This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2008-09-24
Product Ubuntu Linux Last view 2016-12-16
Version 8.04 Type Os
Update -  
Edition lts  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2016-12-16 CVE-2016-9950

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

7.8 2016-12-16 CVE-2016-9949

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

7.8 2016-11-27 CVE-2015-1328

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

6.4 2014-04-27 CVE-2011-3152

DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file.

1.9 2014-04-17 CVE-2011-3154

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.

6.9 2014-04-15 CVE-2011-3628

Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.

2.6 2014-02-28 CVE-2011-3634

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.

6.8 2014-02-10 CVE-2012-3406

The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.

5 2014-02-10 CVE-2012-3405

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

5 2014-02-10 CVE-2012-3404

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers.

5 2013-04-29 CVE-2013-1944

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

4.3 2013-04-25 CVE-2013-0338

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.

4 2013-04-04 CVE-2013-1901

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.

8.5 2013-04-04 CVE-2013-1900

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."

6.5 2013-04-04 CVE-2013-1899

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).

9.3 2011-01-28 CVE-2010-3454

Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.

9.3 2011-01-28 CVE-2010-3451

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document.

9.3 2011-01-28 CVE-2010-3450

Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.

9.3 2010-06-09 CVE-2010-0395

OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.

9.3 2010-02-16 CVE-2009-3301

Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.

9.3 2008-09-24 CVE-2008-4063

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.

CWE : Common Weakness Enumeration

%idName
27% (5) CWE-189 Numeric Errors
22% (4) CWE-264 Permissions, Privileges, and Access Controls
11% (2) CWE-200 Information Exposure
11% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
11% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
5% (1) CWE-310 Cryptographic Issues
5% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
5% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

SAINT Exploits

Description Link
Ubuntu overlayfs privilege elevation More info here

Open Source Vulnerability Database (OSVDB)

id Description
77642 Update Manager Tar File Handling MitM Remote Arbitrary File Overwrite
77641 Update Manager Insecure Temporary File Creation Local .XAUTHORITY File Discl...
77451 apt Verify-Host Option SSL Certificate Validation MitM Remote Repository Cred...
70715 OpenOffice.org (OOo) oowriter WW8DopTypography::ReadFromMem Function Crafted ...
70712 OpenOffice.org (OOo) oowriter RTF Document Malformed Table Use-after-free Ove...
70711 OpenOffice.org (OOo) Multiple File Type Traversal Arbitrary File Overwrite
65203 OpenOffice.org (OOo) Scripting IDE Python Code Parsing Arbitrary Code Execution
62384 OpenOffice.org (OOo) filter/ww8/ww8par2.cxx sprmTDefTable Table Underflow
48764 Mozilla Firefox nsFrameList::SortByContentOrder Function Memory Corruption
48763 Mozilla Firefox indic IME Extension Memory Corruption
48762 Mozilla Firefox nsContentList::Item Function this Variable Memory Corruption

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-27 Name : VMSA-2012-0018: VMware security updates for vCSA and ESXi
File : nvt/gb_VMSA-2012-0018.nasl
2012-12-18 Name : Ubuntu Update for glibc USN-1589-2
File : nvt/gb_ubuntu_USN_1589_2.nasl
2012-10-03 Name : Ubuntu Update for eglibc USN-1589-1
File : nvt/gb_ubuntu_USN_1589_1.nasl
2012-08-30 Name : Fedora Update for glibc FEDORA-2012-11508
File : nvt/gb_fedora_2012_11508_glibc_fc17.nasl
2012-07-30 Name : CentOS Update for openoffice.org CESA-2011:0181 centos4 x86_64
File : nvt/gb_CESA-2011_0181_openoffice.org_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for openoffice.org-base CESA-2011:0182 centos5 x86_64
File : nvt/gb_CESA-2011_0182_openoffice.org-base_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for glibc CESA-2012:1097 centos5
File : nvt/gb_CESA-2012_1097_glibc_centos5.nasl
2012-07-30 Name : CentOS Update for glibc CESA-2012:1098 centos6
File : nvt/gb_CESA-2012_1098_glibc_centos6.nasl
2012-07-19 Name : RedHat Update for glibc RHSA-2012:1098-01
File : nvt/gb_RHSA-2012_1098-01_glibc.nasl
2012-07-19 Name : RedHat Update for glibc RHSA-2012:1097-01
File : nvt/gb_RHSA-2012_1097-01_glibc.nasl
2012-07-09 Name : RedHat Update for openoffice.org RHSA-2011:0183-01
File : nvt/gb_RHSA-2011_0183-01_openoffice.org.nasl
2012-02-21 Name : Ubuntu Update for update-manager USN-1284-2
File : nvt/gb_ubuntu_USN_1284_2.nasl
2011-12-02 Name : Ubuntu Update for update-manager USN-1284-1
File : nvt/gb_ubuntu_USN_1284_1.nasl
2011-12-02 Name : Ubuntu Update for apt USN-1283-1
File : nvt/gb_ubuntu_USN_1283_1.nasl
2011-10-31 Name : Ubuntu Update for pam USN-1237-1
File : nvt/gb_ubuntu_USN_1237_1.nasl
2011-08-09 Name : CentOS Update for openoffice.org-base CESA-2010:0101 centos5 i386
File : nvt/gb_CESA-2010_0101_openoffice.org-base_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openoffice.org-base CESA-2010:0459 centos5 i386
File : nvt/gb_CESA-2010_0459_openoffice.org-base_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openoffice.org-base CESA-2011:0182 centos5 i386
File : nvt/gb_CESA-2011_0182_openoffice.org-base_centos5_i386.nasl
2011-03-07 Name : Debian Security Advisory DSA 2151-1 (openoffice.org)
File : nvt/deb_2151_1.nasl
2011-03-05 Name : FreeBSD Ports: openoffice.org
File : nvt/freebsd_openoffice.org0.nasl
2011-02-18 Name : Fedora Update for openoffice.org FEDORA-2011-0837
File : nvt/gb_fedora_2011_0837_openoffice.org_fc13.nasl
2011-02-16 Name : Mandriva Update for openoffice.org MDVSA-2011:027 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2011_027.nasl
2011-02-11 Name : CentOS Update for openoffice.org CESA-2011:0181 centos4 i386
File : nvt/gb_CESA-2011_0181_openoffice.org_centos4_i386.nasl
2011-02-04 Name : Ubuntu Update for openoffice.org vulnerabilities USN-1056-1
File : nvt/gb_ubuntu_USN_1056_1.nasl
2011-01-31 Name : RedHat Update for openoffice.org and openoffice.org2 RHSA-2011:0181-01
File : nvt/gb_RHSA-2011_0181-01_openoffice.org_and_openoffice.org2.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0038 Multiple Vulnerabilities in GNU C Library (glibc)
Severity: Category I - VMSKEY: V0058753
2013-A-0179 Apple Mac OS X Security Update 2013-004
Severity: Category I - VMSKEY: V0040373
2013-B-0035 Multiple Vulnerabilities in PostgreSQL
Severity: Category I - VMSKEY: V0037619

Snort® IPS/IDS

Date Description
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41041 - Type : OS-LINUX - Revision : 2
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41040 - Type : OS-LINUX - Revision : 2
2014-01-10 PostgreSQL database name command line injection attempt
RuleID : 26586 - Type : SERVER-OTHER - Revision : 4
2014-01-10 OpenOffice.org Microsoft Office Word file processing integer underflow attempt
RuleID : 18536 - Type : FILE-OFFICE - Revision : 15

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-12-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3157-1.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0056.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0009_remote.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-2.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2645-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2647-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2012-1488-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2013-1251-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2013-1627-1.nasl - Type: ACT_GATHER_INFO
2015-04-06 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16364.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-168.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-165.nasl - Type: ACT_GATHER_INFO
2015-03-09 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201503-04.nasl - Type: ACT_GATHER_INFO
2015-02-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3169.nasl - Type: ACT_GATHER_INFO
2015-01-27 Name: The remote web server is affected by multiple vulnerabilities.
File: oracle_http_server_cpu_jan_2015.nasl - Type: ACT_GATHER_INFO
2015-01-23 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10669.nasl - Type: ACT_GATHER_INFO