English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.841949
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-2336-1)
Summary:The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-2336-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-2336-1 advisory.

Vulnerability Insight:
A flaw was discovered in the Linux kernel virtual machine's (kvm)
validation of interrupt requests (irq). A guest OS user could exploit this
flaw to cause a denial of service (host OS crash). (CVE-2014-0155)

Andy Lutomirski discovered a flaw in the authorization of netlink socket
operations when a socket is passed to a process of more privilege. A local
user could exploit this flaw to bypass access restrictions by having a
privileged executable do something it was not intended to do.
(CVE-2014-0181)

An information leak was discovered in the Linux kernels
aio_read_events_ring function. A local user could exploit this flaw to
obtain potentially sensitive information from kernel memory.
(CVE-2014-0206)

A flaw was discovered in the Linux kernel's implementation of user
namespaces with respect to inode permissions. A local user could exploit
this flaw by creating a user namespace to gain administrative privileges.
(CVE-2014-4014)

An information leak was discovered in the rd_mcp backend of the iSCSI
target subsystem in the Linux kernel. A local user could exploit this flaw
to obtain sensitive information from ramdisk_mcp memory by leveraging
access to a SCSI initiator. (CVE-2014-4027)

Sasha Levin reported an issue with the Linux kernel's shared memory
subsystem when used with range notifications and hole punching. A local
user could exploit this flaw to cause a denial of service. (CVE-2014-4171)

Toralf Forster reported an error in the Linux kernels syscall auditing on
32 bit x86 platforms. A local user could exploit this flaw to cause a
denial of service (OOPS and system crash). (CVE-2014-4508)

An information leak was discovered in the control implementation of the
Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A
local user could exploit this flaw to obtain sensitive information from
kernel memory. (CVE-2014-4652)

A use-after-free flaw was discovered in the Advanced Linux Sound
Architecture (ALSA) control implementation of the Linux kernel. A local
user could exploit this flaw to cause a denial of service (system crash).
(CVE-2014-4653)

A authorization bug was discovered with the snd_ctl_elem_add function of
the Advanced Linux Sound Architecture (ALSA) in the Linux kernel. A local
user could exploit his bug to cause a denial of service (remove kernel
controls). (CVE-2014-4654)

A flaw discovered in how the snd_ctl_elem function of the Advanced Linux
Sound Architecture (ALSA) handled a reference count. A local user could
exploit this flaw to cause a denial of service (integer overflow and limit
bypass). (CVE-2014-4655)

An integer overflow flaw was discovered in the control implementation of
the Advanced Linux Sound Architecture (ALSA). A local user could exploit
this flaw to cause a denial of service (system crash). (CVE-2014-4656)

An integer underflow flaw was discovered in the Linux kernel's handling of
the backlog value for certain SCTP ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'linux-lts-trusty' package(s) on Ubuntu 12.04.

Solution:
Please install the updated package(s).

CVSS Score:
6.2

CVSS Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-0155
[oss-security] 20140407 CVE-2014-0155 -- kernel: kvm: BUG caused by invalid entry in guest ioapic redirection table
http://www.openwall.com/lists/oss-security/2014/04/07/2
http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60
https://bugzilla.redhat.com/show_bug.cgi?id=1081589
Common Vulnerability Exposure (CVE) ID: CVE-2014-0181
RHSA-2014:1959
http://rhn.redhat.com/errata/RHSA-2014-1959.html
SUSE-SU-2015:0481
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
SUSE-SU-2015:0652
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
SUSE-SU-2015:0736
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
SUSE-SU-2015:0812
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
[netdev] 20140423 [PATCH 0/5]: Preventing abuse when passing file descriptors
http://marc.info/?l=linux-netdev&m=139828832919748&w=2
[oss-security] 20140423 Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks
http://www.openwall.com/lists/oss-security/2014/04/23/6
https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9
openSUSE-SU-2015:0566
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
http://www.openwall.com/lists/oss-security/2023/04/16/3
Common Vulnerability Exposure (CVE) ID: CVE-2014-0206
1030479
http://www.securitytracker.com/id/1030479
1038201
http://www.securitytracker.com/id/1038201
59278
http://secunia.com/advisories/59278
68176
http://www.securityfocus.com/bid/68176
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=edfbbf388f293d70bf4b7c0bc38774d05e6f711a
https://bugzilla.redhat.com/show_bug.cgi?id=1094602
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=edfbbf388f29
https://github.com/torvalds/linux/commit/edfbbf388f293d70bf4b7c0bc38774d05e6f711a
https://source.android.com/security/bulletin/2017-04-01
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.46
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.24
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.10
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.3
Common Vulnerability Exposure (CVE) ID: CVE-2014-4014
BugTraq ID: 67988
http://www.securityfocus.com/bid/67988
http://www.exploit-db.com/exploits/33824
http://www.openwall.com/lists/oss-security/2014/06/10/4
http://www.securitytracker.com/id/1030394
http://secunia.com/advisories/59220
Common Vulnerability Exposure (CVE) ID: CVE-2014-4027
http://www.openwall.com/lists/oss-security/2014/06/11/1
http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618
http://secunia.com/advisories/59134
http://secunia.com/advisories/59777
http://secunia.com/advisories/60564
http://secunia.com/advisories/61310
SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
http://www.ubuntu.com/usn/USN-2334-1
http://www.ubuntu.com/usn/USN-2335-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-4171
BugTraq ID: 68157
http://www.securityfocus.com/bid/68157
http://marc.info/?l=linux-mm-commits&m=140303745420549&w=2
http://www.openwall.com/lists/oss-security/2014/06/18/11
RedHat Security Advisories: RHSA-2014:1318
http://rhn.redhat.com/errata/RHSA-2014-1318.html
RedHat Security Advisories: RHSA-2015:0102
http://rhn.redhat.com/errata/RHSA-2015-0102.html
http://www.securitytracker.com/id/1030450
Common Vulnerability Exposure (CVE) ID: CVE-2014-4508
BugTraq ID: 68126
http://www.securityfocus.com/bid/68126
http://article.gmane.org/gmane.linux.kernel/1726110
http://openwall.com/lists/oss-security/2014/06/20/1
http://www.openwall.com/lists/oss-security/2014/06/20/10
http://www.openwall.com/lists/oss-security/2020/11/12/3
http://secunia.com/advisories/58964
SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2014-4652
http://www.openwall.com/lists/oss-security/2014/06/26/6
RedHat Security Advisories: RHSA-2014:1083
http://rhn.redhat.com/errata/RHSA-2014-1083.html
RedHat Security Advisories: RHSA-2015:1272
http://rhn.redhat.com/errata/RHSA-2015-1272.html
http://secunia.com/advisories/59434
http://secunia.com/advisories/60545
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
XForce ISS Database: linux-kernel-cve20144652-info-disc(94412)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94412
Common Vulnerability Exposure (CVE) ID: CVE-2014-4653
BugTraq ID: 68164
http://www.securityfocus.com/bid/68164
Common Vulnerability Exposure (CVE) ID: CVE-2014-4654
BugTraq ID: 68162
http://www.securityfocus.com/bid/68162
Common Vulnerability Exposure (CVE) ID: CVE-2014-4655
http://www.securitytracker.com/id/1036763
Common Vulnerability Exposure (CVE) ID: CVE-2014-4656
RedHat Security Advisories: RHSA-2015:0087
http://rhn.redhat.com/errata/RHSA-2015-0087.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-4667
BugTraq ID: 68224
http://www.securityfocus.com/bid/68224
Debian Security Information: DSA-2992 (Google Search)
http://www.debian.org/security/2014/dsa-2992
http://www.openwall.com/lists/oss-security/2014/06/27/11
http://secunia.com/advisories/59790
http://secunia.com/advisories/60596
Common Vulnerability Exposure (CVE) ID: CVE-2014-5045
BugTraq ID: 68862
http://www.securityfocus.com/bid/68862
http://www.openwall.com/lists/oss-security/2014/07/24/2
RedHat Security Advisories: RHSA-2015:0062
http://rhn.redhat.com/errata/RHSA-2015-0062.html
http://secunia.com/advisories/60353
CopyrightCopyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.