English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.843498
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3620-1)
Summary:The remote host is missing an update for the 'linux' package(s) announced via the USN-3620-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux' package(s) announced via the USN-3620-1 advisory.

Vulnerability Insight:
It was discovered that the netlink 802.11 configuration interface in the
Linux kernel did not properly validate some attributes passed from
userspace. A local attacker with the CAP_NET_ADMIN privilege could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-11089)

It was discovered that a buffer overflow existed in the ioctl handling code
in the ISDN subsystem of the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-12762)

It was discovered that the netfilter component of the Linux did not
properly restrict access to the connection tracking helpers list. A local
attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
contained an out-of-bounds read when handling memory-mapped I/O. A local
attacker could use this to expose sensitive information. (CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in
the Linux kernel did not properly handle zero-length inputs. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-17805)

It was discovered that the keyring implementation in the Linux kernel did
not properly check permissions when a key request was performed on a
task's default keyring. A local attacker could use this to add keys to
unauthorized keyrings. (CVE-2017-17807)

It was discovered that the Broadcom NetXtremeII ethernet driver in the
Linux kernel did not properly validate Generic Segment Offload (GSO) packet
sizes. An attacker could use this to cause a denial of service (interface
unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in
the Linux kernel contained an out-of-bounds write during RDMA page
allocation. An attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-5332)

Affected Software/OS:
'linux' package(s) on Ubuntu 14.04.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-11089
https://usn.ubuntu.com/3620-1/
https://usn.ubuntu.com/3620-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-12762
BugTraq ID: 100251
http://www.securityfocus.com/bid/100251
https://patchwork.kernel.org/patch/9880041/
http://www.openwall.com/lists/oss-security/2020/02/11/1
http://www.openwall.com/lists/oss-security/2020/02/11/2
http://www.openwall.com/lists/oss-security/2020/02/14/4
Common Vulnerability Exposure (CVE) ID: CVE-2017-17448
BugTraq ID: 102117
http://www.securityfocus.com/bid/102117
Debian Security Information: DSA-4073 (Google Search)
https://www.debian.org/security/2017/dsa-4073
Debian Security Information: DSA-4082 (Google Search)
https://www.debian.org/security/2018/dsa-4082
https://patchwork.kernel.org/patch/10089373/
RedHat Security Advisories: RHSA-2018:0654
https://access.redhat.com/errata/RHSA-2018:0654
RedHat Security Advisories: RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:0676
RedHat Security Advisories: RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2018:1062
https://usn.ubuntu.com/3617-1/
https://usn.ubuntu.com/3617-2/
https://usn.ubuntu.com/3617-3/
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://usn.ubuntu.com/3632-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-17741
BugTraq ID: 102227
http://www.securityfocus.com/bid/102227
https://www.spinics.net/lists/kvm/msg160796.html
https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-17805
BugTraq ID: 102291
http://www.securityfocus.com/bid/102291
RedHat Security Advisories: RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:2948
RedHat Security Advisories: RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
RedHat Security Advisories: RHSA-2019:2473
https://access.redhat.com/errata/RHSA-2019:2473
SuSE Security Announcement: SUSE-SU-2018:0010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html
SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
SuSE Security Announcement: SUSE-SU-2018:0012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html
SuSE Security Announcement: openSUSE-SU-2018:0022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html
SuSE Security Announcement: openSUSE-SU-2018:0023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-17807
BugTraq ID: 102301
http://www.securityfocus.com/bid/102301
Common Vulnerability Exposure (CVE) ID: CVE-2018-1000026
https://patchwork.ozlabs.org/patch/859410/
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
http://lists.openwall.net/netdev/2018/01/16/40
http://lists.openwall.net/netdev/2018/01/18/96
Common Vulnerability Exposure (CVE) ID: CVE-2018-5332
BugTraq ID: 102507
http://www.securityfocus.com/bid/102507
Debian Security Information: DSA-4187 (Google Search)
https://www.debian.org/security/2018/dsa-4187
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
RedHat Security Advisories: RHSA-2018:0470
https://access.redhat.com/errata/RHSA-2018:0470
CopyrightCopyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.