Executive Summary
Summary | |
---|---|
Title | Linux kernel (Raring HWE) vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-2112-1 | First vendor Publication | 2014-02-18 |
Vendor | Ubuntu | Last vendor Modification | 2014-02-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:S/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 4.4 | Attack Range | Local |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 2.7 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux-lts-raring: Linux hardware enablement kernel from Raring Details: Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Dave Jones and Vince Weaver reported a flaw in the Linux kernel's perf event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. (CVE-2013-2930) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ability to assign a device could exploit this flaw to cause a denial of service (memory consumption). (CVE-2013-4592) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-2112-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:24317 | |||
Oval ID: | oval:org.mitre.oval:def:24317 | ||
Title: | USN-2112-1 -- linux-lts-raring vulnerabilities | ||
Description: | Several security issues were fixed in the kernel. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2112-1 CVE-2013-2929 CVE-2013-2930 CVE-2013-4592 CVE-2013-6378 | Version: | 5 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-raring |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27338 | |||
Oval ID: | oval:org.mitre.oval:def:27338 | ||
Title: | ELSA-2013-2583 -- Unbreakable Enterprise Kernel security update (important) | ||
Description: | [3.8.13-16.2.2.el6uek] - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17841973] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - KVM: Fix iommu map/unmap to handle memory slot moves (Alex Williamson) [Orabug: 17841960] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17837997] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17841940] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17841911] {CVE-2013-0343} - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17841928] {CVE-2013-4387} | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-2583 CVE-2013-0343 CVE-2013-4345 CVE-2013-2888 CVE-2013-2889 CVE-2013-2892 CVE-2013-4387 CVE-2013-4592 | Version: | 5 |
Platform(s): | Oracle Linux 6 | Product(s): | dtrace-modules kernel-uek dtrace-modules-3.8.13-16.2.2.el6uek-provider-headers kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware kernel-uek-headers |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27431 | |||
Oval ID: | oval:org.mitre.oval:def:27431 | ||
Title: | ELSA-2013-2584 -- Unbreakable Enterprise Kernel security update (important) | ||
Description: | [2.6.39-400.211.2] - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (Kees Cook) [Orabug: 17842208] {CVE-2013-1928} - Bluetooth: RFCOMM - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17842129] {CVE-2012-6545} - Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST) (Mathias Krause) [Orabug: 17842105] {CVE-2012-6545} - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Mathias Krause) [Orabug: 17842095] {CVE-2013-3231} - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17842084] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17842081] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17842081] {CVE-2013-2889} - KVM: Fix iommu map/unmap to handle memory slot moves (Jerry Snitselaar) [Orabug: 17842075] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17842072] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17842063] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17842056] {CVE-2013-0343} - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17842050] {CVE-2013-4387} | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-2584 CVE-2012-6545 CVE-2013-3231 CVE-2013-0343 CVE-2013-4345 CVE-2013-1928 CVE-2013-2888 CVE-2013-2889 CVE-2013-2892 CVE-2013-4387 CVE-2013-4592 | Version: | 3 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | kernel-uek kernel-uek-debug kernel-uek-debug-devel kernel-uek-devel kernel-uek-doc kernel-uek-firmware |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-04-03 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0481-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0287-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0189-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-0140-1.nasl - Type : ACT_GATHER_INFO |
2015-03-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0290.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141209_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO |
2014-12-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO |
2014-12-10 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1971.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1645.nasl - Type : ACT_GATHER_INFO |
2014-11-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0815.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1527.nasl - Type : ACT_GATHER_INFO |
2014-08-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3070.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0100.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-140709.nasl - Type : ACT_GATHER_INFO |
2014-06-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3043.nasl - Type : ACT_GATHER_INFO |
2014-06-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3042.nasl - Type : ACT_GATHER_INFO |
2014-06-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0771.nasl - Type : ACT_GATHER_INFO |
2014-06-20 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140619_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-06-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0771.nasl - Type : ACT_GATHER_INFO |
2014-06-20 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0771.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-113.nasl - Type : ACT_GATHER_INFO |
2014-05-20 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3034.nasl - Type : ACT_GATHER_INFO |
2014-04-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2906.nasl - Type : ACT_GATHER_INFO |
2014-03-14 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140312_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-03-14 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0285.nasl - Type : ACT_GATHER_INFO |
2014-03-14 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0285-1.nasl - Type : ACT_GATHER_INFO |
2014-03-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0285.nasl - Type : ACT_GATHER_INFO |
2014-03-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0285.nasl - Type : ACT_GATHER_INFO |
2014-03-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2128-1.nasl - Type : ACT_GATHER_INFO |
2014-03-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2129-1.nasl - Type : ACT_GATHER_INFO |
2014-02-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2114-1.nasl - Type : ACT_GATHER_INFO |
2014-02-19 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2112-1.nasl - Type : ACT_GATHER_INFO |
2014-02-19 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2111-1.nasl - Type : ACT_GATHER_INFO |
2014-02-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2109-1.nasl - Type : ACT_GATHER_INFO |
2014-02-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3011.nasl - Type : ACT_GATHER_INFO |
2014-02-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3010.nasl - Type : ACT_GATHER_INFO |
2014-02-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3009.nasl - Type : ACT_GATHER_INFO |
2014-02-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3002.nasl - Type : ACT_GATHER_INFO |
2014-02-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0159.nasl - Type : ACT_GATHER_INFO |
2014-02-13 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140211_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-02-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0159.nasl - Type : ACT_GATHER_INFO |
2014-02-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0159.nasl - Type : ACT_GATHER_INFO |
2014-02-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-140124.nasl - Type : ACT_GATHER_INFO |
2014-02-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-140125.nasl - Type : ACT_GATHER_INFO |
2014-01-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-140116.nasl - Type : ACT_GATHER_INFO |
2014-01-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2070-1.nasl - Type : ACT_GATHER_INFO |
2014-01-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2064-1.nasl - Type : ACT_GATHER_INFO |
2014-01-05 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2065-1.nasl - Type : ACT_GATHER_INFO |
2014-01-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2066-1.nasl - Type : ACT_GATHER_INFO |
2014-01-05 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2068-1.nasl - Type : ACT_GATHER_INFO |
2014-01-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2071-1.nasl - Type : ACT_GATHER_INFO |
2014-01-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2075-1.nasl - Type : ACT_GATHER_INFO |
2013-12-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-291.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131121_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22695.nasl - Type : ACT_GATHER_INFO |
2013-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22669.nasl - Type : ACT_GATHER_INFO |
2013-12-05 | Name : The remote Fedora host is missing a security update. File : fedora_2013-22531.nasl - Type : ACT_GATHER_INFO |
2013-11-29 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2584.nasl - Type : ACT_GATHER_INFO |
2013-11-29 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-2583.nasl - Type : ACT_GATHER_INFO |
2013-11-27 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1645.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1645.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-20 13:21:22 |
|
2014-02-19 05:18:36 |
|