CVE-2006-1055

Related Files

Ubuntu Security Notice 302-1

Posted Jun 26, 2006

Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice 302-1 - A ridiculous amount of vulnerabilities have been patched in the Linux 2.6 kernel series for Ubuntu.

tags | advisory, kernel, vulnerability

systems | linux, ubuntu

advisories | CVE-2006-0038, CVE-2006-0744, CVE-2006-1055, CVE-2006-1056, CVE-2006-1522, CVE-2006-1527, CVE-2006-1528, CVE-2006-1855, CVE-2006-1856, CVE-2006-1857, CVE-2006-1858, CVE-2006-1859, CVE-2006-1860, CVE-2006-1864, CVE-2006-2071, CVE-2006-2271, CVE-2006-2272, CVE-2006-2274

SHA-256 | e7447244d7b2672a2f1d88553d391081c24dc64dc845389d8f6cbe950c4a7fcb

Download | Favorite | View

Ubuntu Security Notice 281-1

Posted May 6, 2006

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 281-1 - Multiple vulnerabilities have been discovered in the Linux 2.6 kernel. The sys_mbind() function did not properly verify the validity of the 'maxnod' argument. A local user could exploit this to trigger a buffer overflow, which caused a kernel crash. The SELinux module did not correctly handle the tracer SID when a process was already being traced. A local attacker could exploit this to cause a kernel crash. Al Viro discovered a local Denial of Service in the sysfs write buffer handling. By writing a block wit h a length exactly equal to the processor's page size to any writable file in /sys, a local attacker could cause a kernel crash. John Blackwood discovered a race condition with single-step debugging multiple processes at the same time. A local attacker could exploit this to crash the system. This only affects the amd64 platform. Marco Ivaldi discovered a flaw in the handling of the ID number of IP packets. This number was incremented after receiving unsolicited TCP SYN-ACK packets. A remote attacker could exploit this to conduct port scans with the 'Idle scan' method (nmap -sI), which bypassed intended port scan protections. Pavel Kankovsky discovered that the getsockopt() function, when called with an SO_ORIGINAL_DST argument, does not properly clear the returned structure, so that a random piece of kernel memory is exposed to the user. This could potentially reveal sensitive data like passwords or encryption keys. A buffer overflow was discovered in the USB Gadget RNDIS implementation. While creating a reply message, the driver did not allocate enough memory for the reply structure. A remote attacker could exploit this to cause a kernel crash. Alexandra Kossovsky discovered an invalid memory access in the ip_route_input() function. By using the 'ip' command in a particular way to retrieve multicast routes, a local attacker could exploit this to crash the kernel.

tags | advisory, remote, denial of service, overflow, kernel, local, tcp, vulnerability

systems | linux, ubuntu

advisories | CVE-2006-0557, CVE-2006-1052, CVE-2006-1055, CVE-2006-1066, CVE-2006-1242, CVE-2006-1343, CVE-2006-1368, CVE-2006-1525

SHA-256 | f07cfa72c65837f67fad1ccb0fdf321f1e3761c7e3af1e3608d6513ebf5ee200

Download | Favorite | View