English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.841906
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-2288-1)
Summary:The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-2288-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-2288-1 advisory.

Vulnerability Insight:
Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol
(PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user
could exploit this flaw to gain administrative privileges. (CVE-2014-4943)

Salva Peiro discovered an information leak in the Linux kernel's media-
device driver. A local attacker could exploit this flaw to obtain sensitive
information from kernel memory. (CVE-2014-1739)

A bounds check error was discovered in the socket filter subsystem of the
Linux kernel. A local user could exploit this flaw to cause a denial of
service (system crash) via crafted BPF instructions. (CVE-2014-3144)

A remainder calculation error was discovered in the socket filter subsystem
of the Linux kernel. A local user could exploit this flaw to cause a denial
of service (system crash) via crafted BPF instructions. (CVE-2014-3145)

A flaw was discovered in the Linux kernel's handling of hugetlb entries. A
local user could exploit this flaw to cause a denial service (memory
corruption or system crash). (CVE-2014-3940)

Don Bailey and Ludvig Strigeus discovered an integer overflow in the Linux
kernel's implementation of the LZ4 decompression algorithm, when used by
code not complying with API limitations. An attacker could exploit this
flaw to cause a denial of service (memory corruption) or possibly other
unspecified impact. (CVE-2014-4611)

Tuomas Rasanen reported the Linux kernel on certain Intel processors does
not properly initialize random seeds for network operations, causing TCP
sequence numbers, TCP and UDP port numbers and IP ID values to be
predictable. A remote attacker could exploit this flaw to spoof or disrupt
IP communication. (CVE-2014-7284)

Affected Software/OS:
'linux-lts-trusty' package(s) on Ubuntu 12.04.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-1739
BugTraq ID: 68048
http://www.securityfocus.com/bid/68048
http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html
http://www.openwall.com/lists/oss-security/2014/06/15/1
http://www.securitytracker.com/id/1038201
http://secunia.com/advisories/59597
SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
http://www.ubuntu.com/usn/USN-2259-1
http://www.ubuntu.com/usn/USN-2261-1
http://www.ubuntu.com/usn/USN-2263-1
http://www.ubuntu.com/usn/USN-2264-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3144
58990
http://secunia.com/advisories/58990
59311
http://secunia.com/advisories/59311
59597
60613
http://secunia.com/advisories/60613
67309
http://www.securityfocus.com/bid/67309
DSA-2949
http://www.debian.org/security/2014/dsa-2949
USN-2251-1
http://www.ubuntu.com/usn/USN-2251-1
USN-2252-1
http://www.ubuntu.com/usn/USN-2252-1
USN-2259-1
USN-2261-1
USN-2262-1
http://www.ubuntu.com/usn/USN-2262-1
USN-2263-1
USN-2264-1
[oss-security] 20140509 Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message
http://www.openwall.com/lists/oss-security/2014/05/09/6
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3
http://linux.oracle.com/errata/ELSA-2014-3052.html
https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
Common Vulnerability Exposure (CVE) ID: CVE-2014-3145
1038201
67321
http://www.securityfocus.com/bid/67321
https://source.android.com/security/bulletin/2017-04-01
Common Vulnerability Exposure (CVE) ID: CVE-2014-3940
BugTraq ID: 67786
http://www.securityfocus.com/bid/67786
https://lkml.org/lkml/2014/3/18/784
http://www.openwall.com/lists/oss-security/2014/06/02/5
RedHat Security Advisories: RHSA-2015:0290
http://rhn.redhat.com/errata/RHSA-2015-0290.html
RedHat Security Advisories: RHSA-2015:1272
http://rhn.redhat.com/errata/RHSA-2015-1272.html
http://secunia.com/advisories/59011
http://secunia.com/advisories/61310
Common Vulnerability Exposure (CVE) ID: CVE-2014-4611
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
http://twitter.com/djrbliss/statuses/484931749013495809
http://twitter.com/djrbliss/statuses/485042901399789568
https://www.securitymouse.com/lms-2014-06-16-5
https://www.securitymouse.com/lms-2014-06-16-6
https://lists.apache.org/thread.html/r229456b1fa718e329232bd7ceca4bd3e81ac55f2ec4db7314f1d7fcb@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r6794c8ff8f339d95a80415b0afbe71d5eda1b97bdaca19bec78d0f8f@%3Ccommon-commits.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r0038b5836e3bc91af3ff93721c0fc55d6543afab8cec47df7361fa0e@%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/ra72a62803eeabb6a8dc65032ca81b13ab75c271e4dff2df27c2915bb@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb301598bf24ecb6f4ce405c2a2ae23905fc4dce64277c020fc3883e5@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r6c998e1a47c1c3fba61a80d0dcc4b39c7fc452400c7051f685b76c0b@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r62f398f40f522cf59cfd89428835d4ca633a9764d82e4b7a12c37add@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r31eb601a8415525fa4a77b2f624c09be3550599898468ab96d508f90@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r8e0111cd64a455b0a33ab12a50fba724a0218f283c759f16da8864c2@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r35b9f26c8ad91094d37bea0256012aeb065e32ff73dda5f934fefeb3@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rf4cb13d6ee891dfe2307389c8c6594a0cb10d9efb72be8bd2f97cb76@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r5c9b4826bbd8933e4688db62f6ed9008cabb8f26bcea84d4e309caf7@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r0addc410fdd680330054deb526323edb29e869e8d1097593f538e208@%3Ccommon-issues.hadoop.apache.org%3E
http://www.openwall.com/lists/oss-security/2014/06/26/24
http://www.securitytracker.com/id/1030491
http://secunia.com/advisories/59567
http://secunia.com/advisories/59770
http://secunia.com/advisories/60238
SuSE Security Announcement: openSUSE-SU-2014:0924 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-07/msg00025.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-4943
Debian Security Information: DSA-2992 (Google Search)
http://www.debian.org/security/2014/dsa-2992
http://www.exploit-db.com/exploits/36267
http://openwall.com/lists/oss-security/2014/07/17/1
http://osvdb.org/show/osvdb/109277
RedHat Security Advisories: RHSA-2014:1025
http://rhn.redhat.com/errata/RHSA-2014-1025.html
http://www.securitytracker.com/id/1030610
http://secunia.com/advisories/59790
http://secunia.com/advisories/60011
http://secunia.com/advisories/60071
http://secunia.com/advisories/60220
http://secunia.com/advisories/60380
http://secunia.com/advisories/60393
SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
XForce ISS Database: linux-kernel-cve20144943-priv-esc(94665)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94665
Common Vulnerability Exposure (CVE) ID: CVE-2014-7284
https://web.archive.org/web/20141002163852/http://secondlookforensics.com/ngro-linux-kernel-bug/
http://www.openwall.com/lists/oss-security/2014/10/01/19
CopyrightCopyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.