English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.842805
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3018-2)
Summary:The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-3018-2 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the USN-3018-2 advisory.

Vulnerability Insight:
USN-3018-1 fixed vulnerabilities in the Linux kernel for Ubuntu
14.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for
Ubuntu 12.04 LTS.

Jesse Hertz and Tim Newsham discovered that the Linux netfilter
implementation did not correctly perform validation when handling 32 bit
compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local
unprivileged attacker could use this to cause a denial of service (system
crash) or execute arbitrary code with administrative privileges.
(CVE-2016-4997)

Kangjie Lu discovered an information leak in the core USB implementation in
the Linux kernel. A local attacker could use this to obtain potentially
sensitive information from kernel memory. (CVE-2016-4482)

Jann Horn discovered that the InfiniBand interfaces within the Linux kernel
could be coerced into overwriting kernel memory. A local unprivileged
attacker could use this to possibly gain administrative privileges on
systems where InifiniBand related kernel modules are loaded.
(CVE-2016-4565)

Kangjie Lu discovered an information leak in the timer handling
implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of
the Linux kernel. A local attacker could use this to obtain potentially
sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)

Kangjie Lu discovered an information leak in the X.25 Call Request handling
in the Linux kernel. A local attacker could use this to obtain potentially
sensitive information from kernel memory. (CVE-2016-4580)

It was discovered that an information leak exists in the Rock Ridge
implementation in the Linux kernel. A local attacker who is able to mount a
malicious iso9660 file system image could exploit this flaw to obtain
potentially sensitive information from kernel memory. (CVE-2016-4913)

Jesse Hertz and Tim Newsham discovered that the Linux netfilter
implementation did not correctly perform validation when handling
IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to
cause a denial of service (system crash) or obtain potentially sensitive
information from kernel memory. (CVE-2016-4998)

Affected Software/OS:
'linux-lts-trusty' package(s) on Ubuntu 12.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-4482
BugTraq ID: 90029
http://www.securityfocus.com/bid/90029
Debian Security Information: DSA-3607 (Google Search)
http://www.debian.org/security/2016/dsa-3607
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184414.html
http://www.openwall.com/lists/oss-security/2016/05/04/2
SuSE Security Announcement: SUSE-SU-2016:1672 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
SuSE Security Announcement: SUSE-SU-2016:1690 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
SuSE Security Announcement: SUSE-SU-2016:1696 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html
SuSE Security Announcement: SUSE-SU-2016:1937 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
SuSE Security Announcement: SUSE-SU-2016:1985 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
SuSE Security Announcement: SUSE-SU-2016:2105 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
SuSE Security Announcement: openSUSE-SU-2016:1641 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
SuSE Security Announcement: openSUSE-SU-2016:2184 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
http://www.ubuntu.com/usn/USN-3016-1
http://www.ubuntu.com/usn/USN-3016-2
http://www.ubuntu.com/usn/USN-3016-3
http://www.ubuntu.com/usn/USN-3016-4
http://www.ubuntu.com/usn/USN-3017-1
http://www.ubuntu.com/usn/USN-3017-2
http://www.ubuntu.com/usn/USN-3017-3
http://www.ubuntu.com/usn/USN-3018-1
http://www.ubuntu.com/usn/USN-3018-2
http://www.ubuntu.com/usn/USN-3019-1
http://www.ubuntu.com/usn/USN-3020-1
http://www.ubuntu.com/usn/USN-3021-1
http://www.ubuntu.com/usn/USN-3021-2
Common Vulnerability Exposure (CVE) ID: CVE-2016-4565
BugTraq ID: 90301
http://www.securityfocus.com/bid/90301
http://www.openwall.com/lists/oss-security/2016/05/07/1
RedHat Security Advisories: RHSA-2016:1277
https://access.redhat.com/errata/RHSA-2016:1277
RedHat Security Advisories: RHSA-2016:1301
https://access.redhat.com/errata/RHSA-2016:1301
RedHat Security Advisories: RHSA-2016:1341
https://access.redhat.com/errata/RHSA-2016:1341
RedHat Security Advisories: RHSA-2016:1406
https://access.redhat.com/errata/RHSA-2016:1406
RedHat Security Advisories: RHSA-2016:1489
http://rhn.redhat.com/errata/RHSA-2016-1489.html
RedHat Security Advisories: RHSA-2016:1581
http://rhn.redhat.com/errata/RHSA-2016-1581.html
RedHat Security Advisories: RHSA-2016:1617
http://rhn.redhat.com/errata/RHSA-2016-1617.html
RedHat Security Advisories: RHSA-2016:1640
http://rhn.redhat.com/errata/RHSA-2016-1640.html
RedHat Security Advisories: RHSA-2016:1657
http://rhn.redhat.com/errata/RHSA-2016-1657.html
RedHat Security Advisories: RHSA-2016:1814
http://rhn.redhat.com/errata/RHSA-2016-1814.html
SuSE Security Announcement: SUSE-SU-2016:1961 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html
SuSE Security Announcement: SUSE-SU-2016:1994 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html
SuSE Security Announcement: SUSE-SU-2016:1995 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html
SuSE Security Announcement: SUSE-SU-2016:2000 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html
SuSE Security Announcement: SUSE-SU-2016:2001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html
SuSE Security Announcement: SUSE-SU-2016:2002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html
SuSE Security Announcement: SUSE-SU-2016:2003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html
SuSE Security Announcement: SUSE-SU-2016:2005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html
SuSE Security Announcement: SUSE-SU-2016:2006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html
SuSE Security Announcement: SUSE-SU-2016:2007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html
SuSE Security Announcement: SUSE-SU-2016:2009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html
SuSE Security Announcement: SUSE-SU-2016:2010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html
SuSE Security Announcement: SUSE-SU-2016:2011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html
SuSE Security Announcement: SUSE-SU-2016:2014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html
http://www.ubuntu.com/usn/USN-3001-1
http://www.ubuntu.com/usn/USN-3002-1
http://www.ubuntu.com/usn/USN-3003-1
http://www.ubuntu.com/usn/USN-3004-1
http://www.ubuntu.com/usn/USN-3005-1
http://www.ubuntu.com/usn/USN-3006-1
http://www.ubuntu.com/usn/USN-3007-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-4569
BugTraq ID: 90347
http://www.securityfocus.com/bid/90347
http://www.openwall.com/lists/oss-security/2016/05/09/17
RedHat Security Advisories: RHSA-2016:2574
http://rhn.redhat.com/errata/RHSA-2016-2574.html
RedHat Security Advisories: RHSA-2016:2584
http://rhn.redhat.com/errata/RHSA-2016-2584.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4578
BugTraq ID: 90535
http://www.securityfocus.com/bid/90535
https://www.exploit-db.com/exploits/46529/
http://www.openwall.com/lists/oss-security/2016/05/11/5
Common Vulnerability Exposure (CVE) ID: CVE-2016-4580
BugTraq ID: 90528
http://www.securityfocus.com/bid/90528
http://www.openwall.com/lists/oss-security/2016/05/10/12
Common Vulnerability Exposure (CVE) ID: CVE-2016-4913
BugTraq ID: 90730
http://www.securityfocus.com/bid/90730
http://www.openwall.com/lists/oss-security/2016/05/18/3
http://www.openwall.com/lists/oss-security/2016/05/18/5
RedHat Security Advisories: RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
Common Vulnerability Exposure (CVE) ID: CVE-2016-4997
1036171
http://www.securitytracker.com/id/1036171
40435
https://www.exploit-db.com/exploits/40435/
40489
https://www.exploit-db.com/exploits/40489/
91451
http://www.securityfocus.com/bid/91451
DSA-3607
RHSA-2016:1847
http://rhn.redhat.com/errata/RHSA-2016-1847.html
RHSA-2016:1875
http://rhn.redhat.com/errata/RHSA-2016-1875.html
RHSA-2016:1883
http://rhn.redhat.com/errata/RHSA-2016-1883.html
SUSE-SU-2016:1709
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html
SUSE-SU-2016:1710
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html
SUSE-SU-2016:1937
SUSE-SU-2016:1985
SUSE-SU-2016:2018
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html
SUSE-SU-2016:2105
SUSE-SU-2016:2174
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html
SUSE-SU-2016:2177
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html
SUSE-SU-2016:2178
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html
SUSE-SU-2016:2179
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html
SUSE-SU-2016:2180
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html
SUSE-SU-2016:2181
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html
USN-3016-1
USN-3016-2
USN-3016-3
USN-3016-4
USN-3017-1
USN-3017-2
USN-3017-3
USN-3018-1
USN-3018-2
USN-3019-1
USN-3020-1
[oss-security] 20160624 Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)
http://www.openwall.com/lists/oss-security/2016/06/24/5
[oss-security] 20160929 CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call
http://www.openwall.com/lists/oss-security/2016/09/29/10
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://bugzilla.redhat.com/show_bug.cgi?id=1349722
https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt
https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13c
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
openSUSE-SU-2016:2184
Common Vulnerability Exposure (CVE) ID: CVE-2016-4998
RHSA-2017:0036
http://rhn.redhat.com/errata/RHSA-2017-0036.html
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91
https://bugzilla.redhat.com/show_bug.cgi?id=1349886
https://github.com/torvalds/linux/commit/6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91
CopyrightCopyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.