USN-281-1: Linux kernel vulnerabilities

4 May 2006

Linux kernel vulnerabilities

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Details

The sys_mbind() function did not properly verify the validity of the
'maxnod' argument. A local user could exploit this to trigger a buffer
overflow, which caused a kernel crash. (CVE-2006-0557)

The SELinux module did not correctly handle the tracer SID when a
process was already being traced. A local attacker could exploit this
to cause a kernel crash. (CVE-2006-1052)

Al Viro discovered a local Denial of Service in the sysfs write buffer
handling. By writing a block with a length exactly equal to the
processor's page size to any writable file in /sys, a local attacker
could cause a kernel crash. (CVE-2006-1055)

John Blackwood discovered a race condition with single-step debugging
multiple processes at the same time. A local attacker could exploit
this to crash the system. This only affects the amd64 platform.
(CVE-2006-1066)

Marco Ivaldi discovered a flaw in the handling of the ID number of IP
packets. This number was incremented after receiving unsolicited TCP
SYN-ACK packets. A remote attacker could exploit this to conduct port
scans with the 'Idle scan' method (nmap -sI), which bypassed intended
port scan protections. (CVE-2006-1242)

Pavel Kankovsky discovered that the getsockopt() function, when called
with an SO_ORIGINAL_DST argument, does not properly clear the returned
structure, so that a random piece of kernel memory is exposed to the
user. This could potentially reveal sensitive data like passwords or
encryption keys. (CVE-2006-1343)

A buffer overflow was discovered in the USB Gadget RNDIS
implementation. While creating a reply message, the driver did not
allocate enough memory for the reply structure. A remote attacker
could exploit this to cause a kernel crash. (CVE-2006-1368)

Alexandra Kossovsky discovered an invalid memory access in the
ip_route_input() function. By using the 'ip' command in a particular
way to retrieve multicast routes, a local attacker could exploit this
to crash the kernel. (CVE-2006-1525)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
  • linux-patch-ubuntu-2.6.10 -
  • linux-image-2.6.12-10-hppa64-smp -
  • linux-patch-ubuntu-2.6.12 -
  • linux-image-2.6.12-10-hppa32 -
  • linux-image-2.6.12-10-itanium-smp -
  • linux-image-2.6.10-6-686 -
  • linux-image-2.6.10-6-powerpc -
  • linux-image-2.6.10-6-itanium -
  • linux-image-2.6.10-6-power4-smp -
  • linux-image-2.6.12-10-powerpc64-smp -
  • linux-image-2.6.12-10-powerpc-smp -
  • linux-image-2.6.12-10-amd64-generic -
  • linux-image-2.6.12-10-iseries-smp -
  • linux-image-2.6.12-10-k7-smp -
  • linux-image-2.6.12-10-amd64-xeon -
  • linux-image-2.6.10-6-386 -
  • linux-image-2.6.12-10-itanium -
  • linux-image-2.6.12-10-hppa32-smp -
  • linux-image-2.6.12-10-powerpc -
  • linux-image-2.6.10-6-k7-smp -
  • linux-image-2.6.10-6-amd64-xeon -
  • linux-image-2.6.12-10-mckinley -
  • linux-image-2.6.10-6-itanium-smp -
  • linux-image-2.6.10-6-powerpc-smp -
  • linux-image-2.6.10-6-power3-smp -
  • linux-image-2.6.10-6-power3 -
  • linux-image-2.6.12-10-hppa64 -
  • linux-image-2.6.10-6-k7 -
  • linux-image-2.6.12-10-amd64-k8-smp -
  • linux-image-2.6.10-6-power4 -
  • linux-image-2.6.12-10-686 -
  • linux-image-2.6.10-6-mckinley -
  • linux-image-2.6.12-10-686-smp -
  • linux-image-2.6.10-6-686-smp -
  • linux-image-2.6.10-6-amd64-k8-smp -
  • linux-image-2.6.12-10-k7 -
  • linux-image-2.6.10-6-amd64-generic -
  • linux-image-2.6.10-6-amd64-k8 -
  • linux-image-2.6.12-10-mckinley-smp -
  • linux-image-2.6.12-10-386 -
  • linux-image-2.6.10-6-mckinley-smp -
  • linux-image-2.6.12-10-amd64-k8 -
Ubuntu 5.04
  • linux-patch-ubuntu-2.6.10 -
  • linux-image-2.6.12-10-hppa64-smp -
  • linux-patch-ubuntu-2.6.12 -
  • linux-image-2.6.12-10-hppa32 -
  • linux-image-2.6.12-10-itanium-smp -
  • linux-image-2.6.10-6-686 -
  • linux-image-2.6.10-6-powerpc -
  • linux-image-2.6.10-6-itanium -
  • linux-image-2.6.10-6-power4-smp -
  • linux-image-2.6.12-10-powerpc64-smp -
  • linux-image-2.6.12-10-powerpc-smp -
  • linux-image-2.6.12-10-amd64-generic -
  • linux-image-2.6.12-10-iseries-smp -
  • linux-image-2.6.12-10-k7-smp -
  • linux-image-2.6.12-10-amd64-xeon -
  • linux-image-2.6.10-6-386 -
  • linux-image-2.6.12-10-itanium -
  • linux-image-2.6.12-10-hppa32-smp -
  • linux-image-2.6.12-10-powerpc -
  • linux-image-2.6.10-6-k7-smp -
  • linux-image-2.6.10-6-amd64-xeon -
  • linux-image-2.6.12-10-mckinley -
  • linux-image-2.6.10-6-itanium-smp -
  • linux-image-2.6.10-6-powerpc-smp -
  • linux-image-2.6.10-6-power3-smp -
  • linux-image-2.6.10-6-power3 -
  • linux-image-2.6.12-10-hppa64 -
  • linux-image-2.6.10-6-k7 -
  • linux-image-2.6.12-10-amd64-k8-smp -
  • linux-image-2.6.10-6-power4 -
  • linux-image-2.6.12-10-686 -
  • linux-image-2.6.10-6-mckinley -
  • linux-image-2.6.12-10-686-smp -
  • linux-image-2.6.10-6-686-smp -
  • linux-image-2.6.10-6-amd64-k8-smp -
  • linux-image-2.6.12-10-k7 -
  • linux-image-2.6.10-6-amd64-generic -
  • linux-image-2.6.10-6-amd64-k8 -
  • linux-image-2.6.12-10-mckinley-smp -
  • linux-image-2.6.12-10-386 -
  • linux-image-2.6.10-6-mckinley-smp -
  • linux-image-2.6.12-10-amd64-k8 -

In general, a standard system update will make all the necessary changes.

References

Related notices

Join the discussion

Need help with your security needs?

Ubuntu Pro provides up to ten-year security coverage for over 23,000 open-source packages within the Ubuntu Main and Universe repositories.

Talk to an expert to find out what would work best for you

Further reading