 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.841192 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-1610-1) |
| Summary: | The remote host is missing an update for the 'linux' package(s) announced via the USN-1610-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'linux' package(s) announced via the USN-1610-1 advisory. Vulnerability Insight: Pablo Neira Ayuso discovered a flaw in the credentials of netlink messages. An unprivileged local attacker could exploit this by getting a netlink based service, that relies on netlink credentials, to perform privileged actions. (CVE-2012-3520) Mathias Krause discovered information leak in the Linux kernel's compat ioctl interface. A local user could exploit the flaw to examine parts of kernel stack memory (CVE-2012-6539) Mathias Krause discovered an information leak in the Linux kernel's getsockopt for IP_VS_SO_GET_TIMEOUT. A local user could exploit this flaw to examine parts of kernel stack memory. (CVE-2012-6540) Mathias Krause discovered an information leak in the Linux kernel's getsockopt implementation for the Datagram Congestion Control Protocol (DCCP). A local user could exploit this flaw to examine some of the kernel's stack memory. (CVE-2012-6541) Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. (CVE-2012-6542) Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. (CVE-2012-6544) Mathias Krause discovered information leaks in the Linux kernel's Bluetooth RFCOMM protocol implementation. A local user could exploit these flaws to examine parts of kernel memory. (CVE-2012-6545) Mathias Krause discovered information leaks in the Linux kernel's Asynchronous Transfer Mode (ATM) networking stack. A local user could exploit these flaws to examine some parts of kernel memory. (CVE-2012-6546) A flaw was discovered in how netlink sockets validate message origins. A local attacker could exploit this flaw to send netlink message notifications, with spoofed credentials, to subscribed tasks. (CVE-2012-6689) Mathias Krause discover an error in Linux kernel's Datagram Congestion Control Protocol (DCCP) Congestion Control Identifier (CCID) use. A local attack could exploit this flaw to cause a denial of service (crash) and potentially escalate privileges if the user can mmap page 0. (CVE-2013-1827) Affected Software/OS: 'linux' package(s) on Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-3520 50848 http://secunia.com/advisories/50848 55152 http://www.securityfocus.com/bid/55152 USN-1599-1 http://www.ubuntu.com/usn/USN-1599-1 USN-1610-1 http://www.ubuntu.com/usn/USN-1610-1 [oss-security] 20120822 CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing http://www.openwall.com/lists/oss-security/2012/08/22/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html https://bugzilla.redhat.com/show_bug.cgi?id=850449 https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea openSUSE-SU-2012:1330 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html openSUSE-SU-2013:0261 http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2012-6539 http://www.openwall.com/lists/oss-security/2013/03/05/13 http://www.ubuntu.com/usn/USN-1792-1 http://www.ubuntu.com/usn/USN-1798-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-6540 Common Vulnerability Exposure (CVE) ID: CVE-2012-6541 Common Vulnerability Exposure (CVE) ID: CVE-2012-6542 RedHat Security Advisories: RHSA-2013:1645 http://rhn.redhat.com/errata/RHSA-2013-1645.html http://www.ubuntu.com/usn/USN-1805-1 http://www.ubuntu.com/usn/USN-1808-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-6544 RedHat Security Advisories: RHSA-2013:1173 http://rhn.redhat.com/errata/RHSA-2013-1173.html Common Vulnerability Exposure (CVE) ID: CVE-2012-6545 Common Vulnerability Exposure (CVE) ID: CVE-2012-6546 RedHat Security Advisories: RHSA-2013:0744 http://rhn.redhat.com/errata/RHSA-2013-0744.html Common Vulnerability Exposure (CVE) ID: CVE-2012-6689 BugTraq ID: 72739 http://www.securityfocus.com/bid/72739 http://marc.info/?l=linux-netdev&m=134522422125983&w=2 http://marc.info/?l=linux-netdev&m=134522422925986&w=2 http://www.openwall.com/lists/oss-security/2015/02/22/10 Common Vulnerability Exposure (CVE) ID: CVE-2013-1827 RHSA-2013:0744 [oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs http://www.openwall.com/lists/oss-security/2013/03/07/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=276bdb82dedb290511467a5a4fdbe9f0b52dce6f http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4 https://bugzilla.redhat.com/show_bug.cgi?id=919164 https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f |
| Copyright | Copyright (C) 2012 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |