Ubuntu 12.04 LTS : linux vulnerabilities (USN-1941-1)

Ubuntu Security Notice (C) 2013-2014 Canonical, Inc. / NASL script (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

Chanam Park reported a NULL pointer flaw in the Linux kernel's Ceph
client. A remote attacker could exploit this flaw to cause a denial of
service (system crash). (CVE-2013-1059)

Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that
allows for privilege escalation. A local user could exploit this flaw
to run commands as root when using the perf tool. (CVE-2013-1060)

Jonathan Salwan discovered an information leak in the Linux kernel's
cdrom driver. A local user can exploit this leak to obtain sensitive
information from kernel memory if the CD-ROM drive is malfunctioning.
(CVE-2013-2164)

A flaw was discovered in the Linux kernel when an IPv6 socket is used
to connect to an IPv4 destination. An unprivileged local user could
exploit this flaw to cause a denial of service (system crash).
(CVE-2013-2232)

An information leak was discovered in the IPSec key_socket
implementation in the Linux kernel. An local user could exploit this
flaw to examine potentially sensitive information in kernel memory.
(CVE-2013-2234)

Kees Cook discovered a format string vulnerability in the Linux
kernel's disk block layer. A local user with administrator privileges
could exploit this flaw to gain kernel privileges. (CVE-2013-2851)

Hannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option
in the Linux kernel's IPv6 stack. A local user could exploit this flaw
to cause a denial of service (system crash). (CVE-2013-4162)

Hannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the
Linux kernel when the IPV6_MTU setsockopt option has been specified in
combination with the UDP_CORK option. A local user could exploit this
flaw to cause a denial of service (system crash). (CVE-2013-4163).

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 69809 ()

Bugtraq ID: 60375
60409
60922

CVE ID: CVE-2013-1059
CVE-2013-1060
CVE-2013-2164
CVE-2013-2232
CVE-2013-2234
CVE-2013-2851
CVE-2013-4162
CVE-2013-4163