Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1829-1)

Ubuntu Security Notice (C) 2013-2016 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Mathias Krause discovered an information leak in the Linux kernel's
ISO 9660 CDROM file system driver. A local user could exploit this
flaw to examine some of the kernel's heap memory. (CVE-2012-6549)

Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A
local attacker with NET_ADMIN capability could potentially exploit
this flaw to escalate privileges. (CVE-2013-1826)

A buffer overflow was discovered in the Linux Kernel's USB subsystem
for devices reporting the cdc-wdm class. A specially crafted USB
device when plugged-in could cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2013-1860)

An information leak was discovered in the Linux kernel's /dev/dvb
device. A local user could exploit this flaw to obtain sensitive
information from the kernel's stack memory. (CVE-2013-1928)

An information leak in the Linux kernel's dcb netlink interface was
discovered. A local user could obtain sensitive information by
examining kernel stack memory. (CVE-2013-2634).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected linux-image-2.6.32-352-ec2 package.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 66494 ()

Bugtraq ID: 58381
58510
58597
58906
58993

CVE ID: CVE-2012-6549
CVE-2013-1826
CVE-2013-1860
CVE-2013-1928
CVE-2013-2634

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial