to parent processes, leading to a denial of service. The 64-bit syscall interfaces did not correctly handle sign extension. A local attacker could make malicious syscalls, possibly gaining root privileges. The x86_64 architecture was not affected. The SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, leading to a denial of service. The Dell platform device did not correctly validate user parameters. A local attacker could perform specially crafted reads to crash the system, leading to a denial of service. Network interfaces statistics for the SysKonnect FDDI driver did not check capabilities. A local user could reset statistics, potentially interfering with packet accounting systems. The getsockopt function did not correctly clear certain parameters. A local attacker could read leaked kernel memory, leading to a loss of privacy. The syscall interface did not correctly validate parameters when crossing the 64-bit/32-bit boundary. A local attacker could bypass certain syscall restricts via crafted syscalls. The shared memory subsystem did not correctly handle certain shmctl calls when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since CONFIG_SHMEM is enabled by default

Platform:
Ubuntu 6.06
Product:
linux-source-2.6.15
Reference:
USN-752-1
CVE-2008-4307
CVE-2008-6107
CVE-2009-0028
CVE-2009-0029
CVE-2009-0065
CVE-2009-0322
CVE-2009-0675
CVE-2009-0676
CVE-2009-0834
CVE-2009-0835
CVE-2009-0859
CVE    11
CVE-2009-0835
CVE-2009-0029
CVE-2008-6107
CVE-2009-0859
...

© 2013 SecPod Technologies