Executive Summary
Summary | |
---|---|
Title | Linux kernel vulnerability |
Informations | |||
---|---|---|---|
Name | USN-1844-1 | First vendor Publication | 2013-05-30 |
Vendor | Ubuntu | Last vendor Modification | 2013-05-30 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.9 | Attack Range | Adjacent network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 5.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: The system could be made to crash or run programs as an administrator if it received specially crafted network traffic. Software Description: - linux: Linux kernel Details: Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1844-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16711 | |||
Oval ID: | oval:org.mitre.oval:def:16711 | ||
Title: | USN-1847-1 -- Linux kernel vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator if it received specially crafted network traffic. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1847-1 CVE-2013-2850 | Version: | 7 |
Platform(s): | Ubuntu 13.04 | Product(s): | linux |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17006 | |||
Oval ID: | oval:org.mitre.oval:def:17006 | ||
Title: | USN-1845-1 -- Linux kernel (Quantal HWE) vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator if it received specially crafted network traffic. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1845-1 CVE-2013-2850 | Version: | 7 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-quantal |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17324 | |||
Oval ID: | oval:org.mitre.oval:def:17324 | ||
Title: | USN-1844-1 -- Linux kernel vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator if it received specially crafted network traffic. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1844-1 CVE-2013-2850 | Version: | 7 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17390 | |||
Oval ID: | oval:org.mitre.oval:def:17390 | ||
Title: | USN-1846-1 -- Linux kernel vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator if it received specially crafted network traffic. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1846-1 CVE-2013-2850 | Version: | 7 |
Platform(s): | Ubuntu 12.10 | Product(s): | linux |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2014-11-16 | Linux iscsi_add_notunderstood_response request buffer overflow attempt RuleID : 31590 - Revision : 2 - Type : PROTOCOL-SERVICES |
2014-11-16 | Linux iscsi_add_notunderstood_response request buffer overflow attempt RuleID : 31589 - Revision : 2 - Type : PROTOCOL-SERVICES |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-04-03 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1264.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-483.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-512.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-513.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-813.nasl - Type : ACT_GATHER_INFO |
2014-02-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3002.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Fedora host is missing a security update. File : fedora_2013-10050.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Fedora host is missing a security update. File : fedora_2013-10695.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Fedora host is missing a security update. File : fedora_2013-9123.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-194.nasl - Type : ACT_GATHER_INFO |
2013-06-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-130525.nasl - Type : ACT_GATHER_INFO |
2013-05-31 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1844-1.nasl - Type : ACT_GATHER_INFO |
2013-05-31 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1845-1.nasl - Type : ACT_GATHER_INFO |
2013-05-31 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1846-1.nasl - Type : ACT_GATHER_INFO |
2013-05-31 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1847-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:02:01 |
|
2013-06-07 21:29:06 |
|
2013-05-31 05:18:45 |
|