Home
Submitted by KeesCook on Fri, 2005-01-14 12:01
Referenced CVEs: 
CAN-2005-0001
Description: 
=========================================================== Ubuntu Security Notice USN-60-0 January 14, 2005 linux-source-2.6.8.1 vulnerabilities CAN-2005-0001 http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: linux-image-2.6.8.1-4-386 linux-image-2.6.8.1-4-686 linux-image-2.6.8.1-4-686-smp linux-image-2.6.8.1-4-amd64-generic linux-image-2.6.8.1-4-amd64-k8 linux-image-2.6.8.1-4-amd64-k8-smp linux-image-2.6.8.1-4-amd64-xeon linux-image-2.6.8.1-4-k7 linux-image-2.6.8.1-4-k7-smp linux-image-2.6.8.1-4-power3 linux-image-2.6.8.1-4-power3-smp linux-image-2.6.8.1-4-power4 linux-image-2.6.8.1-4-power4-smp linux-image-2.6.8.1-4-powerpc linux-image-2.6.8.1-4-powerpc-smp linux-patch-debian-2.6.8.1 The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.10. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: CAN-2005-0001: Paul Starzetz discovered a race condition in the Linux page fault handler code. This allowed an unprivileged user to gain root privileges on multiprocessor machines under some circumstances. This also affects the Hyper-Threading mode on Pentium 4 processors. http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html: Brad Spengler discovered that some device drivers used copy_from_user() (a function to copy data from userspace tools into kernel memory) with insufficient input validation. This potentially allowed users and/or malicious hardware to overwrite kernel memory which could result in a crash (Denial of Service) or even root privilege escalation. Additionally, this update corrects the SMB file system driver. USN-30-1 fixed some vulnerabilities in this driver (see CAN-2004-0883, CAN-2004-0949). However, it was found that these new validation checks were too strict, which cause some valid operations to fail.