Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.890922
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for linux (DLA-922-1)
Summary:Several vulnerabilities have been discovered in the Linux kernel that;may lead to a privilege escalation, denial of service or have other;impacts.;;CVE-2016-2188;;Ralf Spenneberg of OpenSource Security reported that the iowarrior;device driver did not sufficiently validate USB descriptors. This;allowed a physically present user with a specially designed USB;device to cause a denial of service (crash).;;CVE-2016-9604;;It was discovered that the keyring subsystem allowed a process to;set a special internal keyring as its session keyring. The;security impact in this version of the kernel is unknown.;;Description truncated. Please see the references for more information.;;For Debian 7 'Wheezy', these problems have been fixed in version;3.2.88-1. This version also includes bug fixes from upstream version;3.2.88, and fixes some older security issues in the keyring, packet;socket and cryptographic hash subsystems that do not have CVE IDs.
Description:Summary:
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or have other
impacts.

CVE-2016-2188

Ralf Spenneberg of OpenSource Security reported that the iowarrior
device driver did not sufficiently validate USB descriptors. This
allowed a physically present user with a specially designed USB
device to cause a denial of service (crash).

CVE-2016-9604

It was discovered that the keyring subsystem allowed a process to
set a special internal keyring as its session keyring. The
security impact in this version of the kernel is unknown.

Description truncated. Please see the references for more information.

For Debian 7 'Wheezy', these problems have been fixed in version
3.2.88-1. This version also includes bug fixes from upstream version
3.2.88, and fixes some older security issues in the keyring, packet
socket and cryptographic hash subsystems that do not have CVE IDs.

Affected Software/OS:
linux on Debian Linux

Solution:
For Debian 7 'Wheezy', these problems have been fixed in version
3.2.88-1. This version also includes bug fixes from upstream version
3.2.88, and fixes some older security issues in the keyring, packet
socket and cryptographic hash subsystems that do not have CVE IDs.

For Debian 8 'Jessie', most of these problems have been fixed in
version 3.16.43-1 which will be part of the next point release.

We recommend that you upgrade your linux packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-2188
Bugtraq: 20160310 oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) (Google Search)
http://seclists.org/bugtraq/2016/Mar/87
Bugtraq: 20160315 Re: oss-2016-15: Local RedHat Enterprise Linux DoS - RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) (Google Search)
http://seclists.org/bugtraq/2016/Mar/118
https://www.exploit-db.com/exploits/39556/
SuSE Security Announcement: SUSE-SU-2016:1672 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
SuSE Security Announcement: SUSE-SU-2016:1690 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
SuSE Security Announcement: SUSE-SU-2016:1696 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html
SuSE Security Announcement: SUSE-SU-2016:1707 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html
SuSE Security Announcement: SUSE-SU-2016:1764 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html
SuSE Security Announcement: SUSE-SU-2016:2074 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
SuSE Security Announcement: openSUSE-SU-2016:1382 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html
http://www.ubuntu.com/usn/USN-2968-1
http://www.ubuntu.com/usn/USN-2968-2
http://www.ubuntu.com/usn/USN-2969-1
http://www.ubuntu.com/usn/USN-2970-1
http://www.ubuntu.com/usn/USN-2971-1
http://www.ubuntu.com/usn/USN-2971-2
http://www.ubuntu.com/usn/USN-2971-3
http://www.ubuntu.com/usn/USN-2996-1
http://www.ubuntu.com/usn/USN-2997-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-9604
BugTraq ID: 102135
http://www.securityfocus.com/bid/102135
RedHat Security Advisories: RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:1842
RedHat Security Advisories: RHSA-2017:2077
https://access.redhat.com/errata/RHSA-2017:2077
RedHat Security Advisories: RHSA-2017:2669
https://access.redhat.com/errata/RHSA-2017:2669
Common Vulnerability Exposure (CVE) ID: CVE-2017-2647
BugTraq ID: 97258
http://www.securityfocus.com/bid/97258
RedHat Security Advisories: RHSA-2017:2437
https://access.redhat.com/errata/RHSA-2017:2437
RedHat Security Advisories: RHSA-2017:2444
https://access.redhat.com/errata/RHSA-2017:2444
https://usn.ubuntu.com/3849-1/
https://usn.ubuntu.com/3849-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-2671
BugTraq ID: 97407
http://www.securityfocus.com/bid/97407
https://www.exploit-db.com/exploits/42135/
https://github.com/danieljiang0415/android_kernel_crash_poc
https://twitter.com/danieljiang0415/status/845116665184497664
http://openwall.com/lists/oss-security/2017/04/04/8
RedHat Security Advisories: RHSA-2018:1854
https://access.redhat.com/errata/RHSA-2018:1854
https://usn.ubuntu.com/3754-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5967
BugTraq ID: 96271
http://www.securityfocus.com/bid/96271
https://bugzilla.kernel.org/show_bug.cgi?id=193921
Common Vulnerability Exposure (CVE) ID: CVE-2017-5970
BugTraq ID: 96233
http://www.securityfocus.com/bid/96233
Debian Security Information: DSA-3791 (Google Search)
http://www.debian.org/security/2017/dsa-3791
http://www.openwall.com/lists/oss-security/2017/02/12/3
Common Vulnerability Exposure (CVE) ID: CVE-2017-6951
BugTraq ID: 96943
http://www.securityfocus.com/bid/96943
http://www.spinics.net/lists/keyrings/msg01845.html
http://www.spinics.net/lists/keyrings/msg01846.html
http://www.spinics.net/lists/keyrings/msg01849.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7184
BugTraq ID: 97018
http://www.securityfocus.com/bid/97018
http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition
https://blog.trendmicro.com/results-pwn2own-2017-day-one/
https://twitter.com/thezdi/status/842126074435665920
RedHat Security Advisories: RHSA-2017:2918
https://access.redhat.com/errata/RHSA-2017:2918
RedHat Security Advisories: RHSA-2017:2930
https://access.redhat.com/errata/RHSA-2017:2930
RedHat Security Advisories: RHSA-2017:2931
https://access.redhat.com/errata/RHSA-2017:2931
RedHat Security Advisories: RHSA-2019:4159
https://access.redhat.com/errata/RHSA-2019:4159
http://www.securitytracker.com/id/1038166
Common Vulnerability Exposure (CVE) ID: CVE-2017-7261
BugTraq ID: 97096
http://www.securityfocus.com/bid/97096
http://marc.info/?t=149037004200005&r=1&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=1435719
https://lists.freedesktop.org/archives/dri-devel/2017-March/136814.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7273
BugTraq ID: 97190
http://www.securityfocus.com/bid/97190
Common Vulnerability Exposure (CVE) ID: CVE-2017-7294
BugTraq ID: 97177
http://www.securityfocus.com/bid/97177
https://bugzilla.redhat.com/show_bug.cgi?id=1436798
https://lists.freedesktop.org/archives/dri-devel/2017-March/137094.html
RedHat Security Advisories: RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:0676
RedHat Security Advisories: RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2018:1062
Common Vulnerability Exposure (CVE) ID: CVE-2017-7308
BugTraq ID: 97234
http://www.securityfocus.com/bid/97234
https://www.exploit-db.com/exploits/41994/
https://www.exploit-db.com/exploits/44654/
https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
RedHat Security Advisories: RHSA-2017:1297
https://access.redhat.com/errata/RHSA-2017:1297
RedHat Security Advisories: RHSA-2017:1298
https://access.redhat.com/errata/RHSA-2017:1298
RedHat Security Advisories: RHSA-2017:1308
https://access.redhat.com/errata/RHSA-2017:1308
Common Vulnerability Exposure (CVE) ID: CVE-2017-7472
BugTraq ID: 98422
http://www.securityfocus.com/bid/98422
https://www.exploit-db.com/exploits/42136/
RedHat Security Advisories: RHSA-2018:0151
https://access.redhat.com/errata/RHSA-2018:0151
RedHat Security Advisories: RHSA-2018:0152
https://access.redhat.com/errata/RHSA-2018:0152
RedHat Security Advisories: RHSA-2018:0181
https://access.redhat.com/errata/RHSA-2018:0181
http://www.securitytracker.com/id/1038471
SuSE Security Announcement: SUSE-SU-2018:0011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-7616
BugTraq ID: 97527
http://www.securityfocus.com/bid/97527
http://www.securitytracker.com/id/1038503
Common Vulnerability Exposure (CVE) ID: CVE-2017-7618
BugTraq ID: 97534
http://www.securityfocus.com/bid/97534
http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2
CopyrightCopyright (C) 2018 Greenbone Networks GmbH http://greenbone.net

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.