Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

linux-lts-backport-maverick vulnerabilities

Related Vulnerabilities: CVE-2011-1020   CVE-2011-1493   CVE-2011-1770   CVE-2011-2484   CVE-2011-2492   CVE-2011-3637   CVE-2011-4914  

Multiple kernel flaws have been fixed.

It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020)

Source

13 September 2011

linux-lts-backport-maverick vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.04 LTS

Summary

Multiple kernel flaws have been fixed.

Software Description

  • linux-lts-backport-maverick - Linux kernel backport from Maverick

Details

It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020)

Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493)

Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1770)

Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484)

It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)

A flaw was found in the Linux kernel’s /proc/*/map interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637)

Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.04 LTS
linux-image-2.6.35-30-generic - 2.6.35-30.59~lucid1
linux-image-2.6.35-30-generic-pae - 2.6.35-30.59~lucid1
linux-image-2.6.35-30-server - 2.6.35-30.59~lucid1
linux-image-2.6.35-30-virtual - 2.6.35-30.59~lucid1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started