English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 143769 CVE Beschreibungen
und 71225 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.704308
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 4308-1 (linux - security update)
Zusammenfassung:Several vulnerabilities have been discovered in the Linux kernel that;may lead to a privilege escalation, denial of service or information;leaks.;;CVE-2018-6554 ;A memory leak in the irda_bind function in the irda subsystem was;discovered. A local user can take advantage of this flaw to cause a;denial of service (memory consumption).;;CVE-2018-6555 ;A flaw was discovered in the irda_setsockopt function in the irda;subsystem, allowing a local user to cause a denial of service;(use-after-free and system crash).;;CVE-2018-7755 ;Brian Belleville discovered a flaw in the fd_locked_ioctl function;in the floppy driver in the Linux kernel. The floppy driver copies a;kernel pointer to user memory in response to the FDGETPRM ioctl. A;local user with access to a floppy drive device can take advantage;of this flaw to discover the location kernel code and data.;;CVE-2018-9363 ;It was discovered that the Bluetooth HIDP implementation did not;correctly check the length of received report messages. A paired;HIDP device could use this to cause a buffer overflow, leading to;denial of service (memory corruption or crash) or potentially;remote code execution.;;CVE-2018-9516 ;It was discovered that the HID events interface in debugfs did not;correctly limit the length of copies to user buffers. A local;user with access to these files could use this to cause a;denial of service (memory corruption or crash) or possibly for;privilege escalation. However, by default debugfs is only;accessible by the root user.;;CVE-2018-10902 ;It was discovered that the rawmidi kernel driver does not protect;against concurrent access which leads to a double-realloc (double;free) flaw. A local attacker can take advantage of this issue for;privilege escalation.;;CVE-2018-10938 ;Yves Younan from Cisco reported that the Cipso IPv4 module did not;correctly check the length of IPv4 options. On custom kernels with;CONFIG_NETLABEL enabled, a remote attacker could use this to cause;a denial of service (hang).;;CVE-2018-13099 ;Wen Xu from SSLab at Gatech reported a use-after-free bug in the;F2FS implementation. An attacker able to mount a crafted F2FS;volume could use this to cause a denial of service (crash or;memory corruption) or possibly for privilege escalation.;;CVE-2018-14609 ;Wen Xu from SSLab at Gatech reported a potential null pointer;dereference in the F2FS implementation. An attacker able to mount;a crafted F2FS volume could use this to cause a denial of service;(crash).;;CVE-2018-14617 ;Wen Xu from SSLab at Gatech reported a potential null pointer;dereference in the HFS+ implementation. An attacker able to mount;a crafted HFS+ volume could use this to cause a denial of service;(crash).;;CVE-2018-14633 ;Vincent Pelletier discovered a stack-based buffer overflow flaw in;the chap_server_compute_md5() function in the iSCSI target code. An;unauthenticated remote attacker can take advantage of this flaw to;cause a denial of service or possibly to get a non-authorized access;to data exported by an iSCSI target.;;CVE-2018-14678 ;M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the;kernel exit code used on amd64 systems running as Xen PV guests.;A local user could use this to cause a denial of service (crash).;;CVE-2018-14734 ;A use-after-free bug was discovered in the InfiniBand;communication manager. A local user could use this to cause a;denial of service (crash or memory corruption) or possible for;privilege escalation.;;CVE-2018-15572 ;Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and;Nael Abu-Ghazaleh, from University of California, Riverside,;reported a variant of Spectre variant 2, dubbed SpectreRSB. A;local user may be able to use this to read sensitive information;from processes owned by other users.;;CVE-2018-15594 ;Nadav Amit reported that some indirect function calls used in;paravirtualised guests were vulnerable to Spectre variant 2. A;local user may be able to use this to read sensitive information;from the kernel.;;CVE-2018-16276 ;Jann Horn discovered that the yurex driver did not correctly limit;the length of copies to user buffers. A local user with access to;a yurex device node could use this to cause a denial of service;(memory corruption or crash) or possibly for privilege escalation.;;CVE-2018-16658 ;It was discovered that the cdrom driver does not correctly;validate the parameter to the CDROM_DRIVE_STATUS ioctl. A user;with access to a cdrom device could use this to read sensitive;information from the kernel or to cause a denial of service;(crash).;;CVE-2018-17182 ;Jann Horn discovered that the vmacache_flush_all function mishandles;sequence number overflows. A local user can take advantage of this;flaw to trigger a use-after-free, causing a denial of service;(crash or memory corruption) or privilege escalation.
Beschreibung:Summary:
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2018-6554
A memory leak in the irda_bind function in the irda subsystem was
discovered. A local user can take advantage of this flaw to cause a
denial of service (memory consumption).

CVE-2018-6555
A flaw was discovered in the irda_setsockopt function in the irda
subsystem, allowing a local user to cause a denial of service
(use-after-free and system crash).

CVE-2018-7755
Brian Belleville discovered a flaw in the fd_locked_ioctl function
in the floppy driver in the Linux kernel. The floppy driver copies a
kernel pointer to user memory in response to the FDGETPRM ioctl. A
local user with access to a floppy drive device can take advantage
of this flaw to discover the location kernel code and data.

CVE-2018-9363
It was discovered that the Bluetooth HIDP implementation did not
correctly check the length of received report messages. A paired
HIDP device could use this to cause a buffer overflow, leading to
denial of service (memory corruption or crash) or potentially
remote code execution.

CVE-2018-9516
It was discovered that the HID events interface in debugfs did not
correctly limit the length of copies to user buffers. A local
user with access to these files could use this to cause a
denial of service (memory corruption or crash) or possibly for
privilege escalation. However, by default debugfs is only
accessible by the root user.

CVE-2018-10902
It was discovered that the rawmidi kernel driver does not protect
against concurrent access which leads to a double-realloc (double
free) flaw. A local attacker can take advantage of this issue for
privilege escalation.

CVE-2018-10938
Yves Younan from Cisco reported that the Cipso IPv4 module did not
correctly check the length of IPv4 options. On custom kernels with
CONFIG_NETLABEL enabled, a remote attacker could use this to cause
a denial of service (hang).

CVE-2018-13099
Wen Xu from SSLab at Gatech reported a use-after-free bug in the
F2FS implementation. An attacker able to mount a crafted F2FS
volume could use this to cause a denial of service (crash or
memory corruption) or possibly for privilege escalation.

CVE-2018-14609
Wen Xu from SSLab at Gatech reported a potential null pointer
dereference in the F2FS implementation. An attacker able to mount
a crafted F2FS volume could use this to cause a denial of service
(crash).

CVE-2018-14617
Wen Xu from SSLab at Gatech reported a potential null pointer
dereference in the HFS+ implementation. An attacker able to mount
a crafted HFS+ volume could use this to cause a denial of service
(crash).

CVE-2018-14633
Vincent Pelletier discovered a stack-based buffer overflow flaw in
the chap_server_compute_md5() function in the iSCSI target code. An
unauthenticated remote attacker can take advantage of this flaw to
cause a denial of service or possibly to get a non-authorized access
to data exported by an iSCSI target.

CVE-2018-14678
M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the
kernel exit code used on amd64 systems running as Xen PV guests.
A local user could use this to cause a denial of service (crash).

CVE-2018-14734
A use-after-free bug was discovered in the InfiniBand
communication manager. A local user could use this to cause a
denial of service (crash or memory corruption) or possible for
privilege escalation.

CVE-2018-15572
Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and
Nael Abu-Ghazaleh, from University of California, Riverside,
reported a variant of Spectre variant 2, dubbed SpectreRSB. A
local user may be able to use this to read sensitive information
from processes owned by other users.

CVE-2018-15594
Nadav Amit reported that some indirect function calls used in
paravirtualised guests were vulnerable to Spectre variant 2. A
local user may be able to use this to read sensitive information
from the kernel.

CVE-2018-16276
Jann Horn discovered that the yurex driver did not correctly limit
the length of copies to user buffers. A local user with access to
a yurex device node could use this to cause a denial of service
(memory corruption or crash) or possibly for privilege escalation.

CVE-2018-16658
It was discovered that the cdrom driver does not correctly
validate the parameter to the CDROM_DRIVE_STATUS ioctl. A user
with access to a cdrom device could use this to read sensitive
information from the kernel or to cause a denial of service
(crash).

CVE-2018-17182
Jann Horn discovered that the vmacache_flush_all function mishandles
sequence number overflows. A local user can take advantage of this
flaw to trigger a use-after-free, causing a denial of service
(crash or memory corruption) or privilege escalation.

Vulnerability Insight:
The Linux kernel is the core of the Linux operating system.

Affected Software/OS:
linux on Debian Linux

Solution:
For the stable distribution (stretch), these problems have been fixed in
version 4.9.110-3+deb9u5.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

CVSS Score:
8.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-6554
https://www.spinics.net/lists/stable/msg255030.html
https://www.spinics.net/lists/stable/msg255034.html
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
Debian Security Information: DSA-4308 (Google Search)
https://www.debian.org/security/2018/dsa-4308
https://usn.ubuntu.com/3775-2/
https://usn.ubuntu.com/3776-1/
https://usn.ubuntu.com/3776-2/
https://usn.ubuntu.com/3777-1/
https://usn.ubuntu.com/3777-2/
https://usn.ubuntu.com/3775-1/
https://usn.ubuntu.com/3777-3/
BugTraq ID: 105302
http://www.securityfocus.com/bid/105302
Common Vulnerability Exposure (CVE) ID: CVE-2018-6555
https://www.spinics.net/lists/stable/msg255031.html
https://www.spinics.net/lists/stable/msg255035.html
BugTraq ID: 105304
http://www.securityfocus.com/bid/105304
Common Vulnerability Exposure (CVE) ID: CVE-2018-7755
https://lkml.org/lkml/2018/3/7/1116
https://usn.ubuntu.com/3695-1/
https://usn.ubuntu.com/3695-2/
https://usn.ubuntu.com/3696-1/
https://usn.ubuntu.com/3696-2/
https://usn.ubuntu.com/3697-1/
https://usn.ubuntu.com/3697-2/
https://usn.ubuntu.com/3698-2/
https://usn.ubuntu.com/3698-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-9363
RedHat Security Advisories: RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:2948
https://usn.ubuntu.com/3797-1/
https://usn.ubuntu.com/3797-2/
https://usn.ubuntu.com/3820-1/
https://usn.ubuntu.com/3820-2/
https://usn.ubuntu.com/3820-3/
https://usn.ubuntu.com/3822-2/
https://usn.ubuntu.com/3822-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-9516
CopyrightCopyright (c) 2018 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 71225 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde

© 1998-2019 E-Soft Inc. Alle Rechte vorbehalten.