Test ID:	1.3.6.1.4.1.25623.1.0.71756
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1364-1 (linux-image-3.0.0-1207-omap4)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to linux-image-3.0.0-1207-omap4 announced via advisory USN-1364-1. Details: A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038) Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the extended permission checks needed by cgroups and Linux Security Modules (LSMs). A local user could exploit this to by-pass security policy and access files that should not be accessible. (CVE-2012-0055) J??ri Aedla discovered that the kernel incorrectly handled /proc//mem permissions. A local attacker could exploit this and gain root privileges. (CVE-2012-0056) A flaw was found in the linux kernels IPv4 IGMP query processing. A remote attacker could exploit this to cause a denial of service. (CVE-2012-0207) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: linux-image-3.0.0-1207-omap4 3.0.0-1207.16 http://www.securityspace.com/smysecure/catid.html?in=USN-1364-1 CVSS Score: 7.8 CVSS Vector: AV:L/AC:L/Au:NR/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0038 [oss-security] 20120110 Re: CVE request: kernel: xfs heap overflow http://www.openwall.com/lists/oss-security/2012/01/10/11 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=093019cf1b18dd31b2c3b77acce4e000e2cbc9ce http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.9 https://bugzilla.redhat.com/show_bug.cgi?id=773280 https://github.com/torvalds/linux/commit/093019cf1b18dd31b2c3b77acce4e000e2cbc9ce https://github.com/torvalds/linux/commit/fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba Common Vulnerability Exposure (CVE) ID: CVE-2012-0055 [oss-security] 20120117 Re: CVE Request: overlayfs http://www.openwall.com/lists/oss-security/2012/01/17/11 http://www.ubuntu.com/usn/USN-1363-1 http://www.ubuntu.com/usn/USN-1364-1 http://www.ubuntu.com/usn/USN-1384-1 https://access.redhat.com/security/cve/cve-2012-0055 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055 Common Vulnerability Exposure (CVE) ID: CVE-2012-0056 47708 http://secunia.com/advisories/47708 51625 http://www.securityfocus.com/bid/51625 RHSA-2012:0052 http://www.redhat.com/support/errata/RHSA-2012-0052.html RHSA-2012:0061 http://www.redhat.com/support/errata/RHSA-2012-0061.html USN-1336-1 http://ubuntu.com/usn/usn-1336-1 VU#470151 http://www.kb.cert.org/vuls/id/470151 [oss-security] 20120117 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling http://www.openwall.com/lists/oss-security/2012/01/18/2 [oss-security] 20120118 CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling http://www.openwall.com/lists/oss-security/2012/01/18/1 [oss-security] 20120119 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling http://www.openwall.com/lists/oss-security/2012/01/19/4 [oss-security] 20120122 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling http://www.openwall.com/lists/oss-security/2012/01/22/4 http://blog.zx2c4.com/749 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=e268337dfe26dfc7efd422a804dbb27977a3cccc http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2 https://bugzilla.redhat.com/show_bug.cgi?id=782642 Common Vulnerability Exposure (CVE) ID: CVE-2012-0207 http://www.openwall.com/lists/oss-security/2012/01/10/5
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.