This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2009-12-30
Product Ubuntu Linux Last view 2021-04-17
Version 11.10 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2021-04-17 CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

7.8 2021-04-17 CVE-2021-3492

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.

7.8 2020-02-19 CVE-2012-0055

OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.

4.4 2019-12-26 CVE-2012-2736

In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.

7.8 2016-12-16 CVE-2016-9950

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

7.8 2016-12-16 CVE-2016-9949

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

7.8 2016-11-27 CVE-2015-1328

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

2.1 2014-05-22 CVE-2012-0943

debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.

10 2014-05-21 CVE-2012-1166

The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.

4.3 2014-05-13 CVE-2011-4407

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.

6.4 2014-04-27 CVE-2011-3152

DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file.

1.9 2014-04-17 CVE-2011-3154

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.

3.6 2014-04-16 CVE-2011-4406

The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.

6.9 2014-04-15 CVE-2011-3628

Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.

1.9 2014-03-06 CVE-2011-3153

dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.

6.8 2014-02-10 CVE-2012-3406

The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.

5 2014-02-10 CVE-2012-3405

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

5 2014-02-10 CVE-2012-3404

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.

4.6 2014-02-05 CVE-2011-4613

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

4.3 2014-02-05 CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.

6.8 2014-02-04 CVE-2011-2725

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.

4.3 2013-05-13 CVE-2013-2021

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

5 2013-05-13 CVE-2013-2020

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

2.1 2013-05-13 CVE-2013-1940

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

5 2013-05-02 CVE-2013-0306

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
24% (38) CWE-416 Use After Free
12% (20) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (14) CWE-264 Permissions, Privileges, and Access Controls
6% (11) CWE-20 Improper Input Validation
6% (10) CWE-200 Information Exposure
6% (10) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
5% (9) CWE-787 Out-of-bounds Write
3% (5) CWE-189 Numeric Errors
3% (5) CWE-125 Out-of-bounds Read
3% (5) CWE-94 Failure to Control Generation of Code ('Code Injection')
2% (4) CWE-310 Cryptographic Issues
2% (4) CWE-190 Integer Overflow or Wraparound
1% (3) CWE-399 Resource Management Errors
1% (2) CWE-287 Improper Authentication
1% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (1) CWE-415 Double Free
0% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
0% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (1) CWE-352 Cross-Site Request Forgery (CSRF)
0% (1) CWE-346 Origin Validation Error
0% (1) CWE-326 Inadequate Encryption Strength
0% (1) CWE-306 Missing Authentication for Critical Function
0% (1) CWE-295 Certificate Issues

SAINT Exploits

Description Link
Ubuntu overlayfs privilege elevation More info here
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability More info here

Open Source Vulnerability Database (OSVDB)

id Description
77642 Update Manager Tar File Handling MitM Remote Arbitrary File Overwrite
77641 Update Manager Insecure Temporary File Creation Local .XAUTHORITY File Discl...
77584 ISC DHCP Regular Expressions dhcpd.conf DHCP Request Packet Parsing Remote DoS
77430 Ubuntu Software Center SSL Certificate Verification MitM Package Installation...
77214 system-config-printer cupshelper OpenPrinting Database Query MitM Package Ins...
77176 LightDM ~/.dmrc File Handling Local Symlink Arbitrary File Access
76940 icedtea-web Web Browser Plugin Applet Handling Same Origin Policy Bypass
76805 Linux Kernel net/core/net_namespace.c Network Namespace Cleanup Weakness Remo...
74180 KDE kdeutils Ark Traversal Arbitrary File Deletion
65851 MySQL ALTER DATABASE #mysql50# Prefix Handling DoS
61956 yaSSL Certificate Name Handling Overflow

ExploitDB Exploits

id Description
18040 Xorg 1.4 to 1.11.2 File Permission Change PoC

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-09-18 Name : Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities)
File : nvt/deb_2406_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2427-1 (imagemagick - several vulnerabilities)
File : nvt/deb_2427_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)
File : nvt/deb_2462_2.nasl
2013-09-18 Name : Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2553_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2581-1 (mysql-5.1 - several vulnerabilities)
File : nvt/deb_2581_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2583_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities)
File : nvt/deb_2584_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2588-1 (icedove - several vulnerabilities)
File : nvt/deb_2588_1.nasl
2012-12-31 Name : Fedora Update for libtiff FEDORA-2012-20404
File : nvt/gb_fedora_2012_20404_libtiff_fc16.nasl
2012-12-31 Name : Fedora Update for libtiff FEDORA-2012-20446
File : nvt/gb_fedora_2012_20446_libtiff_fc17.nasl
2012-12-27 Name : VMSA-2012-0018: VMware security updates for vCSA and ESXi
File : nvt/gb_VMSA-2012-0018.nasl
2012-12-26 Name : CentOS Update for libtiff CESA-2012:1590 centos5
File : nvt/gb_CESA-2012_1590_libtiff_centos5.nasl
2012-12-26 Name : CentOS Update for libtiff CESA-2012:1590 centos6
File : nvt/gb_CESA-2012_1590_libtiff_centos6.nasl
2012-12-26 Name : RedHat Update for libtiff RHSA-2012:1590-01
File : nvt/gb_RHSA-2012_1590-01_libtiff.nasl
2012-12-26 Name : Fedora Update for qt FEDORA-2012-19715
File : nvt/gb_fedora_2012_19715_qt_fc16.nasl
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-18 Name : Ubuntu Update for glibc USN-1589-2
File : nvt/gb_ubuntu_USN_1589_2.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-14 Name : Fedora Update for qt FEDORA-2012-19759
File : nvt/gb_fedora_2012_19759_qt_fc17.nasl
2012-12-14 Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Linux)
File : nvt/gb_google_chrome_mult_vuln03_dec12_lin.nasl
2012-12-14 Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln03_dec12_macosx.nasl
2012-12-14 Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows)
File : nvt/gb_google_chrome_mult_vuln03_dec12_win.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox)
File : nvt/gb_suse_2012_1064_1.nasl
2012-12-13 Name : SuSE Update for qemu openSUSE-SU-2012:1170-1 (qemu)
File : nvt/gb_suse_2012_1170_1.nasl
2012-12-13 Name : SuSE Update for Security openSUSE-SU-2012:1172-1 (Security)
File : nvt/gb_suse_2012_1172_1.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0038 Multiple Vulnerabilities in GNU C Library (glibc)
Severity: Category I - VMSKEY: V0058753
2014-A-0009 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0043395
2013-A-0179 Apple Mac OS X Security Update 2013-004
Severity: Category I - VMSKEY: V0040373
2013-B-0035 Multiple Vulnerabilities in PostgreSQL
Severity: Category I - VMSKEY: V0037619
2012-B-0092 ISC DHCP Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0033809

Snort® IPS/IDS

Date Description
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41041 - Type : OS-LINUX - Revision : 2
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41040 - Type : OS-LINUX - Revision : 2
2015-02-11 Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt
RuleID : 32994 - Type : BROWSER-FIREFOX - Revision : 6
2015-02-11 Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt
RuleID : 32993 - Type : BROWSER-FIREFOX - Revision : 6
2014-03-06 WAV processing buffer overflow attempt
RuleID : 29546 - Type : FILE-MULTIMEDIA - Revision : 4
2014-03-06 WAV processing buffer overflow attempt
RuleID : 29545 - Type : FILE-MULTIMEDIA - Revision : 4
2014-03-06 WAV processing buffer overflow attempt
RuleID : 29544 - Type : FILE-MULTIMEDIA - Revision : 4
2014-03-06 WAV processing buffer overflow attempt
RuleID : 29543 - Type : FILE-MULTIMEDIA - Revision : 4
2014-03-06 WAV processing buffer overflow attempt
RuleID : 29542 - Type : FILE-MULTIMEDIA - Revision : 3
2014-03-06 WAV processing buffer overflow attempt
RuleID : 29541 - Type : FILE-MULTIMEDIA - Revision : 3
2014-03-06 WAV processing buffer overflow attempt
RuleID : 29540 - Type : FILE-MULTIMEDIA - Revision : 3
2014-03-06 WAV processing buffer overflow attempt
RuleID : 29539 - Type : FILE-MULTIMEDIA - Revision : 3
2014-01-10 Nailed exploit kit Firefox exploit download - autopwn
RuleID : 27080 - Type : EXPLOIT-KIT - Revision : 2
2014-01-10 PostgreSQL database name command line injection attempt
RuleID : 26586 - Type : SERVER-OTHER - Revision : 4
2014-01-10 ImageMagick EXIF resolutionunit handling memory corruption attempt
RuleID : 25351 - Type : FILE-IMAGE - Revision : 2
2014-01-10 ImageMagick EXIF resolutionunit handling memory corruption attempt
RuleID : 25350 - Type : FILE-IMAGE - Revision : 2
2014-01-10 ImageMagick EXIF resolutionunit handling memory corruption attempt
RuleID : 25349 - Type : FILE-IMAGE - Revision : 2
2014-01-10 ImageMagick EXIF resolutionunit handling memory corruption attempt
RuleID : 25348 - Type : FILE-IMAGE - Revision : 9
2014-01-10 ImageMagick EXIF resolutionunit handling memory corruption attempt
RuleID : 25347 - Type : FILE-IMAGE - Revision : 8
2014-01-10 ImageMagick EXIF resolutionunit handling memory corruption attempt
RuleID : 25346 - Type : FILE-IMAGE - Revision : 9
2014-01-10 Mozilla products Ogg Vorbis decoding memory corruption attempt
RuleID : 25298 - Type : FILE-MULTIMEDIA - Revision : 6
2014-01-10 Mozilla products Ogg Vorbis decoding memory corruption attempt
RuleID : 25297 - Type : FILE-MULTIMEDIA - Revision : 8
2014-01-10 yaSSL library cert parsing stack overflow attempt
RuleID : 16385 - Type : SERVER-MYSQL - Revision : 7

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-12-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3157-1.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0056.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0058.nasl - Type: ACT_GATHER_INFO
2016-04-07 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201604-03.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-01-06 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL13405416.nasl - Type: ACT_GATHER_INFO
2015-08-26 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_40497e81fee34e549d5f175a5c633b73.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-2.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2645-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2647-1.nasl - Type: ACT_GATHER_INFO
2015-06-12 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2015-0068.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2012-1351-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2012-1488-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2013-0306-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2013-0850-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2013-0857-1.nasl - Type: ACT_GATHER_INFO