Test ID:	1.3.6.1.4.1.25623.1.0.841893
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2285-1)
Summary:	The remote host is missing an update for the 'linux-lts-quantal' package(s) announced via the USN-2285-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-lts-quantal' package(s) announced via the USN-2285-1 advisory. Vulnerability Insight: Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943) Michael S. Tsirkin discovered an information leak in the Linux kernel's segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. (CVE-2014-0131) Salva Peiro discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1739) An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). (CVE-2014-3917) A flaw was discovered in the Linux kernel's implementation of user namespaces with respect to inode permissions. A local user could exploit this flaw by creating a user namespace to gain administrative privileges. (CVE-2014-4014) An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (CVE-2014-4027) Affected Software/OS: 'linux-lts-quantal' package(s) on Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0131 SUSE-SU-2015:0481 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html [netdev] 20140310 [PATCH 0/5] skbuff: fix skb_segment with zero copy skbs http://www.spinics.net/lists/netdev/msg274250.html [netdev] 20140310 [PATCH 5/5] skbuff: skb_segment: orphan frags before copying http://www.spinics.net/lists/netdev/msg274316.html [oss-security] 20140310 CVE-2014-0131 -- kernel: net: use-after-free during segmentation with zerocopy http://www.openwall.com/lists/oss-security/2014/03/10/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1fd819ecb90cc9b822cd84d3056ddba315d3340f https://bugzilla.redhat.com/show_bug.cgi?id=1074589 https://github.com/torvalds/linux/commit/1fd819ecb90cc9b822cd84d3056ddba315d3340f openSUSE-SU-2015:0566 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1739 BugTraq ID: 68048 http://www.securityfocus.com/bid/68048 http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html http://www.openwall.com/lists/oss-security/2014/06/15/1 http://www.securitytracker.com/id/1038201 http://secunia.com/advisories/59597 SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://www.ubuntu.com/usn/USN-2259-1 http://www.ubuntu.com/usn/USN-2261-1 http://www.ubuntu.com/usn/USN-2263-1 http://www.ubuntu.com/usn/USN-2264-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3917 http://article.gmane.org/gmane.linux.kernel/1713179 http://www.openwall.com/lists/oss-security/2014/05/29/5 RedHat Security Advisories: RHSA-2014:1143 http://rhn.redhat.com/errata/RHSA-2014-1143.html RedHat Security Advisories: RHSA-2014:1281 http://rhn.redhat.com/errata/RHSA-2014-1281.html http://secunia.com/advisories/59777 http://secunia.com/advisories/60011 http://secunia.com/advisories/60564 SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://www.ubuntu.com/usn/USN-2334-1 http://www.ubuntu.com/usn/USN-2335-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-4014 BugTraq ID: 67988 http://www.securityfocus.com/bid/67988 http://www.exploit-db.com/exploits/33824 http://www.openwall.com/lists/oss-security/2014/06/10/4 http://www.securitytracker.com/id/1030394 http://secunia.com/advisories/59220 Common Vulnerability Exposure (CVE) ID: CVE-2014-4027 http://www.openwall.com/lists/oss-security/2014/06/11/1 http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618 http://secunia.com/advisories/59134 http://secunia.com/advisories/61310 Common Vulnerability Exposure (CVE) ID: CVE-2014-4943 Debian Security Information: DSA-2992 (Google Search) http://www.debian.org/security/2014/dsa-2992 http://www.exploit-db.com/exploits/36267 http://openwall.com/lists/oss-security/2014/07/17/1 http://osvdb.org/show/osvdb/109277 RedHat Security Advisories: RHSA-2014:1025 http://rhn.redhat.com/errata/RHSA-2014-1025.html http://www.securitytracker.com/id/1030610 http://secunia.com/advisories/59790 http://secunia.com/advisories/60071 http://secunia.com/advisories/60220 http://secunia.com/advisories/60380 http://secunia.com/advisories/60393 SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search) SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search) XForce ISS Database: linux-kernel-cve20144943-priv-esc(94665) https://exchange.xforce.ibmcloud.com/vulnerabilities/94665
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.