Executive Summary
Summary | |
---|---|
Title | linux security update |
Informations | |||
---|---|---|---|
Name | DSA-2972 | First vendor Publication | 2014-07-06 |
Vendor | Debian | Last vendor Modification | 2014-07-06 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x86_64 processors. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation. For the stable distribution (wheezy), this problem has been fixed in version 3.2.60-1+deb7u1. In addition, this update contains several bugfixes originally targeted for the upcoming Wheezy point release. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your linux packages. |
Original Source
Url : http://www.debian.org/security/2014/dsa-2972 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-362 | Race Condition |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:24957 | |||
Oval ID: | oval:org.mitre.oval:def:24957 | ||
Title: | USN-2268-1 -- linux vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2268-1 CVE-2014-4699 | Version: | 3 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25022 | |||
Oval ID: | oval:org.mitre.oval:def:25022 | ||
Title: | USN-2272-1 -- linux-lts-trusty vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2272-1 CVE-2014-4699 | Version: | 3 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-trusty |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25029 | |||
Oval ID: | oval:org.mitre.oval:def:25029 | ||
Title: | USN-2267-1 -- linux-ec2 vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2267-1 CVE-2014-4699 | Version: | 3 |
Platform(s): | Ubuntu 10.04 | Product(s): | linux-ec2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25087 | |||
Oval ID: | oval:org.mitre.oval:def:25087 | ||
Title: | DSA-2972-1 -- linux - security update | ||
Description: | Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x86_64 processors. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2972-1 CVE-2014-4699 | Version: | 5 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | linux |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25135 | |||
Oval ID: | oval:org.mitre.oval:def:25135 | ||
Title: | USN-2271-1 -- linux-lts-saucy vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2271-1 CVE-2014-4699 | Version: | 3 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-saucy |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25147 | |||
Oval ID: | oval:org.mitre.oval:def:25147 | ||
Title: | USN-2270-1 -- linux-lts-raring vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2270-1 CVE-2014-4699 | Version: | 3 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-raring |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25221 | |||
Oval ID: | oval:org.mitre.oval:def:25221 | ||
Title: | USN-2274-1 -- linux vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2274-1 CVE-2014-4699 | Version: | 3 |
Platform(s): | Ubuntu 14.04 | Product(s): | linux |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25225 | |||
Oval ID: | oval:org.mitre.oval:def:25225 | ||
Title: | USN-2269-1 -- linux-lts-quantal vulnerability | ||
Description: | The system could be made to crash or run programs as an administrator. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2269-1 CVE-2014-4699 | Version: | 3 |
Platform(s): | Ubuntu 12.04 | Product(s): | linux-lts-quantal |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27072 | |||
Oval ID: | oval:org.mitre.oval:def:27072 | ||
Title: | USN-2273-1 -- Linux kernel vulnerability | ||
Description: | Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2273-1 CVE-2014-4699 | Version: | 3 |
Platform(s): | Ubuntu 13.10 | Product(s): | linux |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2014-07-21 | Linux Kernel ptrace/sysret - Local Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-04-03 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1138-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1105-1.nasl - Type : ACT_GATHER_INFO |
2015-03-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0290.nasl - Type : ACT_GATHER_INFO |
2014-11-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0925.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0979.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0949.nasl - Type : ACT_GATHER_INFO |
2014-08-23 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3070.nasl - Type : ACT_GATHER_INFO |
2014-08-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-493.nasl - Type : ACT_GATHER_INFO |
2014-08-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-155.nasl - Type : ACT_GATHER_INFO |
2014-08-04 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-478.nasl - Type : ACT_GATHER_INFO |
2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0923.nasl - Type : ACT_GATHER_INFO |
2014-07-26 | Name : The remote Fedora host is missing a security update. File : fedora_2014-8487.nasl - Type : ACT_GATHER_INFO |
2014-07-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0924.nasl - Type : ACT_GATHER_INFO |
2014-07-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0923.nasl - Type : ACT_GATHER_INFO |
2014-07-25 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140723_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-07-25 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3049.nasl - Type : ACT_GATHER_INFO |
2014-07-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0924.nasl - Type : ACT_GATHER_INFO |
2014-07-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0924.nasl - Type : ACT_GATHER_INFO |
2014-07-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0923.nasl - Type : ACT_GATHER_INFO |
2014-07-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0913.nasl - Type : ACT_GATHER_INFO |
2014-07-20 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3048.nasl - Type : ACT_GATHER_INFO |
2014-07-20 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3047.nasl - Type : ACT_GATHER_INFO |
2014-07-20 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-3046.nasl - Type : ACT_GATHER_INFO |
2014-07-11 | Name : The remote Fedora host is missing a security update. File : fedora_2014-8171.nasl - Type : ACT_GATHER_INFO |
2014-07-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2972.nasl - Type : ACT_GATHER_INFO |
2014-07-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2266-1.nasl - Type : ACT_GATHER_INFO |
2014-07-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2274-1.nasl - Type : ACT_GATHER_INFO |
2014-07-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2273-1.nasl - Type : ACT_GATHER_INFO |
2014-07-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2272-1.nasl - Type : ACT_GATHER_INFO |
2014-07-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2271-1.nasl - Type : ACT_GATHER_INFO |
2014-07-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2270-1.nasl - Type : ACT_GATHER_INFO |
2014-07-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2269-1.nasl - Type : ACT_GATHER_INFO |
2014-07-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2268-1.nasl - Type : ACT_GATHER_INFO |
2014-07-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2267-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-07-10 00:27:34 |
|
2014-07-09 17:26:59 |
|
2014-07-08 13:24:35 |
|
2014-07-06 21:22:21 |
|