English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.840764
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-1225-1)
Summary:The remote host is missing an update for the 'linux' package(s) announced via the USN-1225-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux' package(s) announced via the USN-1225-1 advisory.

Vulnerability Insight:
Timo Warns discovered that the EFI GUID partition table was not correctly
parsed. A physically local attacker that could insert mountable devices
could exploit this to crash the system or possibly gain root privileges.
(CVE-2011-1776)

Dan Rosenberg discovered that the IPv4 diagnostic routines did not
correctly validate certain requests. A local attacker could exploit this to
consume CPU resources, leading to a denial of service. (CVE-2011-2213)

Dan Rosenberg discovered that the Bluetooth stack incorrectly handled
certain L2CAP requests. If a system was using Bluetooth, a remote attacker
could send specially crafted traffic to crash the system or gain root
privileges. (CVE-2011-2497)

Fernando Gont discovered that the IPv6 stack used predictable fragment
identification numbers. A remote attacker could exploit this to exhaust
network resources, leading to a denial of service. (CVE-2011-2699)

Time Warns discovered that long symlinks were incorrectly handled on Be
filesystems. A local attacker could exploit this with a malformed Be
filesystem and crash the system, leading to a denial of service.
(CVE-2011-2928)

Darren Lavender discovered that the CIFS client incorrectly handled certain
large values. A remote attacker with a malicious server could exploit this
to crash the system or possibly execute arbitrary code as the root user.
(CVE-2011-3191)

Affected Software/OS:
'linux' package(s) on Ubuntu 8.04.

Solution:
Please install the updated package(s).

CVSS Score:
8.3

CVSS Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1776
47796
http://www.securityfocus.com/bid/47796
8369
http://securityreason.com/securityalert/8369
RHSA-2011:0927
http://rhn.redhat.com/errata/RHSA-2011-0927.html
[oss-security] 20110510 Re: CVE request: kernel: validate size of EFI GUID partition entries
http://openwall.com/lists/oss-security/2011/05/10/4
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa039d5f6b126fbd65eefa05db2f67e44df8f121
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt
https://bugzilla.redhat.com/show_bug.cgi?id=703026
Common Vulnerability Exposure (CVE) ID: CVE-2011-2213
HPSBGN02970
http://marc.info/?l=bugtraq&m=139447903326211&w=2
[netdev] 20110601 Re: inet_diag insufficient validation?
http://article.gmane.org/gmane.linux.network/197208
[netdev] 20110601 inet_diag insufficient validation?
http://article.gmane.org/gmane.linux.network/197206
[netdev] 20110603 Re: inet_diag insufficient validation?
http://article.gmane.org/gmane.linux.network/197386
[netdev] 20110617 [PATCH] inet_diag: fix inet_diag_bc_audit()
http://article.gmane.org/gmane.linux.network/198809
[oss-security] 20110620 CVE request: kernel: inet_diag: fix inet_diag_bc_audit()
http://www.openwall.com/lists/oss-security/2011/06/20/1
[oss-security] 20110620 Re: CVE request: kernel: inet_diag: fix inet_diag_bc_audit()
http://www.openwall.com/lists/oss-security/2011/06/20/13
http://www.openwall.com/lists/oss-security/2011/06/20/16
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eeb1497277d6b1a0a34ed36b97e18f2bd7d6de0d
http://patchwork.ozlabs.org/patch/100857/
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3
https://bugzilla.redhat.com/show_bug.cgi?id=714536
Common Vulnerability Exposure (CVE) ID: CVE-2011-2497
48472
http://www.securityfocus.com/bid/48472
74679
http://www.osvdb.org/74679
8359
http://securityreason.com/securityalert/8359
[linux-kernel] 20110624 [PATCH] Bluetooth: Prevent buffer overflow in l2cap config request
http://marc.info/?l=linux-kernel&m=130891911909436&w=2
[oss-security] 20110624 CVE request: kernel: remote buffer overflow in bluetooth
http://www.openwall.com/lists/oss-security/2011/06/24/9
[oss-security] 20110627 Re: CVE request: kernel: remote buffer overflow in bluetooth
http://www.openwall.com/lists/oss-security/2011/06/27/3
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ac28817536797fd40e9646452183606f9e17f71
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0
https://bugzilla.redhat.com/show_bug.cgi?id=716805
Common Vulnerability Exposure (CVE) ID: CVE-2011-2699
1027274
http://www.securitytracker.com/id?1027274
MDVSA-2013:150
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
[oss-security] 20110720 Re: CVE request: kernel: ipv6: make fragment identifications less predictable
http://www.openwall.com/lists/oss-security/2011/07/20/5
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=87c48fa3b4630905f98268dde838ee43626a060c
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
https://bugzilla.redhat.com/show_bug.cgi?id=723429
https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c
Common Vulnerability Exposure (CVE) ID: CVE-2011-2928
20110819 [PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS
http://www.securityfocus.com/archive/1/519387/100/0/threaded
49256
http://www.securityfocus.com/bid/49256
8360
http://securityreason.com/securityalert/8360
[oss-security] 20110819 CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS
http://www.openwall.com/lists/oss-security/2011/08/19/1
[oss-security] 20110819 Re: CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS
http://www.openwall.com/lists/oss-security/2011/08/19/5
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338d0f0a6fbc82407864606f5b64b75aeb3c70f2
http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.1-rc3
http://www.pre-cert.de/advisories/PRE-SA-2011-06.txt
linux-kernel-be-dos(69343)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69343
Common Vulnerability Exposure (CVE) ID: CVE-2011-3191
[oss-security] 20110824 Re: CVE request: kernel: cifs: singedness issue in CIFSFindNext()
http://www.openwall.com/lists/oss-security/2011/08/24/2
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9438fabb73eb48055b58b89fc51e0bc4db22fabd
https://bugzilla.redhat.com/show_bug.cgi?id=732869
https://github.com/torvalds/linux/commit/9438fabb73eb48055b58b89fc51e0bc4db22fabd
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.