ASE Labs
Welcome Guest. Please register or log in now. There are 24 people online (0 Friends).
  • Home
  • Articles
  • News
  • Forum
  • Register/Login

News

March 22, 2010

Kernel Vulnerabilities Discovered in Ubuntu/Kubuntu/Edubuntu/Xubuntu

Poster: computer_freak_8
Posted on March 22, 2010 at 8:28:27 PM
An Ubuntu Security Notice from March 17, 2010 mentions some vulnerabilities in the kernels used by Ubuntu-based distributions from 8.04 to 9.10; the 6.06 release is affected, too. (Ubuntu 7.04 and 7.10 were not mentioned, but they are no longer supported anyway.)

They are all local attacks; none of the listed attacks can be invoked by a remote attacker. All of them can, however, lead to a denial of service condition if successfully exploited by a local attacker.

If you are using Ubuntu, but aren't sure which release you're using, you can run:

Code

lsb_release -a
to find your installation's release information.

Also, you can run:

Code

uname -r
to show the kernel currently in use by your system.

Quote

Details follow:

Mathias Krause discovered that the Linux kernel did not correctly handle missing ELF interpreters. A local attacker could exploit this to cause the system to crash, leading to a denial of service. (CVE-2010-0307)

Marcelo Tosatti discovered that the Linux kernel's hardware virtualization did not correctly handle reading the /dev/port special device. A local attacker in a guest operating system could issue a specific read that would cause the host system to crash, leading to a denial of service. (CVE-2010-0309)

Sebastian Krahmer discovered that the Linux kernel did not correctly handle netlink connector messages. A local attacker could exploit this to consume kernel memory, leading to a denial of service. (CVE-2010-0410)

Ramon de Carvalho Valle discovered that the Linux kernel did not correctly validate certain memory migration calls. A local attacker could exploit this to read arbitrary kernel memory or cause a system crash, leading to a denial of service. (CVE-2010-0415)

Jermome Marchand and Mikael Pettersson discovered that the Linux kernel did not correctly handle certain futex operations. A local attacker could exploit this to cause a system crash, leading to a denial of service. (CVE-2010-0622, CVE-2010-0623)


Source: USN-914-1
Tags Linux Security Ubuntu Security Notice Kernel Vulnerabilities Denial Of Service Local Attack
[Print] [Top]
0 Comments
Page: [1]
Login
Welcome Guest. Please register or log in now.
Forgot your password?
Navigation
  • Home
  • Articles
  • News
  • Register/Login
  • Shopping
  • ASE Forums
  • Anime Threads
  • HardwareLogic
  • ASE Adnet
Latest News
  • Kingston HyperX Cloud 2 Pro Gaming Headset Unboxing
  • Synology DS415+ Unboxing
  • D-Link DCS-5020L Wireless IP Pan/Tilt IP Camera
  • Actiontec WiFi Powerline Network Extender Kit Unboxing
  • Durovis Dive Unboxing
  • Bass Egg Verb Unboxing
  • Welcome to the new server
  • Gmail Gets Optional Preview Pane
  • HBO Go on Consoles
  • HP Touchpad Update
Latest Articles
  • D-Link Exo AC2600 Smart Mesh Wi-Fi Router DIR-2660-US
  • HyperX Double Shot PBT Keys
  • Avantree ANC032 Wireless Active Noise Cancelling Headphones
  • ScharkSpark Beginner Drones
  • HyperX Alloy FPS RGB Mechanical Gaming Keyboard
  • D-Link DCS-8300LH Full HD 2-Way Audio Camera
  • Contour Unimouse Wireless Ergonomic Mouse
  • HyperX Cloud Alpha Pro Gaming Headset
  • Linksys Wemo Smart Home Suite
  • Fully Jarvis Adjustable Standing Desk
Latest Topics
  • Hello
  • Welcome to the new server at ASE Labs
  • Evercool Royal NP-901 Notebook Cooler at ASE Labs
  • HyperX Double Shot PBT Keys at ASE Labs
  • Avantree ANC032 Wireless Active Noise Cancelling Headphones at ASE Labs
  • ScharkSpark Beginner Drones at ASE Labs
  • HyperX Alloy FPS RGB Mechanical Gaming Keyboard at ASE Labs
  • D-Link DCS-8300LH Full HD 2-Way Audio Camera at ASE Labs
  • Kingston SDX10V/128GB SDXC Memory at ASE Labs
  • What are you listening to now?
  • Antec Six Hundred v2 Gaming Case at HardwareLogic
  • Sans Digital TR5UTP 5-Bay RAID Tower at HardwareLogic
  • Crucial Ballistix Smart Tracer 6GB PC3-12800 BL3KIT25664ST1608OB at HardwareLogic
  • Cooler Master Storm Enforcer Mid-Tower Gaming Case at HardwareLogic
  • Arctic M571-L Gaming Laser Mouse at ASE Labs
  • Contour Unimouse Wireless Ergonomic Mouse at ASE Labs
Advertisement
Advertisement
Press Release
  • Huntkey Has Launched Its New Power Strips with USB Chargers on Amazon US
  • Inspur Releases TensorFlow-Supported FPGA Compute Acceleration Engine TF2
  • Hot Pepper Introduces Spicy New Smartphones in US Markets
  • Sharp Introduces New Desktop Printers For The Advanced Office
  • DJI Introduces Mavic 2 Pro And Mavic 2 Zoom: A New Era For Camera Drones
  • DJI Introduces Mavic 2 Pro And Mavic 2 Zoom: A New Era For Camera Drones
  • Fujifilm launches "instax SQUARE SQ6 Taylor Swift Edition", designed by instax global partner Taylor Swift
  • Huawei nova 3 With Best-in-class AI Capabilities Goes on Sale Today
  • Rand McNally Introduces Its Most Advanced Dashboard Camera
  • =?UTF-8?Q?My_Size_to_Showcase_Its_MySizeId=E2=84=A2_Mobil?= =?UTF-8?Q?e_Measurement_Technology_at_CurvyCon_NYC?=
Home - ASE Publishing - About Us
© 2010 Aron Schatz (ASE Publishing) [Queries: 15 (8 Cached)] [Rows: 292 Fetched: 35] [Page Generation time: 0.0095431804656982]