Home
Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

Age in Days
CVSS Score
Patch within next
Risk Level

2947


10.0

30 Days

Critical

 

This vulnerability is 8 years 0 months and 25 days old there are exploits publicly available for it. The vulnerability itself is over a year old, and with there being exploits publicly available it is highly advisable that this vulnerability is patched immediately.

 

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

 

Vulnerability Description

The host is running an out-of-date version of Ubuntu and is affected by Multiple Vulnerabilities.

  • Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. (CVE-2010-3904)
  • Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a denial of service (CVE-2009-4895)
  • Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. A local attacker could overwrite append-only files, leading to potential data loss. (CVE-2010-2066)
  • Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly check file permissions. A local attacker could exploit this to read from write-only files, leading to a loss of privacy. (CVE-2010-2226)
  • Suresh Jayaraman discovered that CIFS did not correctly validate certain response packats. A remote attacker could send specially crafted traffic that would crash the system, leading to a denial of service. (CVE-2010-2248)
  • Ben Hutchings discovered that the ethtool interface did not correctly check certain sizes. A local attacker could perform malicious ioctl calls that could crash the system, leading to a denial of service. (CVE-2010-2478, CVE-2010-3084)
  • James Chapman discovered that L2TP did not correctly evaluate checksum capabilities. If an attacker could make malicious routing changes, they could crash the system, leading to a denial of service. (CVE-2010-2495)
  • Neil Brown discovered that NFSv4 did not correctly check certain write requests. A remote attacker could send specially crafted traffic that could crash the system or possibly gain root privileges. (CVE-2010-2521)
  • David Howells discovered that DNS resolution in CIFS could be spoofed.
  • A local attacker could exploit this to control DNS replies, leading to a loss of privacy and possible privilege escalation. (CVE-2010-2524)
  • Dan Rosenberg discovered a flaw in gfs2 file system's handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system. (CVE-2010-2525)
  • Bob Peterson discovered that GFS2 rename operations did not correctly validate certain sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-2798)
  • Eric Dumazet discovered that many network functions could leak kernel stack contents. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy. (CVE-2010-2942, CVE-2010-3477)
  • Sergey Vlasov discovered that JFS did not correctly handle certain extended attributes. A local attacker could bypass namespace access rules, leading to a loss of privacy. (CVE-2010-2946)
  • Tavis Ormandy discovered that the IRDA subsystem did not correctly shut down. A local attacker could exploit this to cause the system to crash or possibly gain root privileges. (CVE-2010-2954)
  • Brad Spengler discovered that the wireless extensions did not correctly validate certain request sizes. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)
  • Tavis Ormandy discovered that the session keyring did not correctly check for its parent. On systems without a default session keyring, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-2960)
  • Kees Cook discovered that the V4L1 32bit compat interface did not correctly validate certain parameters. A local attacker on a 64bit system with access to a video device could exploit this to gain root privileges. (CVE-2010-2963)
  • Toshiyuki Okajima discovered that ext4 did not correctly check certain parameters. A local attacker could exploit this to crash the system or overwrite the last block of large files. (CVE-2010-3015)
  • Tavis Ormandy discovered that the AIO subsystem did not correctly validate certain parameters. A local attacker could exploit this to crash the system or possibly gain root privileges. (CVE-2010-3067)
  • Dan Rosenberg discovered that certain XFS ioctls leaked kernel stack contents. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy. (CVE-2010-3078)
  • Tavis Ormandy discovered that the OSS sequencer device did not correctly shut down. A local attacker could exploit this to crash the system or possibly gain root privileges. (CVE-2010-3080)
  • Dan Rosenberg discovered that the ROSE driver did not correctly check parameters. A local attacker with access to a ROSE network device could exploit this to crash the system or possibly gain root privileges. (CVE-2010-3310)
  • Thomas Dreibholz discovered that SCTP did not correctly handle appending packet chunks. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2010-3432)
  • Dan Rosenberg discovered that the CD driver did not correctly check parameters. A local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. (CVE-2010-3437)
  • Dan Rosenberg discovered that the Sound subsystem did not correctly validate parameters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-3442)
  • Dan Rosenberg discovered that SCTP did not correctly handle HMAC calculations. A remote attacker could send specially crafted traffic that would crash the system, leading to a denial of service. (CVE-2010-3705)

 

Solution

Update the affected packages.

Run the following commands:

apt-get update && apt-get upgrade -y
apt-get autoremove
apt-get dist-upgrade

 

Further Information

There is no further information available at this time.

 

CVE References

CVE-2010-3904 NIST | MITRE | CVEDetails
CVE-2009-4895 NIST | MITRE | CVEDetails
CVE-2010-2066 NIST | MITRE | CVEDetails
CVE-2010-2226 NIST | MITRE | CVEDetails
CVE-2010-2248 NIST | MITRE | CVEDetails
CVE-2010-2478 NIST | MITRE | CVEDetails
CVE-2010-3084 NIST | MITRE | CVEDetails
CVE-2010-2495 NIST | MITRE | CVEDetails
CVE-2010-2521 NIST | MITRE | CVEDetails
CVE-2010-2524 NIST | MITRE | CVEDetails
CVE-2010-2525 NIST | MITRE | CVEDetails
CVE-2010-2798 NIST | MITRE | CVEDetails
CVE-2010-2942 NIST | MITRE | CVEDetails
CVE-2010-3477 NIST | MITRE | CVEDetails
CVE-2010-2946 NIST | MITRE | CVEDetails
CVE-2010-2954 NIST | MITRE | CVEDetails
CVE-2010-2955 NIST | MITRE | CVEDetails
CVE-2010-2 NIST | MITRE | CVEDetails

 

Get in touch

Should you have any questions regarding this or any security matter, please do not hesitate to get in touch by emailing the Hedgehog Cyber Operations Team.

Whilst every effort is made to ensure the accuracy and robustness of any information presented, it is not possible for Hedgehog Cyber to test every possible scenario an organisation may face, and Hedgehog Cyber cannot be held liable for any loss or damage which may arise from taking action on any of the contents provided. Hedgehog Cyber strongly advises that all recommendations, solutions and detection methods detailed, are thoroughly reviewed and tested in non-production environments before being considered suitable for production release, in-line with any existing internal change control procedures.