Summary
Ubuntu Update for Linux kernel vulnerabilities USN-518-1
Solution
Please Install the Updated Packages.
Insight
Evan Teran discovered that the Linux kernel ptrace routines did not correctly handle certain requests robustly. Local attackers could exploit this to crash the system, causing a denial of service. (CVE-2007-3731)
It was discovered that hugetlb kernels on PowerPC systems did not prevent the stack from colliding with reserved kernel memory. Local attackers could exploit this and crash the system, causing a denial of service.
(CVE-2007-3739)
It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges. (CVE-2007-3740)
Wojciech Purczynski discovered that the Linux kernel ia32 syscall emulation in x86_64 kernels did not correctly clear the high bits of registers. Local attackers could exploit this to gain root privileges.
(CVE-2007-4573)
Affected
linux-source-2.6.15/17/20 vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 6.10 ,
Ubuntu 7.04
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Ubuntu Update for coreutils USN-2473-1
- Ubuntu Update for bsd-mailx USN-2455-1
- Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2
- Ubuntu Update for Firefox 3.0 and Xulrunner vulnerabilities USN-920-1
- Ubuntu Update for eglibc USN-1396-1