Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702745
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2745-1 (linux - privilege escalation/denial of service/information leak)
Summary:Several vulnerabilities have been discovered in the Linux kernel that may lead;to a denial of service, information leak or privilege escalation. The Common;Vulnerabilities and Exposures project identifies the following problems:;;CVE-2013-1059;Chanam Park reported an issue in the Ceph distributed storage system.;Remote users can cause a denial of service by sending a specially crafted;auth_reply message.;;CVE-2013-2148;Dan Carpenter reported an information leak in the filesystem wide access;notification subsystem (fanotify). Local users could gain access to;sensitive kernel memory.;;CVE-2013-2164;Jonathan Salwan reported an information leak in the CD-ROM driver. A;local user on a system with a malfunctioning CD-ROM drive could gain;access to sensitive memory.;;CVE-2013-2232;Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6;subsystem. Local users could cause a denial of service by using an;AF_INET6 socket to connect to an IPv4 destination.;;CVE-2013-2234;Mathias Krause reported a memory leak in the implementation of PF_KEYv2;sockets. Local users could gain access to sensitive kernel memory.;;CVE-2013-2237;Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2;sockets. Local users could gain access to sensitive kernel memory.;;CVE-2013-2851;Kees Cook reported an issue in the block subsystem. Local users with;uid 0 could gain elevated ring 0 privileges. This is only a security;issue for certain specially configured systems.;;CVE-2013-2852;Kees Cook reported an issue in the b43 network driver for certain Broadcom;wireless devices. Local users with uid 0 could gain elevated ring 0;privileges. This is only a security issue for certain specially configured;systems.;;CVE-2013-4162;Hannes Frederic Sowa reported an issue in the IPv6 networking subsystem.;Local users can cause a denial of service (system crash).;;CVE-2013-4163;Dave Jones reported an issue in the IPv6 networking subsystem. Local;users can cause a denial of service (system crash).;;This update also includes a fix for a regression in the Xen subsystem.
Description:Summary:
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service, information leak or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2013-1059
Chanam Park reported an issue in the Ceph distributed storage system.
Remote users can cause a denial of service by sending a specially crafted
auth_reply message.

CVE-2013-2148
Dan Carpenter reported an information leak in the filesystem wide access
notification subsystem (fanotify). Local users could gain access to
sensitive kernel memory.

CVE-2013-2164
Jonathan Salwan reported an information leak in the CD-ROM driver. A
local user on a system with a malfunctioning CD-ROM drive could gain
access to sensitive memory.

CVE-2013-2232
Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6
subsystem. Local users could cause a denial of service by using an
AF_INET6 socket to connect to an IPv4 destination.

CVE-2013-2234
Mathias Krause reported a memory leak in the implementation of PF_KEYv2
sockets. Local users could gain access to sensitive kernel memory.

CVE-2013-2237
Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2
sockets. Local users could gain access to sensitive kernel memory.

CVE-2013-2851
Kees Cook reported an issue in the block subsystem. Local users with
uid 0 could gain elevated ring 0 privileges. This is only a security
issue for certain specially configured systems.

CVE-2013-2852
Kees Cook reported an issue in the b43 network driver for certain Broadcom
wireless devices. Local users with uid 0 could gain elevated ring 0
privileges. This is only a security issue for certain specially configured
systems.

CVE-2013-4162
Hannes Frederic Sowa reported an issue in the IPv6 networking subsystem.
Local users can cause a denial of service (system crash).

CVE-2013-4163
Dave Jones reported an issue in the IPv6 networking subsystem. Local
users can cause a denial of service (system crash).

This update also includes a fix for a regression in the Xen subsystem.

Affected Software/OS:
linux on Debian Linux

Solution:
For the stable distribution (wheezy), these problems has been fixed in version
3.2.46-1+deb7u1.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

?Debian 7.0 (wheezy)user-mode-linux3.2-2um-1+deb7u2
We recommend that you upgrade your linux and user-mode-linux packages.

Note
: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or 'leap-frog' fashion.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-2234
Debian Security Information: DSA-2766 (Google Search)
http://www.debian.org/security/2013/dsa-2766
http://www.openwall.com/lists/oss-security/2013/07/02/7
RedHat Security Advisories: RHSA-2013:1166
http://rhn.redhat.com/errata/RHSA-2013-1166.html
RedHat Security Advisories: RHSA-2013:1645
http://rhn.redhat.com/errata/RHSA-2013-1645.html
SuSE Security Announcement: SUSE-SU-2013:1473 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html
SuSE Security Announcement: SUSE-SU-2013:1474 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html
SuSE Security Announcement: openSUSE-SU-2013:1971 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
http://www.ubuntu.com/usn/USN-1912-1
http://www.ubuntu.com/usn/USN-1913-1
http://www.ubuntu.com/usn/USN-1938-1
http://www.ubuntu.com/usn/USN-1941-1
http://www.ubuntu.com/usn/USN-1942-1
http://www.ubuntu.com/usn/USN-1943-1
http://www.ubuntu.com/usn/USN-1944-1
http://www.ubuntu.com/usn/USN-1945-1
http://www.ubuntu.com/usn/USN-1946-1
http://www.ubuntu.com/usn/USN-1947-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2851
http://marc.info/?l=linux-kernel&m=137055204522556&w=2
http://www.openwall.com/lists/oss-security/2013/06/06/13
RedHat Security Advisories: RHSA-2013:1783
http://rhn.redhat.com/errata/RHSA-2013-1783.html
RedHat Security Advisories: RHSA-2014:0284
http://rhn.redhat.com/errata/RHSA-2014-0284.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2232
http://www.openwall.com/lists/oss-security/2013/07/02/5
RedHat Security Advisories: RHSA-2013:1173
http://rhn.redhat.com/errata/RHSA-2013-1173.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-1059
http://hkpco.kr/advisory/CVE-2013-1059.txt
http://www.openwall.com/lists/oss-security/2013/07/09/7
SuSE Security Announcement: SUSE-SU-2013:1161 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00012.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4162
BugTraq ID: 61411
http://www.securityfocus.com/bid/61411
http://www.openwall.com/lists/oss-security/2013/07/23/9
RedHat Security Advisories: RHSA-2013:1436
http://rhn.redhat.com/errata/RHSA-2013-1436.html
RedHat Security Advisories: RHSA-2013:1460
http://rhn.redhat.com/errata/RHSA-2013-1460.html
RedHat Security Advisories: RHSA-2013:1520
http://rhn.redhat.com/errata/RHSA-2013-1520.html
http://secunia.com/advisories/54148
http://secunia.com/advisories/55055
http://www.ubuntu.com/usn/USN-1939-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2852
RedHat Security Advisories: RHSA-2013:1051
http://rhn.redhat.com/errata/RHSA-2013-1051.html
RedHat Security Advisories: RHSA-2013:1450
http://rhn.redhat.com/errata/RHSA-2013-1450.html
http://www.ubuntu.com/usn/USN-1899-1
http://www.ubuntu.com/usn/USN-1900-1
http://www.ubuntu.com/usn/USN-1914-1
http://www.ubuntu.com/usn/USN-1915-1
http://www.ubuntu.com/usn/USN-1916-1
http://www.ubuntu.com/usn/USN-1917-1
http://www.ubuntu.com/usn/USN-1918-1
http://www.ubuntu.com/usn/USN-1919-1
http://www.ubuntu.com/usn/USN-1920-1
http://www.ubuntu.com/usn/USN-1930-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2148
http://lkml.org/lkml/2013/6/3/128
http://www.openwall.com/lists/oss-security/2013/06/05/26
http://www.ubuntu.com/usn/USN-1929-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4163
BugTraq ID: 61412
http://www.securityfocus.com/bid/61412
http://www.openwall.com/lists/oss-security/2013/07/23/10
Common Vulnerability Exposure (CVE) ID: CVE-2013-2237
http://www.openwall.com/lists/oss-security/2013/07/04/3
http://www.ubuntu.com/usn/USN-1970-1
http://www.ubuntu.com/usn/USN-1972-1
http://www.ubuntu.com/usn/USN-1973-1
http://www.ubuntu.com/usn/USN-1992-1
http://www.ubuntu.com/usn/USN-1993-1
http://www.ubuntu.com/usn/USN-1995-1
http://www.ubuntu.com/usn/USN-1998-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2164
http://www.openwall.com/lists/oss-security/2013/06/10/9
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.