Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2065-1)

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Stephan Mueller reported an error in the Linux kernel's ansi cprng
random number generator. This flaw makes it easier for a local
attacker to break cryptographic protections. (CVE-2013-4345)

A flaw was discovered in the Linux kernel's IP Virtual Server (IP_VS)
support. A local user with the CAP_NET_ADMIN capability could exploit
this flaw to gain additional administrative privileges.
(CVE-2013-4588)

Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
debugfs filesystem. An administrative local user could exploit this
flaw to cause a denial of service (OOPS). (CVE-2013-6378)

Nico Golde reported a flaw in the Linux kernel's userspace IO (uio)
driver. A local user could exploit this flaw to cause a denial of
service (memory corruption) or possibly gain privileges.
(CVE-2013-6763).

Solution :

Update the affected linux-image-2.6.32-360-ec2 package.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 71792 ()

Bugtraq ID: 62740
63707
63744
63886

CVE ID: CVE-2013-4345
CVE-2013-4588
CVE-2013-6378
CVE-2013-6763