what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-1201-1

Ubuntu Security Notice USN-1201-1
Posted Sep 14, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1201-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.

tags | advisory, remote, local, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-1020, CVE-2011-1493, CVE-2011-1770, CVE-2011-2484, CVE-2011-2492
SHA-256 | 594e6301fd8adfd138461fd891793167bc75a8565f367e0d80fc7bc3941f4ea0

Ubuntu Security Notice USN-1201-1

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-1201-1
September 13, 2011

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.10

Summary:

Multiple kernel flaws have been fixed.

Software Description:
- linux: Linux kernel

Details:

It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)

Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
(CVE-2011-1493)

Dan Rosenberg discovered that the DCCP stack did not correctly handle
certain packet structures. A remote attacker could exploit this to crash
the system, leading to a denial of service. (CVE-2011-1770)

Vasiliy Kulikov discovered that taskstats listeners were not correctly
handled. A local attacker could expoit this to exhaust memory and CPU
resources, leading to a denial of service. (CVE-2011-2484)

It was discovered that Bluetooth l2cap and rfcomm did not correctly
initialize structures. A local attacker could exploit this to read portions
of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
linux-image-2.6.35-30-generic 2.6.35-30.59
linux-image-2.6.35-30-generic-pae 2.6.35-30.59
linux-image-2.6.35-30-omap 2.6.35-30.59
linux-image-2.6.35-30-powerpc 2.6.35-30.59
linux-image-2.6.35-30-powerpc-smp 2.6.35-30.59
linux-image-2.6.35-30-powerpc64-smp 2.6.35-30.59
linux-image-2.6.35-30-server 2.6.35-30.59
linux-image-2.6.35-30-versatile 2.6.35-30.59
linux-image-2.6.35-30-virtual 2.6.35-30.59

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1201-1
CVE-2011-1020, CVE-2011-1493, CVE-2011-1770, CVE-2011-2484,
CVE-2011-2492

Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.35-30.59


Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    0 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close