Summary
Ubuntu Update for Linux kernel vulnerabilities USN-637-1
Solution
Please Install the Updated Packages.
Insight
It was discovered that there were multiple NULL-pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service. (CVE-2008-2812)
The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. (CVE-2008-2931)
Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. (CVE-2008-3272)
Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service.
(CVE-2008-3275)
In certain situations, the fix for CVE-2008-0598 from USN-623-1 was causing infinite loops in the writev syscall. This update corrects the mistake. We apologize for the inconvenience.
Affected
linux, linux-source-2.6.15/20/22 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.04 ,
Ubuntu 7.10 ,
Ubuntu 8.04 LTS
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-0598, CVE-2008-2812, CVE-2008-2931, CVE-2008-3272, CVE-2008-3275 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities