Ubuntu peppered with holes
*Almost 40 vulnerabilities, which allow remote and local exploits, have been discovered in the Linux Ubuntu 10.04 Long Term Support http://releases.ubuntu.com/lucid (LTS) kernel.*
Ubuntu Lucid Lynx
The holes also apply to corresponding versions of Kubuntu from http://www.kubuntu.org, Edubuntu http://edubuntu.org and Xubuntu http://www.xubuntu.org.
The vulnerabilities include <http://www.ubuntu.com/usn/usn-1083-1> an issue with the way the Common Internet File System validates Internet Control Message Protocol (ICMP) response packets, which allows an attacker to send denial-of-service crafted packets, and a hole in the Network File System v4 (NFSv4), which bungles certain write requests allowing malicious users to craft traffic to gain root privileges.
"If you block ICMP you will get UDP (User Datagram Protocol) trouble because it does not have reliability built into it. You will get ICMP messages back," Securus Global researcher Declan Ingram said. "Being able to cause a kernel panic with an ICMP unreachable message is bad."
Nine vulnerabilities allow attackers to gain root privilege and 14 lead to denial of service.
The multiple vulnerabilities that require local access are still a serious risk for users on shared service, according to Ingram.
"If you are on a shared host, using the local [kernel vulnerabilities], you can pop to root and own everyone around you. Just because it's local does not mean you won't get owned."
Go there Read More...