Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Linux kernel (OMAP4) vulnerabilities
Informations
Name USN-2116-1 First vendor Publication 2014-02-18
Vendor Ubuntu Last vendor Modification 2014-02-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.7 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10

Summary:

Several security issues were fixed in the kernel.

Software Description: - linux-ti-omap4: Linux kernel for OMAP4

Details:

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929)

A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ability to assign a device could exploit this flaw to cause a denial of service (memory consumption). (CVE-2013-4592)

Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378)

Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10:
linux-image-3.5.0-238-omap4 3.5.0-238.54

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well.

References:
http://www.ubuntu.com/usn/usn-2116-1
CVE-2013-2929, CVE-2013-4592, CVE-2013-6378, CVE-2013-6380

Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.5.0-238.54

Original Source

Url : http://www.ubuntu.com/usn/USN-2116-1

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-399 Resource Management Errors
25 % CWE-264 Permissions, Privileges, and Access Controls
25 % CWE-189 Numeric Errors (CWE/SANS Top 25)
25 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:23368
 
Oval ID: oval:org.mitre.oval:def:23368
Title: USN-2116-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2116-1
CVE-2013-2929
CVE-2013-4592
CVE-2013-6378
CVE-2013-6380
Version: 5
Platform(s): Ubuntu 13.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24140
 
Oval ID: oval:org.mitre.oval:def:24140
Title: USN-2111-1 -- linux-lts-quantal vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2111-1
CVE-2013-2929
CVE-2013-4592
CVE-2013-6378
CVE-2013-6380
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24256
 
Oval ID: oval:org.mitre.oval:def:24256
Title: USN-2114-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2114-1
CVE-2013-2929
CVE-2013-4592
CVE-2013-6378
CVE-2013-6380
Version: 5
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24317
 
Oval ID: oval:org.mitre.oval:def:24317
Title: USN-2112-1 -- linux-lts-raring vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2112-1
CVE-2013-2929
CVE-2013-2930
CVE-2013-4592
CVE-2013-6378
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-raring
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24332
 
Oval ID: oval:org.mitre.oval:def:24332
Title: USN-2115-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2115-1
CVE-2013-2929
CVE-2013-4592
CVE-2013-6378
CVE-2013-6380
Version: 5
Platform(s): Ubuntu 12.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26083
 
Oval ID: oval:org.mitre.oval:def:26083
Title: RHSA-2013:1645: Red Hat Enterprise Linux 6 kernel update (Important)
Description: Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6.
Family: unix Class: patch
Reference(s): RHSA-2013:1645-02
CESA-2013:1645
CVE-2012-6542
CVE-2012-6545
CVE-2013-0343
CVE-2013-1928
CVE-2013-1929
CVE-2013-2164
CVE-2013-2234
CVE-2013-2851
CVE-2013-2888
CVE-2013-2889
CVE-2013-2892
CVE-2013-3231
CVE-2013-4345
CVE-2013-4387
CVE-2013-4591
CVE-2013-4592
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27264
 
Oval ID: oval:org.mitre.oval:def:27264
Title: ELSA-2013-1645 -- Oracle Linux 6 kernel update (important)
Description: [2.6.32-431] - [md] Disabling of TRIM on RAID5 for RHEL6.5 was too aggressive (Jes Sorensen) [1028426]
Family: unix Class: patch
Reference(s): ELSA-2013-1645
CVE-2012-6542
CVE-2013-1929
CVE-2012-6545
CVE-2013-3231
CVE-2013-2164
CVE-2013-2234
CVE-2013-2851
CVE-2013-0343
CVE-2013-4345
CVE-2013-1928
CVE-2013-2888
CVE-2013-2889
CVE-2013-2892
CVE-2013-4387
CVE-2013-4591
CVE-2013-4592
Version: 3
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27338
 
Oval ID: oval:org.mitre.oval:def:27338
Title: ELSA-2013-2583 -- Unbreakable Enterprise Kernel security update (important)
Description: [3.8.13-16.2.2.el6uek] - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17841973] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - KVM: Fix iommu map/unmap to handle memory slot moves (Alex Williamson) [Orabug: 17841960] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17837997] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17841940] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17841911] {CVE-2013-0343} - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17841928] {CVE-2013-4387}
Family: unix Class: patch
Reference(s): ELSA-2013-2583
CVE-2013-0343
CVE-2013-4345
CVE-2013-2888
CVE-2013-2889
CVE-2013-2892
CVE-2013-4387
CVE-2013-4592
Version: 5
Platform(s): Oracle Linux 6
Product(s): dtrace-modules
kernel-uek
dtrace-modules-3.8.13-16.2.2.el6uek-provider-headers
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27431
 
Oval ID: oval:org.mitre.oval:def:27431
Title: ELSA-2013-2584 -- Unbreakable Enterprise Kernel security update (important)
Description: [2.6.39-400.211.2] - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (Kees Cook) [Orabug: 17842208] {CVE-2013-1928} - Bluetooth: RFCOMM - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17842129] {CVE-2012-6545} - Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST) (Mathias Krause) [Orabug: 17842105] {CVE-2012-6545} - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Mathias Krause) [Orabug: 17842095] {CVE-2013-3231} - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17842084] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17842081] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17842081] {CVE-2013-2889} - KVM: Fix iommu map/unmap to handle memory slot moves (Jerry Snitselaar) [Orabug: 17842075] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17842072] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17842063] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17842056] {CVE-2013-0343} - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17842050] {CVE-2013-4387}
Family: unix Class: patch
Reference(s): ELSA-2013-2584
CVE-2012-6545
CVE-2013-3231
CVE-2013-0343
CVE-2013-4345
CVE-2013-1928
CVE-2013-2888
CVE-2013-2889
CVE-2013-2892
CVE-2013-4387
CVE-2013-4592
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1992

Nessus® Vulnerability Scanner

Date Description
2017-04-03 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0481-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0287-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0189-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0140-1.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0290.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141209_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-12-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-12-10 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1645.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0815.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-1527.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0100.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140709.nasl - Type : ACT_GATHER_INFO
2014-06-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3043.nasl - Type : ACT_GATHER_INFO
2014-06-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3042.nasl - Type : ACT_GATHER_INFO
2014-06-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0771.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140619_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0771.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0771.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-113.nasl - Type : ACT_GATHER_INFO
2014-05-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3034.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2906.nasl - Type : ACT_GATHER_INFO
2014-03-14 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140312_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-03-14 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0285.nasl - Type : ACT_GATHER_INFO
2014-03-14 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0285-1.nasl - Type : ACT_GATHER_INFO
2014-03-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0285.nasl - Type : ACT_GATHER_INFO
2014-03-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0285.nasl - Type : ACT_GATHER_INFO
2014-03-10 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2136-1.nasl - Type : ACT_GATHER_INFO
2014-03-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2129-1.nasl - Type : ACT_GATHER_INFO
2014-03-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2128-1.nasl - Type : ACT_GATHER_INFO
2014-02-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2114-1.nasl - Type : ACT_GATHER_INFO
2014-02-19 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2112-1.nasl - Type : ACT_GATHER_INFO
2014-02-19 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2111-1.nasl - Type : ACT_GATHER_INFO
2014-02-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2109-1.nasl - Type : ACT_GATHER_INFO
2014-02-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3011.nasl - Type : ACT_GATHER_INFO
2014-02-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3010.nasl - Type : ACT_GATHER_INFO
2014-02-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3009.nasl - Type : ACT_GATHER_INFO
2014-02-13 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140211_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-02-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0159.nasl - Type : ACT_GATHER_INFO
2014-02-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3002.nasl - Type : ACT_GATHER_INFO
2014-02-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0159.nasl - Type : ACT_GATHER_INFO
2014-02-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0159.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140124.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140125.nasl - Type : ACT_GATHER_INFO
2014-01-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140116.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2070-1.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2064-1.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2065-1.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2066-1.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2075-1.nasl - Type : ACT_GATHER_INFO
2013-12-18 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-291.nasl - Type : ACT_GATHER_INFO
2013-12-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131121_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-12-10 Name : The remote Fedora host is missing a security update.
File : fedora_2013-22695.nasl - Type : ACT_GATHER_INFO
2013-12-08 Name : The remote Fedora host is missing a security update.
File : fedora_2013-22669.nasl - Type : ACT_GATHER_INFO
2013-12-05 Name : The remote Fedora host is missing a security update.
File : fedora_2013-22531.nasl - Type : ACT_GATHER_INFO
2013-11-29 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2584.nasl - Type : ACT_GATHER_INFO
2013-11-29 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2583.nasl - Type : ACT_GATHER_INFO
2013-11-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1645.nasl - Type : ACT_GATHER_INFO
2013-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1645.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-19 05:18:37
  • First insertion