Executive Summary

Summary
Title Linux kernel (Quantal HWE) vulnerability
Informations
Name USN-2269-1 First vendor Publication 2014-07-05
Vendor Ubuntu Last vendor Modification 2014-07-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description: - linux-lts-quantal: Linux hardware enablement kernel from Quantal

Details:

Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS:
linux-image-3.5.0-52-generic 3.5.0-52.79~precise1

After a standard system update you need to reboot your computer to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2269-1
CVE-2014-4699

Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-quantal/3.5.0-52.79~precise1

Original Source

Url : http://www.ubuntu.com/usn/USN-2269-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24957
 
Oval ID: oval:org.mitre.oval:def:24957
Title: USN-2268-1 -- linux vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2268-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25022
 
Oval ID: oval:org.mitre.oval:def:25022
Title: USN-2272-1 -- linux-lts-trusty vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2272-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-trusty
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25029
 
Oval ID: oval:org.mitre.oval:def:25029
Title: USN-2267-1 -- linux-ec2 vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2267-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25087
 
Oval ID: oval:org.mitre.oval:def:25087
Title: DSA-2972-1 -- linux - security update
Description: Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x86_64 processors. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2972-1
CVE-2014-4699
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25135
 
Oval ID: oval:org.mitre.oval:def:25135
Title: USN-2271-1 -- linux-lts-saucy vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2271-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-saucy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25147
 
Oval ID: oval:org.mitre.oval:def:25147
Title: USN-2270-1 -- linux-lts-raring vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2270-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-raring
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25221
 
Oval ID: oval:org.mitre.oval:def:25221
Title: USN-2274-1 -- linux vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2274-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 14.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25225
 
Oval ID: oval:org.mitre.oval:def:25225
Title: USN-2269-1 -- linux-lts-quantal vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2269-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25244
 
Oval ID: oval:org.mitre.oval:def:25244
Title: USN-2266-1 -- linux vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2266-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25325
 
Oval ID: oval:org.mitre.oval:def:25325
Title: SUSE-SU-2014:0912-1 -- Security update for Linux kernel
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0912-1
CVE-2012-2372
CVE-2013-2929
CVE-2013-4299
CVE-2013-4579
CVE-2013-6382
CVE-2013-7339
CVE-2014-0055
CVE-2014-0077
CVE-2014-0101
CVE-2014-0131
CVE-2014-0155
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
CVE-2014-1874
CVE-2014-2309
CVE-2014-2523
CVE-2014-2678
CVE-2014-2851
CVE-2014-3122
CVE-2014-3144
CVE-2014-3145
CVE-2014-3917
CVE-2014-4508
CVE-2014-4652
CVE-2014-4653
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-4699
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25414
 
Oval ID: oval:org.mitre.oval:def:25414
Title: SUSE-SU-2014:0911-1 -- Security update for Linux kernel
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.elected taints for tracepoint modules.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0911-1
CVE-2012-2372
CVE-2013-2929
CVE-2013-4299
CVE-2013-4579
CVE-2013-6382
CVE-2013-7339
CVE-2014-0055
CVE-2014-0077
CVE-2014-0101
CVE-2014-0131
CVE-2014-0155
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
CVE-2014-1874
CVE-2014-2309
CVE-2014-2523
CVE-2014-2678
CVE-2014-2851
CVE-2014-3122
CVE-2014-3144
CVE-2014-3145
CVE-2014-3917
CVE-2014-4508
CVE-2014-4652
CVE-2014-4653
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-4699
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26192
 
Oval ID: oval:org.mitre.oval:def:26192
Title: SUSE-SU-2014:0910-1 -- Security update for Linux kernel
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0910-1
CVE-2012-2372
CVE-2013-2929
CVE-2013-4299
CVE-2013-4579
CVE-2013-6382
CVE-2013-7339
CVE-2014-0055
CVE-2014-0077
CVE-2014-0101
CVE-2014-0131
CVE-2014-0155
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
CVE-2014-1874
CVE-2014-2309
CVE-2014-2523
CVE-2014-2678
CVE-2014-2851
CVE-2014-3122
CVE-2014-3144
CVE-2014-3145
CVE-2014-3917
CVE-2014-4508
CVE-2014-4652
CVE-2014-4653
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-4699
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26617
 
Oval ID: oval:org.mitre.oval:def:26617
Title: ELSA-2014-3047 -- unbreakable enterprise kernel security update (important)
Description: [2.6.39-400.215.4] - l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229505] {CVE-2014-4943} {CVE-2014-4943} - ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230690] {CVE-2014-4699}
Family: unix Class: patch
Reference(s): ELSA-2014-3047
CVE-2014-4943
CVE-2014-4699
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27072
 
Oval ID: oval:org.mitre.oval:def:27072
Title: USN-2273-1 -- Linux kernel vulnerability
Description: Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.
Family: unix Class: patch
Reference(s): USN-2273-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 13.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27252
 
Oval ID: oval:org.mitre.oval:def:27252
Title: ELSA-2014-0924 -- kernel security update (important)
Description: [2.6.32-431.20.5] - [netdrv] pppol2tp: fail when socket option level is not SOL_PPPOL2TP [1119461 1119462] {CVE-2014-4943} [2.6.32-431.20.4] - [kernel] utrace: force IRET path after utrace_finish_vfork() (Oleg Nesterov) [1115932 1115933] {CVE-2014-4699}
Family: unix Class: patch
Reference(s): ELSA-2014-0924
CVE-2014-4943
CVE-2014-4699
Version: 3
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27297
 
Oval ID: oval:org.mitre.oval:def:27297
Title: ELSA-2014-0923 -- kernel security update (important)
Description: [3.10.0-123.4.4] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-123.4.4] - [net] l2tp_ppp: fail when socket option level is not SOL_PPPOL2TP (Petr Matousek) [1119465 1119466] {CVE-2014-4943} [3.10.0-123.4.3] - [x86] ptrace: force IRET path after a ptrace_stop() (Oleg Nesterov) [1115934 1115935] {CVE-2014-4699}
Family: unix Class: patch
Reference(s): ELSA-2014-0923
CVE-2014-4943
CVE-2014-4699
Version: 3
Platform(s): Oracle Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27341
 
Oval ID: oval:org.mitre.oval:def:27341
Title: ELSA-2014-3048 -- unbreakable enterprise kernel security update (important)
Description: kernel-uek [2.6.32-400.36.4uek] - l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229529] {CVE-2014-4943} {CVE-2014-4943} - ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230692] {CVE-2014-4699}
Family: unix Class: patch
Reference(s): ELSA-2014-3048
CVE-2014-4943
CVE-2014-4699
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
mlnx_en
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 4
Os 1
Os 2147

ExploitDB Exploits

id Description
2014-07-21 Linux Kernel ptrace/sysret - Local Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2017-04-03 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1138-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1105-1.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0290.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0925.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0979.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0949.nasl - Type : ACT_GATHER_INFO
2014-08-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3070.nasl - Type : ACT_GATHER_INFO
2014-08-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-493.nasl - Type : ACT_GATHER_INFO
2014-08-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-155.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-478.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0923.nasl - Type : ACT_GATHER_INFO
2014-07-26 Name : The remote Fedora host is missing a security update.
File : fedora_2014-8487.nasl - Type : ACT_GATHER_INFO
2014-07-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0924.nasl - Type : ACT_GATHER_INFO
2014-07-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0923.nasl - Type : ACT_GATHER_INFO
2014-07-25 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140723_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-07-25 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3049.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0924.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0924.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0923.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0913.nasl - Type : ACT_GATHER_INFO
2014-07-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3048.nasl - Type : ACT_GATHER_INFO
2014-07-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3047.nasl - Type : ACT_GATHER_INFO
2014-07-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3046.nasl - Type : ACT_GATHER_INFO
2014-07-11 Name : The remote Fedora host is missing a security update.
File : fedora_2014-8171.nasl - Type : ACT_GATHER_INFO
2014-07-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2972.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2266-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2274-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2273-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2272-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2271-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2270-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2269-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2268-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2267-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2014-07-10 00:27:35
  • Multiple Updates
2014-07-09 17:27:02
  • Multiple Updates
2014-07-07 13:24:41
  • Multiple Updates
2014-07-05 21:22:15
  • First insertion