Test ID:	1.3.6.1.4.1.25623.1.0.70977
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1246-1 (linux-image-2.6.38-12-generic)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to linux-image-2.6.38-12-generic announced via advisory USN-1246-1. Details: Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. (CVE-2011-2213) Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700) Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723) Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service. (CVE-2011-2928) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: linux-image-2.6.38-12-generic 2.6.38-12.51 linux-image-2.6.38-12-generic-pae 2.6.38-12.51 linux-image-2.6.38-12-omap 2.6.38-12.51 linux-image-2.6.38-12-powerpc 2.6.38-12.51 linux-image-2.6.38-12-powerpc-smp 2.6.38-12.51 linux-image-2.6.38-12-powerpc64-smp 2.6.38-12.51 linux-image-2.6.38-12-server 2.6.38-12.51 linux-image-2.6.38-12-versatile 2.6.38-12.51 linux-image-2.6.38-12-virtual 2.6.38-12.51 http://www.securityspace.com/smysecure/catid.html?in=USN-1246-1 CVSS Score: 8.3 CVSS Vector: AV:L/AC:L/Au:NR/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2213 HPSBGN02970 http://marc.info/?l=bugtraq&m=139447903326211&w=2 RHSA-2011:0927 http://rhn.redhat.com/errata/RHSA-2011-0927.html [netdev] 20110601 Re: inet_diag insufficient validation? http://article.gmane.org/gmane.linux.network/197208 [netdev] 20110601 inet_diag insufficient validation? http://article.gmane.org/gmane.linux.network/197206 [netdev] 20110603 Re: inet_diag insufficient validation? http://article.gmane.org/gmane.linux.network/197386 [netdev] 20110617 [PATCH] inet_diag: fix inet_diag_bc_audit() http://article.gmane.org/gmane.linux.network/198809 [oss-security] 20110620 CVE request: kernel: inet_diag: fix inet_diag_bc_audit() http://www.openwall.com/lists/oss-security/2011/06/20/1 [oss-security] 20110620 Re: CVE request: kernel: inet_diag: fix inet_diag_bc_audit() http://www.openwall.com/lists/oss-security/2011/06/20/13 http://www.openwall.com/lists/oss-security/2011/06/20/16 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eeb1497277d6b1a0a34ed36b97e18f2bd7d6de0d http://patchwork.ozlabs.org/patch/100857/ http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3 https://bugzilla.redhat.com/show_bug.cgi?id=714536 Common Vulnerability Exposure (CVE) ID: CVE-2011-2497 48472 http://www.securityfocus.com/bid/48472 74679 http://www.osvdb.org/74679 8359 http://securityreason.com/securityalert/8359 [linux-kernel] 20110624 [PATCH] Bluetooth: Prevent buffer overflow in l2cap config request http://marc.info/?l=linux-kernel&m=130891911909436&w=2 [oss-security] 20110624 CVE request: kernel: remote buffer overflow in bluetooth http://www.openwall.com/lists/oss-security/2011/06/24/9 [oss-security] 20110627 Re: CVE request: kernel: remote buffer overflow in bluetooth http://www.openwall.com/lists/oss-security/2011/06/27/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ac28817536797fd40e9646452183606f9e17f71 http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0 https://bugzilla.redhat.com/show_bug.cgi?id=716805 Common Vulnerability Exposure (CVE) ID: CVE-2011-2695 45193 http://secunia.com/advisories/45193 [linux-ext4] 20110603 [PATCH 1/2] ext4: Fix max file size and logical block counting of extent format file http://www.spinics.net/lists/linux-ext4/msg25697.html [oss-security] 20110715 CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file http://www.openwall.com/lists/oss-security/2011/07/15/7 [oss-security] 20110715 Re: CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file http://www.openwall.com/lists/oss-security/2011/07/15/8 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f17722f917b2f21497deb6edc62fb1683daa08e6 http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc5 https://bugzilla.redhat.com/show_bug.cgi?id=722557 Common Vulnerability Exposure (CVE) ID: CVE-2011-2700 48804 http://www.securityfocus.com/bid/48804 [oss-security] 20110720 CVE request: kernel: si4713-i2c: avoid potential buffer overflow on si4713 http://openwall.com/lists/oss-security/2011/07/20/4 [oss-security] 20110720 Re: CVE request: kernel: si4713-i2c: avoid potential buffer overflow on si4713 http://openwall.com/lists/oss-security/2011/07/20/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=dc6b845044ccb7e9e6f3b7e71bd179b3cf0223b6 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4 http://xorl.wordpress.com/2011/07/24/cve-2011-2700-linux-kernel-si4713-i2c-buffer-overflow/ Common Vulnerability Exposure (CVE) ID: CVE-2011-2723 1025876 http://securitytracker.com/id?1025876 48929 http://www.securityfocus.com/bid/48929 RHSA-2011:1321 http://www.redhat.com/support/errata/RHSA-2011-1321.html [oss-security] 20110728 CVE request: kernel: gro: Only reset frag0 when skb can be pulled http://openwall.com/lists/oss-security/2011/07/28/13 [oss-security] 20110729 Re: CVE request: kernel: gro: Only reset frag0 when skb can be pulled http://openwall.com/lists/oss-security/2011/07/29/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17dd759c67f21e34f2156abcf415e1f60605a188 https://bugzilla.redhat.com/show_bug.cgi?id=726552 Common Vulnerability Exposure (CVE) ID: CVE-2011-2928 20110819 [PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS http://www.securityfocus.com/archive/1/519387/100/0/threaded 49256 http://www.securityfocus.com/bid/49256 8360 http://securityreason.com/securityalert/8360 [oss-security] 20110819 CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS http://www.openwall.com/lists/oss-security/2011/08/19/1 [oss-security] 20110819 Re: CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS http://www.openwall.com/lists/oss-security/2011/08/19/5 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338d0f0a6fbc82407864606f5b64b75aeb3c70f2 http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.1-rc3 http://www.pre-cert.de/advisories/PRE-SA-2011-06.txt linux-kernel-be-dos(69343) https://exchange.xforce.ibmcloud.com/vulnerabilities/69343 Common Vulnerability Exposure (CVE) ID: CVE-2011-3188 [oss-security] 20110823 Re: CVE request: kernel: change in how tcp seq numbers are generated http://www.openwall.com/lists/oss-security/2011/08/23/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bc0b96b54a21246e377122d54569eef71cec535f http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 https://bugzilla.redhat.com/show_bug.cgi?id=732658 https://github.com/torvalds/linux/commit/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec https://github.com/torvalds/linux/commit/bc0b96b54a21246e377122d54569eef71cec535f https://support.f5.com/csp/article/K15301?utm_source=f5support&amp%3Butm_medium=RSS Common Vulnerability Exposure (CVE) ID: CVE-2011-3191 [oss-security] 20110824 Re: CVE request: kernel: cifs: singedness issue in CIFSFindNext() http://www.openwall.com/lists/oss-security/2011/08/24/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9438fabb73eb48055b58b89fc51e0bc4db22fabd https://bugzilla.redhat.com/show_bug.cgi?id=732869 https://github.com/torvalds/linux/commit/9438fabb73eb48055b58b89fc51e0bc4db22fabd
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.