USN-1364-1 : linux-ti-omap4 vulnerabilities

Ubuntu Security Notice (C) 2012 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

A flaw was discovered in the XFS filesystem. If a local user mounts a
specially crafted XFS image it could potential execute arbitrary code
on the system. (CVE-2012-0038)

Andy Whitcroft discovered a that the Overlayfs filesystem was not
doing the extended permission checks needed by cgroups and Linux
Security Modules (LSMs). A local user could exploit this to by-pass
security policy and access files that should not be accessible.
(CVE-2012-0055)

Jüri Aedla discovered that the kernel incorrectly handled
/proc/<pid>/mem permissions. A local attacker could exploit this and
gain root privileges. (CVE-2012-0056)

A flaw was found in the linux kernels IPv4 IGMP query processing. A
remote attacker could exploit this to cause a denial of service.
(CVE-2012-0207)

See also :

http://www.ubuntu.com/usn/usn-1364-1/

Solution :

Update the affected package(s).

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 57938 ()

Bugtraq ID:

CVE ID: CVE-2012-0038
CVE-2012-0055
CVE-2012-0056
CVE-2012-0207