Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2069-1)

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP
Fragmentation Offload (UFO). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2013-4470)

Multiple integer overflow flaws were discovered in the Alchemy LCD
frame- buffer drivers in the Linux kernel. An unprivileged local user
could exploit this flaw to gain administrative privileges.
(CVE-2013-4511)

Nico Golde and Fabian Yamaguchi reported a buffer overflow in the Ozmo
Devices USB over WiFi devices. A local user could exploit this flaw to
cause a denial of service or possibly unspecified impact.
(CVE-2013-4513)

Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for Agere Systems HERMES II Wireless PC Cards. A local user
with the CAP_NET_ADMIN capability could exploit this flaw to cause a
denial of service or possibly gain administrative priviliges.
(CVE-2013-4514)

Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for Beceem WIMAX chipset based devices. An unprivileged local
user could exploit this flaw to obtain sensitive information from
kernel memory. (CVE-2013-4515)

Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's
driver for the SystemBase Multi-2/PCI serial card. An unprivileged
user could obtain sensitive information from kernel memory.
(CVE-2013-4516)

A flaw was discovered in the Linux kernel's compat ioctls for Adaptec
AACRAID scsi raid devices. An unprivileged local user could send
administrative commands to these devices potentially compromising the
data stored on the device. (CVE-2013-6383)

Nico Golde reported a flaw in the Linux kernel's userspace IO (uio)
driver. A local user could exploit this flaw to cause a denial of
service (memory corruption) or possibly gain privileges.
(CVE-2013-6763)

Evan Huus reported a buffer overflow in the Linux kernel's radiotap
header parsing. A remote attacker could cause a denial of service
(buffer over- read) via a specially crafted header. (CVE-2013-7027).

Solution :

Update the affected linux-image-3.8.0-35-generic package.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 71795 ()

Bugtraq ID: 63359
64013

CVE ID: CVE-2013-4470
CVE-2013-4511
CVE-2013-4513
CVE-2013-4514
CVE-2013-4515
CVE-2013-4516
CVE-2013-6383
CVE-2013-6763
CVE-2013-7027