Executive Summary

Summary
Title Linux kernel vulnerability
Informations
Name USN-1660-1 First vendor Publication 2012-12-11
Vendor Ubuntu Last vendor Modification 2012-12-11
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 8.04 LTS

Summary:

The system's firewall could be bypassed by a remote attacker.

Software Description: - linux: Linux kernel

Details:

Zhang Zuotao discovered a bug in the Linux kernel's handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.04 LTS:
linux-image-2.6.24-32-386 2.6.24-32.107
linux-image-2.6.24-32-generic 2.6.24-32.107
linux-image-2.6.24-32-hppa32 2.6.24-32.107
linux-image-2.6.24-32-hppa64 2.6.24-32.107
linux-image-2.6.24-32-itanium 2.6.24-32.107
linux-image-2.6.24-32-lpia 2.6.24-32.107
linux-image-2.6.24-32-lpiacompat 2.6.24-32.107
linux-image-2.6.24-32-mckinley 2.6.24-32.107
linux-image-2.6.24-32-openvz 2.6.24-32.107
linux-image-2.6.24-32-powerpc 2.6.24-32.107
linux-image-2.6.24-32-powerpc-smp 2.6.24-32.107
linux-image-2.6.24-32-powerpc64-smp 2.6.24-32.107
linux-image-2.6.24-32-rt 2.6.24-32.107
linux-image-2.6.24-32-server 2.6.24-32.107
linux-image-2.6.24-32-sparc64 2.6.24-32.107
linux-image-2.6.24-32-sparc64-smp 2.6.24-32.107
linux-image-2.6.24-32-virtual 2.6.24-32.107
linux-image-2.6.24-32-xen 2.6.24-32.107

After a standard system update you need to reboot your computer to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1660-1
CVE-2012-4444

Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.24-32.107

Original Source

Url : http://www.ubuntu.com/usn/USN-1660-1

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17835
 
Oval ID: oval:org.mitre.oval:def:17835
Title: USN-1660-1 -- linux vulnerability
Description: The system's firewall could be bypassed by a remote attacker.
Family: unix Class: patch
Reference(s): USN-1660-1
CVE-2012-4444
 Version: 7
Platform(s): Ubuntu 8.04
 Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18121
 
Oval ID: oval:org.mitre.oval:def:18121
Title: USN-1661-1 -- linux vulnerability
Description: The system's firewall could be bypassed by a remote attacker.
Family: unix Class: patch
Reference(s): USN-1661-1
CVE-2012-4444
 Version: 7
Platform(s): Ubuntu 10.04
 Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18174
 
Oval ID: oval:org.mitre.oval:def:18174
Title: USN-1664-1 -- linux-ec2 vulnerability
Description: The system's firewall could be bypassed by a remote attacker.
Family: unix Class: patch
Reference(s): USN-1664-1
CVE-2012-4444
 Version: 7
Platform(s): Ubuntu 10.04
 Product(s): linux-ec2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1346

OpenVAS Exploits

Date Description
2012-12-26 Name : CentOS Update for kernel CESA-2012:1580 centos6
File : nvt/gb_CESA-2012_1580_kernel_centos6.nasl
2012-12-26 Name : RedHat Update for kernel RHSA-2012:1580-01
File : nvt/gb_RHSA-2012_1580-01_kernel.nasl
2012-12-14 Name : Ubuntu Update for linux-ec2 USN-1664-1
File : nvt/gb_ubuntu_USN_1664_1.nasl
2012-12-11 Name : Ubuntu Update for linux USN-1660-1
File : nvt/gb_ubuntu_USN_1660_1.nasl
2012-12-11 Name : Ubuntu Update for linux USN-1661-1
File : nvt/gb_ubuntu_USN_1661_1.nasl

Nessus® Vulnerability Scanner

Date Description
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0287-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2013-1832-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2013-0856-1.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-148.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1580.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-2048.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0168-1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0168.nasl - Type : ACT_GATHER_INFO
2013-06-04 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-8583.nasl - Type : ACT_GATHER_INFO
2013-06-04 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-8587.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0168.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130122_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-01-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0168.nasl - Type : ACT_GATHER_INFO
2012-12-20 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121218_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-12-20 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1580.nasl - Type : ACT_GATHER_INFO
2012-12-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1580.nasl - Type : ACT_GATHER_INFO
2012-12-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1664-1.nasl - Type : ACT_GATHER_INFO
2012-12-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1661-1.nasl - Type : ACT_GATHER_INFO
2012-12-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1660-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2014-02-17 12:01:11
  • Multiple Updates
2012-12-21 21:22:08
  • Multiple Updates
2012-12-21 13:21:16
  • Multiple Updates
2012-12-11 09:18:40
  • First insertion