This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2008-07-02
Product Ubuntu Linux Last view 2021-04-17
Version 8.04 Type Os
Update *  
Edition *  
Language *  
Sofware Edition -  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2021-04-17 CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

7.8 2021-04-17 CVE-2021-3492

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.

7.8 2016-12-16 CVE-2016-9950

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

7.8 2016-12-16 CVE-2016-9949

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

7.8 2016-11-27 CVE-2015-1328

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

6.8 2012-11-11 CVE-2012-4564

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.

7.8 2011-07-18 CVE-2010-4656

The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report.

5.5 2011-07-18 CVE-2010-4655

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.

5.7 2011-03-15 CVE-2011-0695

Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.

4 2011-03-02 CVE-2011-0762

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

7.2 2011-03-01 CVE-2011-1017

Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table.

4.9 2011-03-01 CVE-2011-1012

The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB structure in an LDM partition table, which allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted partition table.

7.2 2011-02-18 CVE-2011-0712

Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.

9.3 2011-01-14 CVE-2011-0480

Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.

2.1 2010-12-30 CVE-2010-3850

The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.

4.7 2010-12-30 CVE-2010-3849

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.

6.9 2010-12-30 CVE-2010-3848

Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures.

7.2 2010-12-06 CVE-2010-3904

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

8.3 2010-11-26 CVE-2010-3705

The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array.

6.2 2010-11-26 CVE-2010-2963

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.

7.8 2010-11-22 CVE-2010-3432

The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic.

7.5 2010-11-05 CVE-2010-3702

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

4.7 2010-10-04 CVE-2010-3442

Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.

6.6 2010-10-04 CVE-2010-3437

Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.

7.2 2010-09-29 CVE-2010-2478

Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084.

CWE : Common Weakness Enumeration

%idName
13% (7) CWE-787 Out-of-bounds Write
11% (6) CWE-190 Integer Overflow or Wraparound
9% (5) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
9% (5) CWE-20 Improper Input Validation
7% (4) CWE-476 NULL Pointer Dereference
7% (4) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
5% (3) CWE-200 Information Exposure
3% (2) CWE-415 Double Free
3% (2) CWE-362 Race Condition
3% (2) CWE-193 Off-by-one Error
1% (1) CWE-772 Missing Release of Resource after Effective Lifetime
1% (1) CWE-681 Incorrect Conversion between Numeric Types
1% (1) CWE-665 Improper Initialization
1% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
1% (1) CWE-399 Resource Management Errors
1% (1) CWE-369 Divide By Zero
1% (1) CWE-269 Improper Privilege Management
1% (1) CWE-264 Permissions, Privileges, and Access Controls
1% (1) CWE-129 Improper Validation of Array Index
1% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
1% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

SAINT Exploits

Description Link
Ubuntu overlayfs privilege elevation More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
73340 vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS
73039 Linux Kernel caiaq Native Instruments USB Audio sound/usb/caiaq/midi.c snd_us...
73038 Linux Kernel caiaq Native Instruments USB Audio sound/usb/caiaq/audio.c snd_u...
73037 Linux Kernel fs/partitions/ldm.c ldm_parse_vmdb Function LDM Partition Table ...
71602 Linux Kernel IO-Warrior USB Device iowarrior_write() Function Local Privilege...
71601 Linux Kernel ethtool IOCTL Handler ethtool_get_regs() Function Local Informat...
71480 Linux Kernel cm_work_handler() Function InfiniBand Request Handling DoS
71359 Linux Kernel fs/partitions/ldm.c ldm_frag_add() LDM Partition Table Overflow
70463 FFmpeg Vorbis Decoder vorbis_dec.c WebM File Handling Multiple Overflow DoS
70262 Linux Kernel net/econet/af_econet.c ec_dev_ioctl Function SIOCSIFADDR IOCTL e...
70261 Linux Kernel net/econet/af_econet.c econet_sendmsg Function sendmsg Call Loca...
70260 Linux Kernel net/econet/af_econet.c econet_sendmsg Function iovec Structure L...
69515 Linux Kernel net/sctp/auth.c sctp_auth_asoc_get_hmac Function SCTP Peer hmac_...
69424 Linux Kernel net/sctp/output.c sctp_packet_config Function SCTP Traffic Seque...
69117 Linux Kernel net/rds/page.c rds_page_copy_user() Function Local Privilege Esc...
69064 Poppler Gfx::getPos PDF Handling Uninitialized Pointer Dereference DoS
68871 Linux Kernel i915 drivers/media/video/v4l2-compat-ioctl32.c get_microcode32()...
68370 Linux Kernel drivers/block/pktcdvd.c pkt_find_dev_from_minor Function PKT_CTR...
68290 Linux Kernel on 32-bit net/core/ethtool.c ethtool_get_rxnfc Function ETHTOOL_...
68266 Linux Kernel sound/core/control.c snd_ctl_new() Function Local Overflow
68177 Linux Kernel net/sched/act_police.c tcf_act_police_dump Function Network Queu...
68176 Linux Kernel sound/core/seq/oss/seq_oss_init.c snd_seq_oss_open Function Doub...
68174 Linux Kernel fs/aio.c do_io_submit Function Crafted io_submit System Call Loc...
67894 Linux Kernel drivers/char/tty_io.c tty_fasync Function Race Condition Local DoS
67773 Linux Kernel net/irda/af_irda.c irda_bind() Function Object Cleanup NULL Der...

ExploitDB Exploits

id Description
17787 Linux Kernel < 2.6.36.2 Econet Privilege Escalation Exploit
16270 vsftpd 2.3.2 Denial of Service Vulnerability
15704 Linux Kernel <= 2.6.37 - Local Privilege Escalation
15344 Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
15285 Linux RDS Protocol Local Privilege Escalation
15150 Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-31 Name : Fedora Update for libtiff FEDORA-2012-20404
File : nvt/gb_fedora_2012_20404_libtiff_fc16.nasl
2012-12-31 Name : Fedora Update for libtiff FEDORA-2012-20446
File : nvt/gb_fedora_2012_20446_libtiff_fc17.nasl
2012-12-26 Name : CentOS Update for libtiff CESA-2012:1590 centos5
File : nvt/gb_CESA-2012_1590_libtiff_centos5.nasl
2012-12-26 Name : CentOS Update for libtiff CESA-2012:1590 centos6
File : nvt/gb_CESA-2012_1590_libtiff_centos6.nasl
2012-12-26 Name : RedHat Update for libtiff RHSA-2012:1590-01
File : nvt/gb_RHSA-2012_1590-01_libtiff.nasl
2012-11-26 Name : Debian Security Advisory DSA 2575-1 (tiff)
File : nvt/deb_2575_1.nasl
2012-11-23 Name : Mandriva Update for libtiff MDVSA-2012:174 (libtiff)
File : nvt/gb_mandriva_MDVSA_2012_174.nasl
2012-11-19 Name : Ubuntu Update for tiff USN-1631-1
File : nvt/gb_ubuntu_USN_1631_1.nasl
2012-08-24 Name : CentOS Update for tetex CESA-2012:1201 centos5
File : nvt/gb_CESA-2012_1201_tetex_centos5.nasl
2012-08-24 Name : RedHat Update for tetex RHSA-2012:1201-01
File : nvt/gb_RHSA-2012_1201-01_tetex.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2010:0936 centos4 x86_64
File : nvt/gb_CESA-2010_0936_kernel_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2011:0004 centos5 x86_64
File : nvt/gb_CESA-2011_0004_kernel_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2011:0303 centos5 x86_64
File : nvt/gb_CESA-2011_0303_kernel_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for vsftpd CESA-2011:0337 centos5 x86_64
File : nvt/gb_CESA-2011_0337_vsftpd_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2011:0927 centos5 x86_64
File : nvt/gb_CESA-2011_0927_kernel_centos5_x86_64.nasl
2012-06-06 Name : RedHat Update for kernel RHSA-2011:0421-01
File : nvt/gb_RHSA-2011_0421-01_kernel.nasl
2012-06-06 Name : RedHat Update for kernel RHSA-2011:0498-01
File : nvt/gb_RHSA-2011_0498-01_kernel.nasl
2012-06-05 Name : RedHat Update for kernel RHSA-2011:0007-01
File : nvt/gb_RHSA-2011_0007-01_kernel.nasl
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-03-16 Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX...
File : nvt/gb_VMSA-2011-0012.nasl
2012-03-16 Name : Ubuntu Update for mysql-5.1 USN-1397-1
File : nvt/gb_ubuntu_USN_1397_1.nasl
2012-03-15 Name : VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Ser...
File : nvt/gb_VMSA-2012-0001.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-07 (vsftpd)
File : nvt/glsa_201110_07.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-02 (MySQL)
File : nvt/glsa_201201_02.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2012-A-0020 Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity: Category I - VMSKEY: V0031252
2011-A-0147 Multiple Vulnerabilities in VMware ESX and ESXi
Severity: Category I - VMSKEY: V0030545
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158
2010-A-0015 Multiple Vulnerabilities in Red Hat Linux Kernel
Severity: Category I - VMSKEY: V0022631

Snort® IPS/IDS

Date Description
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41041 - Type : OS-LINUX - Revision : 2
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41040 - Type : OS-LINUX - Revision : 2
2014-01-10 Apache WebDAV mod_dav nested entity reference DoS attempt
RuleID : 23779 - Type : SERVER-APACHE - Revision : 4
2014-01-10 Google Chrome Uninitialized bug_report Pointer Code Execution
RuleID : 19217 - Type : BROWSER-CHROME - Revision : 14
2014-01-10 Google Chrome Uninitialized bug_report Pointer Code Execution
RuleID : 19216 - Type : BROWSER-CHROME - Revision : 14
2014-01-10 yaSSL library cert parsing stack overflow attempt
RuleID : 16385 - Type : SERVER-MYSQL - Revision : 7
2014-01-10 FFmpeg 4xm processing memory corruption attempt
RuleID : 15871 - Type : FILE-MULTIMEDIA - Revision : 12
2014-01-10 STAT overflow attempt
RuleID : 1379-community - Type : PROTOCOL-FTP - Revision : 23
2014-01-10 STAT overflow attempt
RuleID : 1379 - Type : PROTOCOL-FTP - Revision : 23

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-09-01 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0147.nasl - Type: ACT_GATHER_INFO
2016-12-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3157-1.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0004_remote.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0003_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2011-0012_remote.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote host is missing a security-related patch.
File: vmware_VMSA-2009-0016_remote.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote VMware ESXi / ESX host is missing a security-related patch.
File: vmware_VMSA-2012-0001_remote.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-2.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2645-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2647-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2012-1708-1.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_gimp_20130521.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_libtiff_20131217.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2008-2007.nasl - Type: ACT_GATHER_INFO