Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70986
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-1256-1 (linux-image-2.6.38-12-generic)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to linux-image-2.6.38-12-generic
announced via advisory USN-1256-1.

Details:

It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)

Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy. (CVE-2011-1078)

Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check
that device name strings were NULL terminated. A local attacker could
exploit this to crash the system, leading to a denial of service, or leak
contents of kernel stack memory, leading to a loss of privacy.
(CVE-2011-1079)

Vasiliy Kulikov discovered that bridge network filtering did not check that
name fields were NULL terminated. A local attacker could exploit this to
leak contents of kernel stack memory, leading to a loss of privacy.
(CVE-2011-1080)

Johan Hovold discovered that the DCCP network stack did not correctly
handle certain packet combinations. A remote attacker could send specially
crafted network traffic that would crash the system, leading to a denial of
service. (CVE-2011-1093)

Peter Huewe discovered that the TPM device did not correctly initialize
memory. A local attacker could exploit this to read kernel heap memory
contents, leading to a loss of privacy. (CVE-2011-1160)

Dan Rosenberg discovered that the IRDA subsystem did not correctly check
certain field sizes. If a system was using IRDA, a remote attacker could
send specially crafted traffic to crash the system or gain root privileges.
(CVE-2011-1180)

Ryan Sweat discovered that the GRO code did not correctly validate memory.
In some configurations on systems using VLANs, a remote attacker could send
specially crafted traffic to crash the system, leading to a denial of
service. (CVE-2011-1478)

It was discovered that the security fix for CVE-2010-4250 introduced a
regression. A remote attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2011-1479)

Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
(CVE-2011-1493)

It was discovered that the Stream Control Transmission Protocol (SCTP)
implementation incorrectly calculated lengths. If the net.sctp.addip_enable
variable was turned on, a remote attacker could send specially crafted
traffic to crash the system. (CVE-2011-1573)

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN
packets. On some systems, a remote attacker could send specially crafted
traffic to crash the system, leading to a denial of service.
(CVE-2011-1576)

Timo Warns discovered that the GUID partition parsing routines did not
correctly validate certain structures. A local attacker with physical
access could plug in a specially crafted block device to crash the system,
leading to a denial of service. (CVE-2011-1577)

Phil Oester discovered that the network bonding system did not correctly
handle large queues. On some systems, a remote attacker could send
specially crafted traffic to crash the system, leading to a denial of
service. (CVE-2011-1581)

It was discovered that CIFS incorrectly handled authentication. When a user
had a CIFS share mounted that required authentication, a local user could
mount the same share without knowing the correct password. (CVE-2011-1585)

It was discovered that the GRE protocol incorrectly handled netns
initialization. A remote attacker could send a packet while the ip_gre
module was loading, and crash the system, leading to a denial of service.
(CVE-2011-1767)

It was discovered that the IP/IP protocol incorrectly handled netns
initialization. A remote attacker could send a packet while the ipip module
was loading, and crash the system, leading to a denial of service.
(CVE-2011-1768)

Ben Greear discovered that CIFS did not correctly handle direct I/O. A
local attacker with access to a CIFS partition could exploit this to crash
the system, leading to a denial of service. (CVE-2011-1771)

Timo Warns discovered that the EFI GUID partition table was not correctly
parsed. A physically local attacker that could insert mountable devices
could exploit this to crash the system or possibly gain root privileges.
(CVE-2011-1776)

Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not
correctly check the origin of mount points. A local attacker could exploit
this to trick the system into unmounting arbitrary mount points, leading to
a denial of service. (CVE-2011-1833)

Andrea Righi discovered a race condition in the KSM memory merging support.
If KSM was being used, a local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2011-2183)

Dan Rosenberg discovered that the IPv4 diagnostic routines did not
correctly validate certain requests. A local attacker could exploit this to
consume CPU resources, leading to a denial of service. (CVE-2011-2213)

It was discovered that an mmap() call with the MAP_PRIVATE flag on
/dev/zero was incorrectly handled. A local attacker could exploit this to
crash the system, leading to a denial of service. (CVE-2011-2479)

Vasiliy Kulikov discovered that taskstats listeners were not correctly
handled. A local attacker could expoit this to exhaust memory and CPU
resources, leading to a denial of service. (CVE-2011-2484)

Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly
handled unlock requests. A local attacker could exploit this to cause a
denial of service. (CVE-2011-2491)

It was discovered that Bluetooth l2cap and rfcomm did not correctly
initialize structures. A local attacker could exploit this to read portions
of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)

Sami Liedes discovered that ext4 did not correctly handle missing root
inodes. A local attacker could trigger the mount of a specially crafted
filesystem to cause the system to crash, leading to a denial of service.
(CVE-2011-2493)

Vasiliy Kulikov discovered that taskstats did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2494)

Vasiliy Kulikov discovered that /proc/PID/io did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2495)

Robert Swiecki discovered that mapping extensions were incorrectly handled.
A local attacker could exploit this to crash the system, leading to a
denial of service. (CVE-2011-2496)

Dan Rosenberg discovered that the Bluetooth stack incorrectly handled
certain L2CAP requests. If a system was using Bluetooth, a remote attacker
could send specially crafted traffic to crash the system or gain root
privileges. (CVE-2011-2497)

It was discovered that the wireless stack incorrectly verified SSID
lengths. A local attacker could exploit this to cause a denial of service
or gain root privileges. (CVE-2011-2517)

Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being
incorrectly handled. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2011-2525)

It was discovered that GFS2 did not correctly check block sizes. A local
attacker could exploit this to crash the system, leading to a denial of
service. (CVE-2011-2689)

It was discovered that the EXT4 filesystem contained multiple off-by-one
flaws. A local attacker could exploit this to crash the system, leading to
a denial of service. (CVE-2011-2695)

Fernando Gont discovered that the IPv6 stack used predictable fragment
identification numbers. A remote attacker could exploit this to exhaust
network resources, leading to a denial of service. (CVE-2011-2699)

Mauro Carvalho Chehab discovered that the si4713 radio driver did not
correctly check the length of memory copies. If this hardware was
available, a local attacker could exploit this to crash the system or gain
root privileges. (CVE-2011-2700)

Herbert Xu discovered that certain fields were incorrectly handled when
Generic Receive Offload (CVE-2011-2723)

Christian Ohm discovered that the perf command looks for configuration
files in the current directory. If a privileged user were tricked into
running perf in a directory containing a malicious configuration file, an
attacker could run arbitrary commands and possibly gain privileges.
(CVE-2011-2905)

Vasiliy Kulikov discovered that the Comedi driver did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy. (CVE-2011-2909)

The performance counter subsystem did not correctly handle certain
counters. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2011-2918)

Time Warns discovered that long symlinks were incorrectly handled on Be
filesystems. A local attacker could exploit this with a malformed Be
filesystem and crash the system, leading to a denial of service.
(CVE-2011-2928)

Qianfeng Zhang discovered that the bridge networking interface incorrectly
handled certain network packets. A remote attacker could exploit this to
crash the system, leading to a denial of service. (CVE-2011-2942)

Dan Kaminsky discovered that the kernel incorrectly handled random sequence
number generation. An attacker could use this flaw to possibly predict
sequence numbers and inject packets. (CVE-2011-3188)

Darren Lavender discovered that the CIFS client incorrectly handled certain
large values. A remote attacker with a malicious server could exploit this
to crash the system or possibly execute arbitrary code as the root user.
(CVE-2011-3191)

Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A
local unprivileged attacker could exploit this causing a denial of service.
(CVE-2011-3209)

Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had
no prefixpaths. A local attacker with access to a CIFS partition could
exploit this to crash the system, leading to a denial of service.
(CVE-2011-3363)

Solution:
The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.38-12-generic 2.6.38-12.51~
lucid1
linux-image-2.6.38-12-generic-pae 2.6.38-12.51~
lucid1
linux-image-2.6.38-12-server 2.6.38-12.51~
lucid1
linux-image-2.6.38-12-virtual 2.6.38-12.51~
lucid1

http://www.securityspace.com/smysecure/catid.html?in=USN-1256-1

CVSS Score:
8.3

CVSS Vector:
AV:L/AC:L/Au:NR/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1020
BugTraq ID: 46567
http://www.securityfocus.com/bid/46567
http://seclists.org/fulldisclosure/2011/Jan/421
http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/
https://lkml.org/lkml/2011/2/7/414
https://lkml.org/lkml/2011/2/7/474
https://lkml.org/lkml/2011/2/7/368
https://lkml.org/lkml/2011/2/7/404
https://lkml.org/lkml/2011/2/7/466
https://lkml.org/lkml/2011/2/10/21
https://lkml.org/lkml/2011/2/9/417
http://openwall.com/lists/oss-security/2011/02/24/18
http://openwall.com/lists/oss-security/2011/02/25/2
http://secunia.com/advisories/43496
http://securityreason.com/securityalert/8107
XForce ISS Database: kernel-procpid-security-bypass(65693)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65693
Common Vulnerability Exposure (CVE) ID: CVE-2011-1078
http://www.openwall.com/lists/oss-security/2011/03/01/10
RedHat Security Advisories: RHSA-2011:0833
http://rhn.redhat.com/errata/RHSA-2011-0833.html
RedHat Security Advisories: RHSA-2012:1156
http://rhn.redhat.com/errata/RHSA-2012-1156.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1079
http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1080
Common Vulnerability Exposure (CVE) ID: CVE-2011-1093
BugTraq ID: 46793
http://www.securityfocus.com/bid/46793
http://openwall.com/lists/oss-security/2011/03/08/4
http://openwall.com/lists/oss-security/2011/03/08/19
Common Vulnerability Exposure (CVE) ID: CVE-2011-1160
http://www.openwall.com/lists/oss-security/2011/03/15/13
Common Vulnerability Exposure (CVE) ID: CVE-2011-1180
http://www.openwall.com/lists/oss-security/2011/03/22/11
Common Vulnerability Exposure (CVE) ID: CVE-2011-1478
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://openwall.com/lists/oss-security/2011/03/28/1
http://secunia.com/advisories/46397
http://securityreason.com/securityalert/8480
Common Vulnerability Exposure (CVE) ID: CVE-2010-4250
http://www.openwall.com/lists/oss-security/2010/11/24/11
Common Vulnerability Exposure (CVE) ID: CVE-2011-1479
http://www.openwall.com/lists/oss-security/2011/04/11/1
Common Vulnerability Exposure (CVE) ID: CVE-2011-1493
http://www.openwall.com/lists/oss-security/2011/04/05/19
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1573
http://openwall.com/lists/oss-security/2011/04/11/4
http://openwall.com/lists/oss-security/2011/04/11/12
RedHat Security Advisories: RHSA-2011:0927
http://rhn.redhat.com/errata/RHSA-2011-0927.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1576
BugTraq ID: 48907
http://www.securityfocus.com/bid/48907
http://www.redhat.com/support/errata/RHSA-2011-1090.html
http://www.redhat.com/support/errata/RHSA-2011-1106.html
http://www.securitytracker.com/id?1025853
Common Vulnerability Exposure (CVE) ID: CVE-2011-1577
BugTraq ID: 47343
http://www.securityfocus.com/bid/47343
Bugtraq: 20110413 [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel (Google Search)
http://www.securityfocus.com/archive/1/517477/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html
http://www.spinics.net/lists/mm-commits/msg83274.html
http://openwall.com/lists/oss-security/2011/04/12/17
http://openwall.com/lists/oss-security/2011/04/13/1
http://securitytracker.com/id?1025355
http://securityreason.com/securityalert/8238
XForce ISS Database: kernel-guid-dos(66773)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66773
Common Vulnerability Exposure (CVE) ID: CVE-2011-1581
http://openwall.com/lists/oss-security/2011/04/13/4
http://openwall.com/lists/oss-security/2011/04/13/16
http://securitytracker.com/id?1025558
Common Vulnerability Exposure (CVE) ID: CVE-2011-1585
http://www.openwall.com/lists/oss-security/2011/04/15/8
Common Vulnerability Exposure (CVE) ID: CVE-2011-1767
http://www.openwall.com/lists/oss-security/2011/05/05/6
Common Vulnerability Exposure (CVE) ID: CVE-2011-1768
Common Vulnerability Exposure (CVE) ID: CVE-2011-1771
http://marc.info/?l=linux-cifs&m=130204730006155&w=2
http://marc.info/?l=linux-cifs&m=130204357001849&w=2
http://www.openwall.com/lists/oss-security/2011/05/09/2
http://securityreason.com/securityalert/8367
Common Vulnerability Exposure (CVE) ID: CVE-2011-1776
BugTraq ID: 47796
http://www.securityfocus.com/bid/47796
http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt
http://openwall.com/lists/oss-security/2011/05/10/4
http://securityreason.com/securityalert/8369
Common Vulnerability Exposure (CVE) ID: CVE-2011-1833
SuSE Security Announcement: SUSE-SU-2011:0898 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html
http://www.ubuntu.com/usn/USN-1188-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-2183
http://www.openwall.com/lists/oss-security/2011/06/06/1
Common Vulnerability Exposure (CVE) ID: CVE-2011-2213
HPdes Security Advisory: HPSBGN02970
http://marc.info/?l=bugtraq&m=139447903326211&w=2
http://article.gmane.org/gmane.linux.network/197208
http://article.gmane.org/gmane.linux.network/197206
http://article.gmane.org/gmane.linux.network/197386
http://article.gmane.org/gmane.linux.network/198809
http://www.openwall.com/lists/oss-security/2011/06/20/1
http://www.openwall.com/lists/oss-security/2011/06/20/13
http://www.openwall.com/lists/oss-security/2011/06/20/16
Common Vulnerability Exposure (CVE) ID: CVE-2011-2479
http://www.openwall.com/lists/oss-security/2011/06/20/14
Common Vulnerability Exposure (CVE) ID: CVE-2011-2484
BugTraq ID: 48383
http://www.securityfocus.com/bid/48383
https://bugzilla.redhat.com/show_bug.cgi?id=715436
http://lists.openwall.net/linux-kernel/2011/06/16/605
http://openwall.com/lists/oss-security/2011/06/22/1
http://openwall.com/lists/oss-security/2011/06/22/2
XForce ISS Database: kernel-taskstats-dos(68150)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68150
Common Vulnerability Exposure (CVE) ID: CVE-2011-2491
http://www.openwall.com/lists/oss-security/2011/06/23/6
RedHat Security Advisories: RHSA-2011:1212
http://rhn.redhat.com/errata/RHSA-2011-1212.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2492
http://permalink.gmane.org/gmane.linux.bluez.kernel/12909
http://www.openwall.com/lists/oss-security/2011/06/24/2
http://www.openwall.com/lists/oss-security/2011/06/24/3
http://securitytracker.com/id?1025778
Common Vulnerability Exposure (CVE) ID: CVE-2011-2493
http://www.openwall.com/lists/oss-security/2011/06/24/4
Common Vulnerability Exposure (CVE) ID: CVE-2011-2494
http://www.openwall.com/lists/oss-security/2011/06/27/1
http://secunia.com/advisories/48898
SuSE Security Announcement: SUSE-SU-2012:0554 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2495
Common Vulnerability Exposure (CVE) ID: CVE-2011-2496
http://www.openwall.com/lists/oss-security/2011/06/27/2
Common Vulnerability Exposure (CVE) ID: CVE-2011-2497
BugTraq ID: 48472
http://www.securityfocus.com/bid/48472
http://marc.info/?l=linux-kernel&m=130891911909436&w=2
http://www.openwall.com/lists/oss-security/2011/06/24/9
http://www.openwall.com/lists/oss-security/2011/06/27/3
http://www.osvdb.org/74679
http://securityreason.com/securityalert/8359
Common Vulnerability Exposure (CVE) ID: CVE-2011-2517
http://www.openwall.com/lists/oss-security/2011/07/01/4
Common Vulnerability Exposure (CVE) ID: CVE-2011-2525
http://kerneltrap.org/mailarchive/linux-netdev/2010/5/21/6277805
http://openwall.com/lists/oss-security/2011/07/12/1
RedHat Security Advisories: RHSA-2011:1065
http://rhn.redhat.com/errata/RHSA-2011-1065.html
RedHat Security Advisories: RHSA-2011:1163
http://rhn.redhat.com/errata/RHSA-2011-1163.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2689
BugTraq ID: 48677
http://www.securityfocus.com/bid/48677
http://www.openwall.com/lists/oss-security/2011/07/13/1
http://securitytracker.com/id?1025776
http://secunia.com/advisories/45193
XForce ISS Database: linux-kernel-gfs2-dos(68557)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68557
Common Vulnerability Exposure (CVE) ID: CVE-2011-2695
http://www.spinics.net/lists/linux-ext4/msg25697.html
http://www.openwall.com/lists/oss-security/2011/07/15/7
http://www.openwall.com/lists/oss-security/2011/07/15/8
Common Vulnerability Exposure (CVE) ID: CVE-2011-2699
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.openwall.com/lists/oss-security/2011/07/20/5
http://www.securitytracker.com/id?1027274
Common Vulnerability Exposure (CVE) ID: CVE-2011-2700
BugTraq ID: 48804
http://www.securityfocus.com/bid/48804
http://xorl.wordpress.com/2011/07/24/cve-2011-2700-linux-kernel-si4713-i2c-buffer-overflow/
http://openwall.com/lists/oss-security/2011/07/20/4
http://openwall.com/lists/oss-security/2011/07/20/6
Common Vulnerability Exposure (CVE) ID: CVE-2011-2723
BugTraq ID: 48929
http://www.securityfocus.com/bid/48929
http://openwall.com/lists/oss-security/2011/07/28/13
http://openwall.com/lists/oss-security/2011/07/29/1
http://www.redhat.com/support/errata/RHSA-2011-1321.html
http://securitytracker.com/id?1025876
Common Vulnerability Exposure (CVE) ID: CVE-2011-2905
http://www.openwall.com/lists/oss-security/2011/08/09/6
Common Vulnerability Exposure (CVE) ID: CVE-2011-2909
http://www.openwall.com/lists/oss-security/2011/08/12/1
Common Vulnerability Exposure (CVE) ID: CVE-2011-2918
http://www.openwall.com/lists/oss-security/2011/08/16/1
Common Vulnerability Exposure (CVE) ID: CVE-2011-2928
BugTraq ID: 49256
http://www.securityfocus.com/bid/49256
Bugtraq: 20110819 [PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS (Google Search)
http://www.securityfocus.com/archive/1/519387/100/0/threaded
http://www.pre-cert.de/advisories/PRE-SA-2011-06.txt
http://www.openwall.com/lists/oss-security/2011/08/19/1
http://www.openwall.com/lists/oss-security/2011/08/19/5
http://securityreason.com/securityalert/8360
XForce ISS Database: linux-kernel-be-dos(69343)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69343
Common Vulnerability Exposure (CVE) ID: CVE-2011-2942
http://www.openwall.com/lists/oss-security/2011/10/24/3
Common Vulnerability Exposure (CVE) ID: CVE-2011-3188
http://www.openwall.com/lists/oss-security/2011/08/23/2
Common Vulnerability Exposure (CVE) ID: CVE-2011-3191
http://www.openwall.com/lists/oss-security/2011/08/24/2
Common Vulnerability Exposure (CVE) ID: CVE-2011-3209
Common Vulnerability Exposure (CVE) ID: CVE-2011-3363
http://www.openwall.com/lists/oss-security/2011/09/14/12
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.