Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

linux vulnerabilities

Related Vulnerabilities: CVE-2010-4076   CVE-2010-4077   CVE-2011-1090   CVE-2011-1163   CVE-2011-1577   CVE-2011-1598   CVE-2011-1746  

Multiple kernel flaws have been fixed.

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4076, CVE-2010-4077)

Source

3 August 2011

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.10

Summary

Multiple kernel flaws have been fixed.

Software Description

  • linux - Linux kernel

Details

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4076, CVE-2010-4077)

Neil Horman discovered that NFSv4 did not correctly handle certain orders of operation with ACL data. A remote attacker with access to an NFSv4 mount could exploit this to crash the system, leading to a denial of service. (CVE-2011-1090)

Timo Warns discovered that OSF partition parsing routines did not correctly clear memory. A local attacker with physical access could plug in a specially crafted block device to read kernel memory, leading to a loss of privacy. (CVE-2011-1163)

Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577)

Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. (CVE-2011-1598)

Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service. (CVE-2011-1746)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.10
linux-image-2.6.35-30-generic - 2.6.35-30.56
linux-image-2.6.35-30-generic-pae - 2.6.35-30.56
linux-image-2.6.35-30-omap - 2.6.35-30.56
linux-image-2.6.35-30-powerpc - 2.6.35-30.56
linux-image-2.6.35-30-powerpc-smp - 2.6.35-30.56
linux-image-2.6.35-30-powerpc64-smp - 2.6.35-30.56
linux-image-2.6.35-30-server - 2.6.35-30.56
linux-image-2.6.35-30-versatile - 2.6.35-30.56
linux-image-2.6.35-30-virtual - 2.6.35-30.56

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started