Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1090-1
Solution
Please Install the Updated Packages.
Insight
Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. (Ubuntu 10.10 was already fixed in a prior update.) (CVE-2010-4158)
Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2010-4163)
Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4175)
Affected
linux vulnerabilities on Ubuntu 10.04 LTS ,
Ubuntu 10.10
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4163, CVE-2010-4175 -
CVSS Base Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities