Executive Summary
Summary | |
---|---|
Title | linux security update |
Informations | |||
---|---|---|---|
Name | DSA-3290 | First vendor Publication | 2015-06-18 |
Vendor | Debian | Last vendor Modification | 2015-06-18 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leaks or data corruption. CVE-2015-1805 Red Hat discovered that the pipe iovec read and write implementations may iterate over the iovec twice but will modify the iovec such that the second iteration accesses the wrong memory. A local user could use this flaw to crash the system or possibly for privilege escalation. This may also result in data corruption and information leaks in pipes between non-malicious processes. CVE-2015-3636 Wen Xu and wushi of KeenTeam discovered that users allowed to create ping sockets can use them to crash the system and, on 32-bit architectures, for privilege escalation. However, by default, no users on a Debian system have access to ping sockets. CVE-2015-4167 Carl Henrik Lunde discovered that the UDF implementation is missing a necessary length checks. A local user that can mount devices could use this flaw to crash the system. For the oldstable distribution (wheezy), these problems have been fixed in version 3.2.68-1+deb7u2. For the stable distribution (jessie), these problems were fixed in version 3.16.7-ckt11-1 or earlier, except for CVE-2015-4167 which will be fixed later. We recommend that you upgrade your linux packages. |
Original Source
Url : http://www.debian.org/security/2015/dsa-3290 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
50 % | CWE-17 | Code |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-12-11 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-3658.nasl - Type : ACT_GATHER_INFO |
2017-07-31 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2017-3597.nasl - Type : ACT_GATHER_INFO |
2017-05-01 | Name : The remote EulerOS host is missing a security update. File : EulerOS_SA-2016-1007.nasl - Type : ACT_GATHER_INFO |
2017-04-03 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO |
2016-09-02 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL08440897.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2968-2.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2968-1.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2967-1.nasl - Type : ACT_GATHER_INFO |
2016-05-09 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0046.nasl - Type : ACT_GATHER_INFO |
2016-04-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0617.nasl - Type : ACT_GATHER_INFO |
2016-03-25 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-3528.nasl - Type : ACT_GATHER_INFO |
2016-03-24 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160323_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2016-03-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0494.nasl - Type : ACT_GATHER_INFO |
2016-03-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0494.nasl - Type : ACT_GATHER_INFO |
2016-03-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0494.nasl - Type : ACT_GATHER_INFO |
2016-03-18 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0037.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3503.nasl - Type : ACT_GATHER_INFO |
2016-03-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-439.nasl - Type : ACT_GATHER_INFO |
2016-02-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0103.nasl - Type : ACT_GATHER_INFO |
2016-02-03 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-124.nasl - Type : ACT_GATHER_INFO |
2015-11-16 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0147.nasl - Type : ACT_GATHER_INFO |
2015-11-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-3098.nasl - Type : ACT_GATHER_INFO |
2015-10-20 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17458.nasl - Type : ACT_GATHER_INFO |
2015-10-06 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1678-1.nasl - Type : ACT_GATHER_INFO |
2015-09-24 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1611-1.nasl - Type : ACT_GATHER_INFO |
2015-09-09 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17246.nasl - Type : ACT_GATHER_INFO |
2015-09-03 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1478-1.nasl - Type : ACT_GATHER_INFO |
2015-08-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1565.nasl - Type : ACT_GATHER_INFO |
2015-08-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1643.nasl - Type : ACT_GATHER_INFO |
2015-08-17 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-543.nasl - Type : ACT_GATHER_INFO |
2015-08-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1583.nasl - Type : ACT_GATHER_INFO |
2015-08-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1534.nasl - Type : ACT_GATHER_INFO |
2015-08-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1564.nasl - Type : ACT_GATHER_INFO |
2015-08-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1534.nasl - Type : ACT_GATHER_INFO |
2015-08-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1534.nasl - Type : ACT_GATHER_INFO |
2015-08-03 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1324-1.nasl - Type : ACT_GATHER_INFO |
2015-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2681-1.nasl - Type : ACT_GATHER_INFO |
2015-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2680-1.nasl - Type : ACT_GATHER_INFO |
2015-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2678-1.nasl - Type : ACT_GATHER_INFO |
2015-07-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3313.nasl - Type : ACT_GATHER_INFO |
2015-07-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-565.nasl - Type : ACT_GATHER_INFO |
2015-07-21 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0094.nasl - Type : ACT_GATHER_INFO |
2015-07-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150714_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-07-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1221.nasl - Type : ACT_GATHER_INFO |
2015-07-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1221.nasl - Type : ACT_GATHER_INFO |
2015-07-15 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1221.nasl - Type : ACT_GATHER_INFO |
2015-07-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1211.nasl - Type : ACT_GATHER_INFO |
2015-07-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2662-1.nasl - Type : ACT_GATHER_INFO |
2015-07-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2663-1.nasl - Type : ACT_GATHER_INFO |
2015-07-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2664-1.nasl - Type : ACT_GATHER_INFO |
2015-07-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2666-1.nasl - Type : ACT_GATHER_INFO |
2015-07-06 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1174-1.nasl - Type : ACT_GATHER_INFO |
2015-07-06 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150623_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2015-07-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1199.nasl - Type : ACT_GATHER_INFO |
2015-06-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1190.nasl - Type : ACT_GATHER_INFO |
2015-06-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1139.nasl - Type : ACT_GATHER_INFO |
2015-06-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1138.nasl - Type : ACT_GATHER_INFO |
2015-06-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1137.nasl - Type : ACT_GATHER_INFO |
2015-06-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1137.nasl - Type : ACT_GATHER_INFO |
2015-06-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1137.nasl - Type : ACT_GATHER_INFO |
2015-06-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3290.nasl - Type : ACT_GATHER_INFO |
2015-06-18 | Name : The remote Debian host is missing a security update. File : debian_DLA-246.nasl - Type : ACT_GATHER_INFO |
2015-06-17 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1071-1.nasl - Type : ACT_GATHER_INFO |
2015-06-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1120.nasl - Type : ACT_GATHER_INFO |
2015-06-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2631-1.nasl - Type : ACT_GATHER_INFO |
2015-06-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1081.nasl - Type : ACT_GATHER_INFO |
2015-06-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2633-1.nasl - Type : ACT_GATHER_INFO |
2015-06-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2634-1.nasl - Type : ACT_GATHER_INFO |
2015-06-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2635-1.nasl - Type : ACT_GATHER_INFO |
2015-06-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2636-1.nasl - Type : ACT_GATHER_INFO |
2015-06-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2637-1.nasl - Type : ACT_GATHER_INFO |
2015-06-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2638-1.nasl - Type : ACT_GATHER_INFO |
2015-06-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150609_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-06-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1082.nasl - Type : ACT_GATHER_INFO |
2015-06-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1081.nasl - Type : ACT_GATHER_INFO |
2015-06-10 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1081.nasl - Type : ACT_GATHER_INFO |
2015-06-04 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1042.nasl - Type : ACT_GATHER_INFO |
2015-06-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1042.nasl - Type : ACT_GATHER_INFO |
2015-06-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150602_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2015-06-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1042.nasl - Type : ACT_GATHER_INFO |
2015-05-18 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-523.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-08-10 17:32:44 |
|
2015-08-08 17:29:57 |
|
2015-08-06 21:31:17 |
|
2015-08-06 09:30:23 |
|
2015-08-06 00:28:29 |
|
2015-06-20 13:30:20 |
|
2015-06-18 09:25:50 |
|