What is the severity of USN-1092-1?

The severity of USN-1092-1 is considered moderate due to the potential for privacy loss through unauthorized access to kernel stack memory.

How do I fix USN-1092-1?

To fix USN-1092-1, update your system to use the linux-image version 2.6.15-57.94 or later.

Who is affected by USN-1092-1?

Ubuntu 6.06 users running affected linux-image packages on various architectures are at risk from USN-1092-1.

What vulnerabilities are connected to USN-1092-1?

USN-1092-1 includes multiple vulnerabilities leading to information leaks, specifically CVE-2010-4075, CVE-2010-4077, and CVE-2010-4158.

What is the impact of exploiting USN-1092-1?

Exploiting USN-1092-1 can lead to unauthorized reading of kernel stack memory, resulting in a breach of user privacy.

Vulnerability/
USN-1092-1

25/3/2011

USN-1092-1: Linux Kernel vulnerabilities

First published: Fri Mar 25 2011(Updated: )

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4075, CVE-2010-4077) Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4158) Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4162) Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2010-4163) Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. If the mmap_min-addr sysctl was changed from the Ubuntu default to a value of 0, a local attacker could exploit this flaw to gain root privileges. (CVE-2010-4242)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-2.6.15-57-itanium	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-hppa64-smp	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-amd64-k8	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-hppa32	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-386	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-powerpc	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-server-bigiron	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-server	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-k7	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-amd64-server	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-powerpc-smp	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-686	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-hppa32-smp	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-amd64-generic	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-itanium-smp	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-hppa64	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-powerpc64-smp	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-sparc64	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-mckinley	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-mckinley-smp	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-amd64-xeon	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06
All of
ubuntu/linux-image-2.6.15-57-sparc64-smp	<2.6.15-57.94	2.6.15-57.94
Ubuntu gir1.2-packagekitglib-1.0	=6.06

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-1092-1?
The severity of USN-1092-1 is considered moderate due to the potential for privacy loss through unauthorized access to kernel stack memory.
How do I fix USN-1092-1?
To fix USN-1092-1, update your system to use the linux-image version 2.6.15-57.94 or later.
Who is affected by USN-1092-1?
Ubuntu 6.06 users running affected linux-image packages on various architectures are at risk from USN-1092-1.
What vulnerabilities are connected to USN-1092-1?
USN-1092-1 includes multiple vulnerabilities leading to information leaks, specifically CVE-2010-4075, CVE-2010-4077, and CVE-2010-4158.
What is the impact of exploiting USN-1092-1?
Exploiting USN-1092-1 can lead to unauthorized reading of kernel stack memory, resulting in a breach of user privacy.

agent/severity
agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
agent/event
agent/description
agent/title
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu gir1.2-packagekitglib-1.0
version/ubuntu gir1.2-packagekitglib-1.0/6.06