USN-1323-1Executive Summary
| Summary | |
|---|---|
| Title | Linux kernel vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-1323-1 | First vendor Publication | 2012-01-11 |
| Vendor | Ubuntu | Last vendor Modification | 2012-01-11 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 5.4 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 8.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. (CVE-2011-1162) Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. (CVE-2011-2203) A flaw was found in the b43 driver in the Linux kernel. An attacker could use this flaw to cause a denial of service if the system has an active wireless interface using the b43 driver. (CVE-2011-3359) A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. (CVE-2011-4110) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 8.04 LTS: linux-image-2.6.24-30-386 2.6.24-30.98 linux-image-2.6.24-30-generic 2.6.24-30.98 linux-image-2.6.24-30-hppa32 2.6.24-30.98 linux-image-2.6.24-30-hppa64 2.6.24-30.98 linux-image-2.6.24-30-itanium 2.6.24-30.98 linux-image-2.6.24-30-lpia 2.6.24-30.98 linux-image-2.6.24-30-lpiacompat 2.6.24-30.98 linux-image-2.6.24-30-mckinley 2.6.24-30.98 linux-image-2.6.24-30-openvz 2.6.24-30.98 linux-image-2.6.24-30-powerpc 2.6.24-30.98 linux-image-2.6.24-30-powerpc-smp 2.6.24-30.98 linux-image-2.6.24-30-powerpc64-smp 2.6.24-30.98 linux-image-2.6.24-30-rt 2.6.24-30.98 linux-image-2.6.24-30-server 2.6.24-30.98 linux-image-2.6.24-30-sparc64 2.6.24-30.98 linux-image-2.6.24-30-sparc64-smp 2.6.24-30.98 linux-image-2.6.24-30-virtual 2.6.24-30.98 linux-image-2.6.24-30-xen 2.6.24-30.98 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1323-1 CVE-2011-1162, CVE-2011-2203, CVE-2011-3359, CVE-2011-4110 Package Information: https://launchpad.net/ubuntu/+source/linux/2.6.24-30.98 |
Original Source
| Url : http://www.ubuntu.com/usn/USN-1323-1 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-264 | Permissions, Privileges, and Access Controls |
| CWE-200 | Information Exposure |
| CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 77658 | Linux Kernel hfs_find_init() Function NULL Pointer Dereference Local DoS |
| 77450 | Linux Kernel security/keys/user_defined.c user_update() Function NULL Pointer... |
| 77293 | Linux Kernel b43 Driver Wireless Interface Frame Parsing Remote DoS |
| 77292 | Linux Kernel tpm_read() Local TPM Command Result Disclosure |
(Medium)
(Low)
