Executive Summary
Summary | |
---|---|
Title | linux security update |
Informations | |||
---|---|---|---|
Name | DSA-4266 | First vendor Publication | 2018-08-06 |
Vendor | Debian | Last vendor Modification | 2018-08-06 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-5390 Juha-Matti Tilli discovered that a remote attacker can trigger the worst case code paths for TCP stream reassembly with low rates of specially crafted packets leading to remote denial of service. CVE-2018-13405 Jann Horn discovered that the inode_init_owner function in fs/inode.c in the Linux kernel allows local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID. For the stable distribution (stretch), these problems have been fixed in version 4.9.110-3+deb9u1. This update includes fixes for several regressions in the latest point release. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux |
Original Source
Url : http://www.debian.org/security/2018/dsa-4266 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
50 % | CWE-269 | Improper Privilege Management |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2019-01-10 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10917_184R1.nasl - Type : ACT_GATHER_INFO |
2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-50075276e8.nasl - Type : ACT_GATHER_INFO |
2018-12-14 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL95343321.nasl - Type : ACT_GATHER_INFO |
2018-12-11 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1406.nasl - Type : ACT_GATHER_INFO |
2018-12-05 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2018-2_0-0101.nasl - Type : ACT_GATHER_INFO |
2018-11-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-3083.nasl - Type : ACT_GATHER_INFO |
2018-10-26 | Name : The remote EulerOS Virtualization host is missing multiple security updates. File : EulerOS_SA-2018-1345.nasl - Type : ACT_GATHER_INFO |
2018-10-25 | Name : The remote EulerOS Virtualization host is missing a security update. File : EulerOS_SA-2018-1322.nasl - Type : ACT_GATHER_INFO |
2018-09-04 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1278.nasl - Type : ACT_GATHER_INFO |
2018-09-04 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1279.nasl - Type : ACT_GATHER_INFO |
2018-08-31 | Name : The remote Virtuozzo host is missing multiple security updates. File : Virtuozzo_VZA-2018-063.nasl - Type : ACT_GATHER_INFO |
2018-08-20 | Name : The remote Virtuozzo host is missing multiple security updates. File : Virtuozzo_VZA-2018-055.nasl - Type : ACT_GATHER_INFO |
2018-08-16 | Name : The remote Debian host is missing a security update. File : debian_DLA-1466.nasl - Type : ACT_GATHER_INFO |
2018-08-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-2390.nasl - Type : ACT_GATHER_INFO |
2018-08-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-2384.nasl - Type : ACT_GATHER_INFO |
2018-08-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4266.nasl - Type : ACT_GATHER_INFO |
2018-08-07 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1049.nasl - Type : ACT_GATHER_INFO |
2018-08-07 | Name : The remote Amazon Linux 2 host is missing a security update. File : al2_ALAS-2018-1050.nasl - Type : ACT_GATHER_INFO |
2018-08-03 | Name : The remote Virtuozzo host is missing a security update. File : Virtuozzo_VZA-2018-049.nasl - Type : ACT_GATHER_INFO |
2018-07-24 | Name : The remote Fedora host is missing a security update. File : fedora_2018-8484550fff.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-10-11 17:21:50 |
|
2018-08-28 21:22:16 |
|
2018-08-08 09:21:45 |
|
2018-08-06 21:18:40 |
|