Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702766
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2766-1 (linux-2.6 - privilege escalation/denial of service/information leak)
Summary:Several vulnerabilities have been discovered in the Linux kernel that may lead;to a denial of service, information leak or privilege escalation. The Common;Vulnerabilities and Exposures project identifies the following problems:;;CVE-2013-2141;Emese Revfy provided a fix for an information leak in the tkill and;tgkill system calls. A local user on a 64-bit system may be able to;gain access to sensitive memory contents.;;CVE-2013-2164;Jonathan Salwan reported an information leak in the CD-ROM driver. A;local user on a system with a malfunctioning CD-ROM drive could gain;access to sensitive memory.;;CVE-2013-2206;Karl Heiss reported an issue in the Linux SCTP implementation. A remote;user could cause a denial of service (system crash).;;CVE-2013-2232;Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6;subsystem. Local users could cause a denial of service by using an;AF_INET6 socket to connect to an IPv4 destination.;;CVE-2013-2234;Mathias Krause reported a memory leak in the implementation of PF_KEYv2;sockets. Local users could gain access to sensitive kernel memory.;;CVE-2013-2237;Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2;sockets. Local users could gain access to sensitive kernel memory.;;CVE-2013-2239;Jonathan Salwan discovered multiple memory leaks in the openvz kernel;flavor. Local users could gain access to sensitive kernel memory.;;CVE-2013-2851;Kees Cook reported an issue in the block subsystem. Local users with;uid 0 could gain elevated ring 0 privileges. This is only a security;issue for certain specially configured systems.;;CVE-2013-2852;Kees Cook reported an issue in the b43 network driver for certain Broadcom;wireless devices. Local users with uid 0 could gain elevated ring 0;privileges. This is only a security issue for certain specially configured;systems.;;CVE-2013-2888;Kees Cook reported an issue in the HID driver subsystem. A local user,;with the ability to attach a device, could cause a denial of service;(system crash).;;CVE-2013-2892;Kees Cook reported an issue in the pantherlord HID device driver. Local;users with the ability to attach a device could cause a denial of service;or possibly gain elevated privileges.
Description:Summary:
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service, information leak or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2013-2141
Emese Revfy provided a fix for an information leak in the tkill and
tgkill system calls. A local user on a 64-bit system may be able to
gain access to sensitive memory contents.

CVE-2013-2164
Jonathan Salwan reported an information leak in the CD-ROM driver. A
local user on a system with a malfunctioning CD-ROM drive could gain
access to sensitive memory.

CVE-2013-2206
Karl Heiss reported an issue in the Linux SCTP implementation. A remote
user could cause a denial of service (system crash).

CVE-2013-2232
Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6
subsystem. Local users could cause a denial of service by using an
AF_INET6 socket to connect to an IPv4 destination.

CVE-2013-2234
Mathias Krause reported a memory leak in the implementation of PF_KEYv2
sockets. Local users could gain access to sensitive kernel memory.

CVE-2013-2237
Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2
sockets. Local users could gain access to sensitive kernel memory.

CVE-2013-2239
Jonathan Salwan discovered multiple memory leaks in the openvz kernel
flavor. Local users could gain access to sensitive kernel memory.

CVE-2013-2851
Kees Cook reported an issue in the block subsystem. Local users with
uid 0 could gain elevated ring 0 privileges. This is only a security
issue for certain specially configured systems.

CVE-2013-2852
Kees Cook reported an issue in the b43 network driver for certain Broadcom
wireless devices. Local users with uid 0 could gain elevated ring 0
privileges. This is only a security issue for certain specially configured
systems.

CVE-2013-2888
Kees Cook reported an issue in the HID driver subsystem. A local user,
with the ability to attach a device, could cause a denial of service
(system crash).

CVE-2013-2892
Kees Cook reported an issue in the pantherlord HID device driver. Local
users with the ability to attach a device could cause a denial of service
or possibly gain elevated privileges.

Affected Software/OS:
linux-2.6 on Debian Linux

Solution:
For the oldstable distribution (squeeze), this problem has been fixed in
version 2.6.32-48squeeze4.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

?Debian 6.0 (squeeze)user-mode-linux2.6.32-1um-4+48squeeze4
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

Note
: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or 'leap-frog' fashion.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-2234
Debian Security Information: DSA-2766 (Google Search)
http://www.debian.org/security/2013/dsa-2766
http://www.openwall.com/lists/oss-security/2013/07/02/7
RedHat Security Advisories: RHSA-2013:1166
http://rhn.redhat.com/errata/RHSA-2013-1166.html
RedHat Security Advisories: RHSA-2013:1645
http://rhn.redhat.com/errata/RHSA-2013-1645.html
SuSE Security Announcement: SUSE-SU-2013:1473 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html
SuSE Security Announcement: SUSE-SU-2013:1474 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html
SuSE Security Announcement: openSUSE-SU-2013:1971 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
http://www.ubuntu.com/usn/USN-1912-1
http://www.ubuntu.com/usn/USN-1913-1
http://www.ubuntu.com/usn/USN-1938-1
http://www.ubuntu.com/usn/USN-1941-1
http://www.ubuntu.com/usn/USN-1942-1
http://www.ubuntu.com/usn/USN-1943-1
http://www.ubuntu.com/usn/USN-1944-1
http://www.ubuntu.com/usn/USN-1945-1
http://www.ubuntu.com/usn/USN-1946-1
http://www.ubuntu.com/usn/USN-1947-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2239
http://openwall.com/lists/oss-security/2013/07/04/9
Common Vulnerability Exposure (CVE) ID: CVE-2013-2851
http://marc.info/?l=linux-kernel&m=137055204522556&w=2
http://www.openwall.com/lists/oss-security/2013/06/06/13
RedHat Security Advisories: RHSA-2013:1783
http://rhn.redhat.com/errata/RHSA-2013-1783.html
RedHat Security Advisories: RHSA-2014:0284
http://rhn.redhat.com/errata/RHSA-2014-0284.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2232
http://www.openwall.com/lists/oss-security/2013/07/02/5
RedHat Security Advisories: RHSA-2013:1173
http://rhn.redhat.com/errata/RHSA-2013-1173.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2852
RedHat Security Advisories: RHSA-2013:1051
http://rhn.redhat.com/errata/RHSA-2013-1051.html
RedHat Security Advisories: RHSA-2013:1450
http://rhn.redhat.com/errata/RHSA-2013-1450.html
http://www.ubuntu.com/usn/USN-1899-1
http://www.ubuntu.com/usn/USN-1900-1
http://www.ubuntu.com/usn/USN-1914-1
http://www.ubuntu.com/usn/USN-1915-1
http://www.ubuntu.com/usn/USN-1916-1
http://www.ubuntu.com/usn/USN-1917-1
http://www.ubuntu.com/usn/USN-1918-1
http://www.ubuntu.com/usn/USN-1919-1
http://www.ubuntu.com/usn/USN-1920-1
http://www.ubuntu.com/usn/USN-1930-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2206
http://www.openwall.com/lists/oss-security/2013/06/21/1
SuSE Security Announcement: SUSE-SU-2013:1744 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00020.html
SuSE Security Announcement: SUSE-SU-2013:1748 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00021.html
SuSE Security Announcement: SUSE-SU-2013:1749 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00023.html
SuSE Security Announcement: SUSE-SU-2013:1750 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00024.html
http://www.ubuntu.com/usn/USN-1939-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2888
http://marc.info/?l=linux-input&m=137772180514608&w=1
http://openwall.com/lists/oss-security/2013/08/28/13
RedHat Security Advisories: RHSA-2013:1490
http://rhn.redhat.com/errata/RHSA-2013-1490.html
http://www.ubuntu.com/usn/USN-1976-1
http://www.ubuntu.com/usn/USN-1977-1
http://www.ubuntu.com/usn/USN-1995-1
http://www.ubuntu.com/usn/USN-1998-1
http://www.ubuntu.com/usn/USN-2019-1
http://www.ubuntu.com/usn/USN-2021-1
http://www.ubuntu.com/usn/USN-2022-1
http://www.ubuntu.com/usn/USN-2024-1
http://www.ubuntu.com/usn/USN-2038-1
http://www.ubuntu.com/usn/USN-2039-1
http://www.ubuntu.com/usn/USN-2050-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2237
http://www.openwall.com/lists/oss-security/2013/07/04/3
http://www.ubuntu.com/usn/USN-1970-1
http://www.ubuntu.com/usn/USN-1972-1
http://www.ubuntu.com/usn/USN-1973-1
http://www.ubuntu.com/usn/USN-1992-1
http://www.ubuntu.com/usn/USN-1993-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2892
BugTraq ID: 62049
http://www.securityfocus.com/bid/62049
http://marc.info/?l=linux-input&m=137772185414625&w=1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2164
http://www.openwall.com/lists/oss-security/2013/06/10/9
Common Vulnerability Exposure (CVE) ID: CVE-2013-2141
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
http://www.openwall.com/lists/oss-security/2013/06/04/10
RedHat Security Advisories: RHSA-2013:1801
http://rhn.redhat.com/errata/RHSA-2013-1801.html
http://secunia.com/advisories/55055
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.