Ubuntu 6.06 LTS USN-1071-1 Critical: Kernel Denial Of Service Exploit
Feb 25, 2011
•
LinuxSecurity Advisories
5 - 9 min read
Topics Covered
Tavis Ormandy discovered that the Linux kernel did not properly implement exception fixup. A local attacker could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-3086)
==========================================================Ubuntu Security Notice USN-1071-1 February 25, 2011
linux-source-2.6.15 vulnerabilities
CVE-2010-3086, CVE-2010-3859, CVE-2010-3873, CVE-2010-3875,
CVE-2010-3876, CVE-2010-3880, CVE-2010-4078, CVE-2010-4080,
CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4160
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
linux-image-2.6.15-55-386 2.6.15-55.93
linux-image-2.6.15-55-686 2.6.15-55.93
linux-image-2.6.15-55-amd64-generic 2.6.15-55.93
linux-image-2.6.15-55-amd64-k8 2.6.15-55.93
linux-image-2.6.15-55-amd64-server 2.6.15-55.93
linux-image-2.6.15-55-amd64-xeon 2.6.15-55.93
linux-image-2.6.15-55-hppa32 2.6.15-55.93
linux-image-2.6.15-55-hppa32-smp 2.6.15-55.93
linux-image-2.6.15-55-hppa64 2.6.15-55.93
linux-image-2.6.15-55-hppa64-smp 2.6.15-55.93
linux-image-2.6.15-55-itanium 2.6.15-55.93
linux-image-2.6.15-55-itanium-smp 2.6.15-55.93
linux-image-2.6.15-55-k7 2.6.15-55.93
linux-image-2.6.15-55-mckinley 2.6.15-55.93
linux-image-2.6.15-55-mckinley-smp 2.6.15-55.93
linux-image-2.6.15-55-powerpc 2.6.15-55.93
linux-image-2.6.15-55-powerpc-smp 2.6.15-55.93
linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.93
linux-image-2.6.15-55-server 2.6.15-55.93
linux-image-2.6.15-55-server-bigiron 2.6.15-55.93
linux-image-2.6.15-55-sparc64 2.6.15-55.93
linux-image-2.6.15-55-sparc64-smp 2.6.15-55.93
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
Tavis Ormandy discovered that the Linux kernel did not properly implement
exception fixup. A local attacker could exploit this to crash the kernel,
leading to a denial of service. (CVE-2010-3086)
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. A local attacker could
exploit this to gain root privileges. (CVE-2010-3859)
Dan Rosenberg discovered that the Linux kernel X.25 implementation
incorrectly parsed facilities. A remote attacker could exploit this to
crash the kernel, leading to a denial of service. (CVE-2010-3873)
Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did
not correctly clear kernel memory. A local attacker could exploit this to
read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875)
Vasiliy Kulikov discovered that the Linux kernel sockets implementation
did not properly initialize certain structures. A local attacker could
exploit this to read kernel stack memory, leading to a loss of privacy.
(CVE-2010-3876)
Nelson Elhage discovered that the Linux kernel IPv4 implementation did not
properly audit certain bytecodes in netlink messages. A local attacker
could exploit this to cause the kernel to hang, leading to a denial of
service. (CVE-2010-3880)
Dan Rosenberg discovered that the SiS video driver did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4078)
Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver
did not correctly clear kernel memory. A local attacker could exploit this
to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080,
CVE-2010-4081)
Dan Rosenberg discovered that the semctl syscall did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4083)
James Bottomley discovered that the ICP vortex storage array controller
driver did not validate certain sizes. A local attacker on a 64bit system
could exploit this to crash the kernel, leading to a denial of service.
(CVE-2010-4157)
Dan Rosenberg discovered that the Linux kernel L2TP implementation
contained multiple integer signedness errors. A local attacker could
exploit this to to crash the kernel, or possibly gain root privileges.
(CVE-2010-4160)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
Size/MD5: 3058950 3be6d7dc3818219b4ba9fcc8fc09c939
Size/MD5: 3041 d05a84a15e6fe1f983a80f5a0a872a41
Size/MD5: 57403387 88ab0747cb8c2ceed662e0fd1b27d81d
Architecture independent packages:
Size/MD5: 5171930 010523a991493d95accc043168ae6294
Size/MD5: 98552 66a7681cbdb14e1009dd8f36b81c4b0e
Size/MD5: 44746988 2b7d29100f6e92df3b15d97dbffa5d44
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 22346 4285d75cc4adb81a310b67edfb13f143
Size/MD5: 44770 03582c95de1fe3a2cd501af44a18218b
Size/MD5: 2310 b26285f681f0c2e2191a8e0fe749f3c4
Size/MD5: 36292 085bd060f7c9deb9d378552bda8b4834
Size/MD5: 102368 07c210407900eb5a11efe9750914771a
Size/MD5: 38894 dba122f746ad5e1eb79baf8062aa19ba
Size/MD5: 49160 020803a6ec8e4bc9770194196b39dc00
Size/MD5: 176616 0be7b604db5fbe0ce54f5ee0a21d31b2
Size/MD5: 36774 2a302ec3b2f9054c2600b5b97df899fa
Size/MD5: 142346 0190ea61e59e86b13b68bd6c83bc96bd
Size/MD5: 51064 e2c3d9e40172e9e9ddc4e55a5364a0b2
Size/MD5: 140710 3ec61162e65f03c292fab819131075fe
Size/MD5: 287602 7167cc4b8e32cea59cb9cc89f81a2a06
Size/MD5: 97780 629c5ac2cec4ffcc1dd543c60fce9b6b
Size/MD5: 1652350 1e33ac46d3322bc04c1e7bac81d954a7
Size/MD5: 869894 880612827fe1620f748239c56cc311de
Size/MD5: 870988 844e3b445bdb3e33d5062d84a3b88a6a
Size/MD5: 871804 3cd34f357331270aab396f7bbf4c19c6
Size/MD5: 870096 b9b2b64bcf59e84b33e3b781d696e5ea
Size/MD5: 6927788 dfbae2e2401d6099773d6aa6beab624b
Size/MD5: 20818250 8ccad3f874e1cc9335430617aa2a428b
Size/MD5: 20801228 45bb1b3d6b7ec4f26e7d9e7d2f464aa0
Size/MD5: 21635750 98342e207fb12b60329d96cb06436b8d
Size/MD5: 19904938 4be642999c16a4be5f6171469919941b
Size/MD5: 15634 b8bb5ad2c8637f155399ce132ff57b6c
Size/MD5: 240370 060e51f289eef420751b2af3928ad252
Size/MD5: 202682 43521965b8cce3c48c13d3c6f204dcb5
Size/MD5: 1048606 a7bef3db3ec3308705776499f63544df
Size/MD5: 1543802 3aef9d7e5e0a1dbec2324da1a1de4364
Size/MD5: 161692 6ca0f8a9a4d5c72461ce97f95602c194
Size/MD5: 9836 71bdccfc3b342d545f704adb396f436f
Size/MD5: 80870 6b61b70f08920234fdb40ee7fb806686
Size/MD5: 49290 ff0259f442867dd9be92c5bf823a7e62
Size/MD5: 35162 ea47273751eed6ffbaeacb8b80b381f1
Size/MD5: 70894 3567b24169fe72b787073c033b2e6d6c
Size/MD5: 6224 afd9ebaae7f5179f50821cd485ca72f8
Size/MD5: 9060 7eb9441f8ba5f29d16c4d565a93f7194
Size/MD5: 57922 ed6e59da10953c78d56f12211b6ebe31
Size/MD5: 123372 d195fc29ea36b50751d79b12ed06e314
Size/MD5: 101080 7ff3ba62e1c0ec36bfc663432fd3f7a2
Size/MD5: 79276 3f65568798e451af94c933b75df7baea
Size/MD5: 1595560 0aec3f92dd53b0763498ca189521294b
Size/MD5: 72346 ab8f9edf4d256d9dcf7640f1cab21a98
Size/MD5: 12670 1c6c7dff8b895d99e74b9b252f5c6b12
Size/MD5: 33810 55510c13bc0e0423b8a86f1171bba61d
Size/MD5: 138512 6dc44ba519bd5fb72c604641f3d0f585
Size/MD5: 38938 dbfcb3741d6952e3420fa1ab8168690e
Size/MD5: 278760 b458a2bacd3bad3b8516b0e0b5290f6f
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 18972 b524c0d1a985e969eb30c3c1991fad07
Size/MD5: 43494 2fe5e5ea2aa39783e3c1014b05791478
Size/MD5: 105212 9f5da402711288b7ccd4ff45183dda27
Size/MD5: 2282 49835ce94ffc6f4df48fcc3b4aba5a3c
Size/MD5: 34572 e998bbba6ac34c15506ba13f9745a25a
Size/MD5: 97044 f3b2f5ceeb2d6702a81d7c563fbb415b
Size/MD5: 37126 94c4e468976db78dd2f049ccebf86951
Size/MD5: 44114 19162ad826e0577a9fec89a5b585fdce
Size/MD5: 167738 c4b4115a4c43017b0968d61a24d8a1af
Size/MD5: 33954 109a8fda81e600aa5445b589c3e994fa
Size/MD5: 137968 462aefba356d5a9ef1b64b797c6792fe
Size/MD5: 46900 1489fe7a8654f330bcf3774ffa3cb6a7
Size/MD5: 133160 9c556b3982ec584fbe6cf994b293d59b
Size/MD5: 273802 04738073fc3c5919312e7837f60e2d88
Size/MD5: 102294 1b8e6268955214c7c011259e14942f26
Size/MD5: 1598794 f2882f1c1b10a41fac7eec3c00b67744
Size/MD5: 860510 f1163cc7c89cb40f3c396405efebd134
Size/MD5: 856968 8117aee22704e655a3e6fc473941c5fe
Size/MD5: 858568 1ac1fa45d03c700fe2a83c4fefed6b40
Size/MD5: 863794 867c4f678a6b686c084be82f843d551a
Size/MD5: 859978 a8a9c50083c269e58f1fff60ae84bf8a
Size/MD5: 6920174 a9e28d693a7aa8cb3d9a2473979b5627
Size/MD5: 21725558 829e8b2d3461f95592f0d036c306444b
Size/MD5: 22520432 bd2cf78d94f1109eff1215fd6a8f4ac5
Size/MD5: 22266772 1a2c4914bd529e3877b57453a434c901
Size/MD5: 23626112 834c70a9c00ba3a9e138cf62b24483fe
Size/MD5: 23177398 9ecbd00b306fdefbb613e68b72e9741a
Size/MD5: 15512 1bd1e44a9373a4b07ebfad33638ffadf
Size/MD5: 238512 d6bd49ee3debc55f264cba2291b595a5
Size/MD5: 197140 781a9b512feb425d1e3603e220a9f5f5
Size/MD5: 1048396 e63fe914c8840b0ba6008b86c956dfe7
Size/MD5: 1741542 bb31f45bf0a9efa84049b43e419d51cf
Size/MD5: 160892 447463986e9adb42c30a1679ff2c1a3b
Size/MD5: 9166 294e18871fd1e88255f0726a532c9add
Size/MD5: 76474 d2d4ef4878ce710f1d4bcfd9a45cb1e4
Size/MD5: 53548 a78f484f98b89096a66ade785f55cc56
Size/MD5: 33056 c59bcb24814fa505fed0c7a417775ec8
Size/MD5: 85624 602e8bd9e7229ce884ca306aa1e3633e
Size/MD5: 6026 b07da516d6e13dbb55196631035281ba
Size/MD5: 8762 eb4b2ef8474e7a549c9c665cb40e385a
Size/MD5: 53636 1f6586ad75f4c17f01d87c0b389e5efb
Size/MD5: 130964 c859819573d355863a977560286c9c0b
Size/MD5: 98474 5a821aefdd9154420d5d56bf51d4e42e
Size/MD5: 77212 fc963f65df9c2ef7971deaf6c04918c7
Size/MD5: 1768860 9e77de76efc32b5aecc50de25dd648d6
Size/MD5: 69614 19e318486b7023225d7cd59565596ba7
Size/MD5: 11786 5b5b2a4bf2b19640642c815a6f4aed49
Size/MD5: 36102 b235f4df2e5b212b6368977f5ec50d70
Size/MD5: 132670 9fd1650e85f8f734565851d7bd663f10
Size/MD5: 38576 7e5a367be4b773c2efb1aa6e1e370d42
Size/MD5: 298966 0ade2f0ac9cd685ecaf4e392ed1dbd87
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 23732 29285d6b61b27f3628c9718ca63a123e
Size/MD5: 26006 e6fcc26317b90c4b5bb2976b33bd0afc
Size/MD5: 49332 d10ceae8af4f58fd95e57c42f7d60931
Size/MD5: 51534 fecc84774d215b87242f13440b85be3f
Size/MD5: 2304 0c9582a4e88217cc7799421bfe138716
Size/MD5: 2486 76090992fd39c1e6a7668bd44bae7fc0
Size/MD5: 40306 7beee344a4fffc1fe8f59fb028a86d89
Size/MD5: 43850 ca186c3248c9b1a009f66e3f9ebe602c
Size/MD5: 112600 6c4cd0f07bd3ba3b0266f109558ea555
Size/MD5: 120730 e995bc7b4ab52fb74cf385ac4809f1b0
Size/MD5: 40906 17f11ed53ca99c581d8f8cacb22c63e6
Size/MD5: 46000 e84262e17f16867c91f37eb3ef901de5
Size/MD5: 29030 7344b1aae7f4f69f44fb9e10865945d6
Size/MD5: 29892 cb27397b5fb6de42f58a667b9f5ec31a
Size/MD5: 211408 002c9e5a7ffbe7d16e35ee41190f8fad
Size/MD5: 225180 0e22be72eea965beaa27614f68651767
Size/MD5: 45056 df6fcc88fbdd475f2c7d037355dd175c
Size/MD5: 40224 ff73c988eb54990f135e87c87729e980
Size/MD5: 1940 c54c3868598e0920a39f13cb416216e8
Size/MD5: 2200 c372c4b0df92c2691848a34d4e62cf1c
Size/MD5: 80770 39c8b4fcb7af353eedd4d4ccc8c96457
Size/MD5: 86140 0f69a9f4b0829b4183f367d56188fcae
Size/MD5: 111590 b63bdfe6e771b3911b823bcd342ac669
Size/MD5: 125742 830d4f854f260d93d6aba5283811659b
Size/MD5: 53422 91c044f8e7923ae9e3b3999af75d5c64
Size/MD5: 58494 f247082e561f593a9600a1489731c7a6
Size/MD5: 147964 995bd6c22ae7946a470d007c6c228ff0
Size/MD5: 161906 b3bbd0e632b5518aedf8aa9648c7a4d2
Size/MD5: 318404 346bf7750555b57448b7c32c453fc781
Size/MD5: 288018 6cb55a641551d1df9c0f47c5080bd5de
Size/MD5: 115880 51667be979ee9fe13882e563aa75487b
Size/MD5: 116596 187f0ab636ca771c823b4919efdc591b
Size/MD5: 1925338 02bcbb8c58a940bd1263f1b2c3b94ef1
Size/MD5: 2449412 8008bca89d226b7fcade69d985323329
Size/MD5: 870164 0aedecc5af6f575d1555ae985199a884
Size/MD5: 869814 d1b57aa4675f554c0008b6a56fd4f6a3
Size/MD5: 869434 e4a26dee82fc535288cacfeee51c763c
Size/MD5: 6948850 c2a48c6b87b38a36081ecffc6b36ce86
Size/MD5: 22785422 7dfe65bf8ea2deabbe035ce2f37c9b80
Size/MD5: 23694542 9dc1ac738e45c6d3a5104e53780ac907
Size/MD5: 22367316 17e753249280de10c43403fc169fdb0a
Size/MD5: 17782 2a6a0c86bea8a1d2cf0d99a0e138ee6d
Size/MD5: 17384 7ca66efd2effee23cdada3d3710894c7
Size/MD5: 261366 57e1a71533aa83f6ca423b67d6da1e2d
Size/MD5: 282636 657ca4dd129b0f5fe2f645addbf8e50a
Size/MD5: 227830 5766cdb0913d5674f88b323c1961d711
Size/MD5: 248950 dd5a1de15372049c25b9a712730f7efa
Size/MD5: 1048472 ae65592c768b6d5f39142acd550ec36b
Size/MD5: 1048602 e5b3eb1669f8189659d578bf7332025f
Size/MD5: 1738650 a682ffd6cc24c61e9c6d4b7f88e3401a
Size/MD5: 1878284 82abb3250c62bd47667a7f0ebbca9105
Size/MD5: 250836 e52eb8e89d09002b52c6bb2d16d36ec2
Size/MD5: 233536 c539522d8c5571f353b12955ea8ca6ed
Size/MD5: 13060 9e6fabe1aeae2de5948e60adf56762dc
Size/MD5: 13534 5c7507e976fa8e3cf3fa8af0a3ec7ff2
Size/MD5: 84796 413083790ebc438b3b6197c27f92f7f3
Size/MD5: 52214 0453f46ed385c5c87fd49567f95a9715
Size/MD5: 73932 b1dde3f14bb912226eaa202ee4c327b6
Size/MD5: 85850 067b9ad04f4e1bf1b68eb84d20d3a1c6
Size/MD5: 6624 7f9372f9909e1d9dd7bb45fd4040a57a
Size/MD5: 7060 aeb6326090ebf0e7b0c79ad145353ddf
Size/MD5: 60386 8f8c773deb97819f72f8f7df2826623e
Size/MD5: 70422 012d4dc74e210fbcc69c1d1d7ce72d34
Size/MD5: 128554 30a6834a8327077f999fdc00e944d112
Size/MD5: 157958 211ed51f43605873a3d002ef8c3e7d13
Size/MD5: 108150 7d3b5b2fd17688ab136ae4ce10e28bf3
Size/MD5: 126132 55af324f4dd8256232f56badcbde4ba7
Size/MD5: 87296 9bcd02a139dfa53c6324662b10840de8
Size/MD5: 93360 7d44b0dff29fb0bfda6350c5228d8a58
Size/MD5: 2014792 23a63ba6cdb53e9466ae67041c212583
Size/MD5: 1988734 b467c58395e222a7d4b0c96c43ead1c5
Size/MD5: 104134 f8510132c0fa083fc47527cfbc50fe70
Size/MD5: 115788 cde4b6980c88c03a0ff8a2cb36226442
Size/MD5: 12772 bbf18a99a31e4ccceaee6cc21a036b1a
Size/MD5: 14470 1871445cf8c2f91ef0cf1830184848b5
Size/MD5: 39952 25cd81ed4abecb60642194a746becd85
Size/MD5: 41540 c9f7ed9182e1d614edb7ef699c9944d7
Size/MD5: 149352 7598071d31ff0a910612a7a46f536671
Size/MD5: 168126 f1b0aac5a21626ec8f11f8b66238a4bf
Size/MD5: 42316 8ae4539096bfde33c7bb79f263a78f7b
Size/MD5: 44920 d0a96f89c15fc3ac1e8f6a1a4c6c58b5
Size/MD5: 320158 b5c9def408e2e08e8e478b41a8e468db
Size/MD5: 324842 68b9793f818b7d0e336332aed2db02b5
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 50482 ab8855cadff234cbb32db3873e1946e6
Size/MD5: 2358 64e193cbafb731b3e9421dc83594d0c6
Size/MD5: 40374 d1907ae5d377bc620fcff298fce07b3e
Size/MD5: 110552 0e67de51055f4b17344ed9d392f35afa
Size/MD5: 41214 c57d0fc20f8d3dc04a58c7464d18ce9d
Size/MD5: 104222 63418458f1c292175da87e70a96f1044
Size/MD5: 7436 38caf05f0782b84c3f226dc5509f9995
Size/MD5: 149306 d84f71eca428c3a31c48f6477c718c51
Size/MD5: 1713220 22eb631fbb5532890c000053086126c8
Size/MD5: 773438 5fe333a81cf98c0def22940626afa2f4
Size/MD5: 773124 3f91c672b8dbfddf1671e90bcae10a09
Size/MD5: 6965202 aa5f3d426728ad5ba338681c87c31661
Size/MD5: 15017568 b47a289f4e4038fc87a5f8d6948249a3
Size/MD5: 14834790 7894b250ec7573098d563aa7f2742406
Size/MD5: 7440 ce083709baf169837d99938ce9c633b8
Size/MD5: 248760 9cc6d8a2dafdb18a2601be04f58337fd
Size/MD5: 212544 8f2a77d630d599df2837b4dac7d4f519
Size/MD5: 1048478 dc2066054189a1a6bc32d6b7c06e77ad
Size/MD5: 1482456 608c8678c07866ac04856c3b9c9b05b4
Size/MD5: 10122 d485c13f32c35698c8511d39957581d8
Size/MD5: 40178 e4e58ffd0644e5463854b3020ca10484
Size/MD5: 9368 72a5a1c2de7a313d23ed60c880c14111
Size/MD5: 61410 546fe26352bfd365a7fedc33dc877c53
Size/MD5: 163282 95e055a3a3822e98a5941484c5d5ed2b
Size/MD5: 64092 35d2ddb116b38ccf1c247bca8d423397
Size/MD5: 1235398 10fcc02a3e75b0f19a86c168af6ef235
Size/MD5: 59304 4bd64086715743cd3518d1736d8b2eb2
Size/MD5: 37434 ee36e5f889521eea525bf643750d52cc
Size/MD5: 280106 afa95c900a8f9e2c8275d2cd3af02c8d
PREVIOUS
NEXT
Ubuntu 6.06 LTS USN-1071-1 Critical: Kernel Denial Of Service Exploit
ubuntu
February 25, 2011
Tavis Ormandy discovered that the Linux kernel did not properly implement exception fixup
Summary
Topics Covered
Update Instructions
References
Severity
critical
Lowest
Low
Medium
High
Critical
linux-source-2.6.15 vulnerabilities
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!