Test ID:	1.3.6.1.4.1.25623.1.0.841935
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2317-1)
Summary:	The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-2317-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-2317-1 advisory. Vulnerability Insight: Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel's user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. (CVE-2014-5207) Kenton Varda discovered a flaw with read-only bind mounds when used with user namespaces. An unprivileged local user could exploit this flaw to gain full write privileges to a mount that should be read only. (CVE-2014-5206) Affected Software/OS: 'linux-lts-trusty' package(s) on Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5206 BugTraq ID: 69214 http://www.securityfocus.com/bid/69214 http://www.openwall.com/lists/oss-security/2014/08/13/4 http://www.ubuntu.com/usn/USN-2317-1 http://www.ubuntu.com/usn/USN-2318-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-5207 BugTraq ID: 69216 http://www.securityfocus.com/bid/69216 http://www.exploit-db.com/exploits/34923 http://packetstormsecurity.com/files/128595/Linux-Kernel-3.16.1-FUSE-Privilege-Escalation.html http://seclists.org/oss-sec/2014/q3/352 http://osvdb.org/show/osvdb/110055 XForce ISS Database: linux-kernel-cve20145207-sec-bypass(95266) https://exchange.xforce.ibmcloud.com/vulnerabilities/95266
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.