Summary
Ubuntu Update for Linux kernel vulnerabilities USN-679-1
Solution
Please Install the Updated Packages.
Insight
It was discovered that the Xen hypervisor block driver did not correctly validate requests. A user with root privileges in a guest OS could make a malicious IO request with a large number of blocks that would crash the host OS, leading to a denial of service. This only affected Ubuntu 7.10.
(CVE-2007-5498)
It was discovered the the i915 video driver did not correctly validate memory addresses. A local attacker could exploit this to remap memory that could cause a system crash, leading to a denial of service. This issue did not affect Ubuntu 6.06 and was previous fixed for Ubuntu 7.10 and 8.04 in USN-659-1. Ubuntu 8.10 has now been corrected as well. (CVE-2008-3831)
David Watson discovered that the kernel did not correctly strip permissions when creating files in setgid directories. A local user could exploit this to gain additional group privileges. This issue only affected Ubuntu 6.06.
(CVE-2008-4210)
Olaf Kirch and Miklos Szeredi discovered that the Linux kernel did not correctly reject the "
append"
flag when handling file splice
requests. A local attacker could bypass append mode and make changes to arbitrary locations in a file. This issue only affected Ubuntu 7.10 and 8.04. (CVE-2008-4554)
It was discovered that the SCTP stack did not correctly handle INIT-ACK. A remote user could exploit this by sending specially crafted SCTP traffic which would trigger a crash in the system, leading to a denial of service.
This issue did not affect Ubuntu 8.10. (CVE-2008-4576)
It was discovered that the SCTP stack did not correctly handle bad packet lengths. A remote user could exploit this by sending specially crafted SCTP traffic which would trigger a crash in the system, leading to a denial of service. This issue did not affect Ubuntu 8.10. (CVE-2008-4618)
Eric Sesterhenn discovered multiple flaws in the HFS+ filesystem. If a local user or automated system were tricked into mounting a malicious HFS+ filesystem, the system could crash, leading to a denial of service.
(CVE-2008-4933, CVE-2008-4934, CVE-2008-5025)
It was discovered that the Unix Socket handler did not correctly process the SCM_RIGHTS message. A local attacker could make a malicious socket request that would crash the system, leading to a denial of service.
(CVE-2008-5029)
It was discovered that the driver for simple i2c audio interfaces did not correctly validate certain function pointers. A local user could exploit this to gain root privileges or crash the system, leading to a denial of service. (CVE-2008-5033)
Affected
linux, linux-source-2.6.15/22 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 7.10 ,
Ubuntu 8.04 LTS ,
Ubuntu 8.10
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-5498, CVE-2008-3831, CVE-2008-4210, CVE-2008-4554, CVE-2008-4576, CVE-2008-4618, CVE-2008-4933, CVE-2008-4934, CVE-2008-5025, CVE-2008-5029, CVE-2008-5033 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Ubuntu Update for bash USN-2380-1
- Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1
- Ubuntu Update for devscripts USN-1366-1
- Ubuntu Update for Firefox 3.0 and Xulrunner vulnerabilities USN-920-1
- Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2