Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-1995-1)

Ubuntu Security Notice (C) 2013-2016 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

An information leak was discovered in the Linux kernel when reading
broadcast messages from the notify_policy interface of the IPSec
key_socket. A local user could exploit this flaw to examine
potentially sensitive information in kernel memory. (CVE-2013-2237)

Kees Cook discovered flaw in the Human Interface Device (HID)
subsystem of the Linux kernel. A physically proximate attacker could
exploit this flaw to execute arbitrary code or cause a denial of
service (heap memory corruption) via a specially crafted device that
provides an invalid Report ID. (CVE-2013-2888)

Kees Cook discovered a flaw in the Human Interface Device (HID)
subsystem of the Linux kerenl when CONFIG_HID_PANTHERLORD is enabled.
A physically proximate attacker could cause a denial of service (heap
out-of-bounds write) via a specially crafted device. (CVE-2013-2892)

Kees Cook discovered a vulnerability in the Linux Kernel's Human
Interface Device (HID) subsystem's support for N-Trig touch screens. A
physically proximate attacker could exploit this flaw to cause a
denial of service (OOPS) via a specially crafted device.
(CVE-2013-2896)

Kees Cook discovered an information leak in the Linux kernel's Human
Interface Device (HID) subsystem when CONFIG_HID_SENSOR_HUB is
enabled. A physically proximate attacker could obtain potentially
sensitive information from kernel memory via a specially crafted
device. (CVE-2013-2898)

Kees Cook discovered a flaw in the Human Interface Device (HID)
subsystem of the Linux kernel whe CONFIG_HID_PICOLCD is enabled. A
physically proximate attacker could exploit this flaw to cause a
denial of service (OOPS) via a specially crafted device.
(CVE-2013-2899)

A flaw was discovered in how the Linux Kernel's networking stack
checks scm credentials when used with namespaces. A local attacker
could exploit this flaw to gain privileges. (CVE-2013-4300).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected linux-image-3.8.0-32-generic package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 70541 ()

Bugtraq ID: 60953
62043
62046
62048
62049
62056
62072

CVE ID: CVE-2013-2237
CVE-2013-2888
CVE-2013-2892
CVE-2013-2896
CVE-2013-2898
CVE-2013-2899
CVE-2013-4300

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial