Sårbarhed Detalje Syn
Legend :
critical
high
medium
low
other
| id | 43097 |
|---|
| Risiko | other |
|---|
| Familie | Ubuntu Local Security Checks |
|---|
| Kategori | infos |
|---|
| Navn | USN869-1 : linux vulnerability |
|---|
| Sammenfatning | linux vulnerability |
|---|
| Beskrivelse | Synopsis :
These remote packages are missing security patches :
- linux-doc
- linux-headers-2.6.31-16
- linux-headers-2.6.31-16-386
- linux-headers-2.6.31-16-generic
- linux-headers-2.6.31-16-generic-pae
- linux-headers-2.6.31-16-server
- linux-image-2.6.31-16-386
- linux-image-2.6.31-16-generic
- linux-image-2.6.31-16-generic-pae
- linux-image-2.6.31-16-server
- linux-image-2.6.31-16-virtual
- linux-libc-dev
- linux-source-2.6.31
Description :
David Ford discovered that the IPv4 defragmentation routine did not
correctly handle oversized packets. A remote attacker could send
specially crafted traffic that would cause a system to crash, leading
to a denial of service. (The fix was included in the earlier kernels
from USN-864-1.) (CVE-2009-1298)
Akira Fujita discovered that the Ext4 "move extents" ioctl did not
correctly check permissions. A local attacker could exploit this to
overwrite arbitrary files on the system, leading to root privilege
escalation. (CVE-2009-4131)
Solution :
Upgrade to :
- linux-doc-2.6.31-16.53 (Ubuntu 9.10)
- linux-headers-2.6.31-16-2.6.31-16.53 (Ubuntu 9.10)
- linux-headers-2.6.31-16-386-2.6.31-16.53 (Ubuntu 9.10)
- linux-headers-2.6.31-16-generic-2.6.31-16.53 (Ubuntu 9.10)
- linux-headers-2.6.31-16-generic-pae-2.6.31-16.53 (Ubuntu 9.10)
- linux-headers-2.6.31-16-server-2.6.31-16.53 (Ubuntu 9.10)
- linux-image-2.6.31-16-386-2.6.31-16.53 (Ubuntu 9.10)
- linux-image-2.6.31-16-generic-2.6.31-16.53 (Ubuntu 9.10)
- linux-image-2.6.31-16-generic-pae-2.6.31-16.53
[...]
Risk factor :
High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
|
|---|
| CVE |
CVE-2009-1298,CVE-2009-4131 |
| Bugtraq |
NOBID |
| Copyright |
(C) 2009 Canonical, Inc. / NASL script (C) 2009 Tenable Network Security, Inc. |
|
|