Debian DSA-2669-1 : linux - privilege escalation/denial of service/information leak

high Nessus Plugin ID 66486

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2013-0160 vladz reported a timing leak with the /dev/ptmx character device. A local user could use this to determine sensitive information such as password length.

- CVE-2013-1796 Andrew Honig of Google reported an issue in the KVM subsystem. A user in a guest operating system could corrupt kernel memory, resulting in a denial of service.

- CVE-2013-1929 Oded Horovitz and Brad Spengler reported an issue in the device driver for Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach untrusted devices can create an overflow condition, resulting in a denial of service or elevated privileges.

- CVE-2013-1979 Andy Lutomirski reported an issue in the socket level control message processing subsystem. Local users may be able to gain eleveated privileges.

- CVE-2013-2015 Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local users with the ability to mount a specially crafted filesystem can cause a denial of service (infinite loop).

- CVE-2013-2094 Tommie Rantala discovered an issue in the perf subsystem. An out-of-bounds access vulnerability allows local users to gain elevated privileges.

- CVE-2013-3076 Mathias Krause discovered an issue in the userspace interface for hash algorithms. Local users can gain access to sensitive kernel memory.

- CVE-2013-3222 Mathias Krause discovered an issue in the Asynchronous Transfer Mode (ATM) protocol support. Local users can gain access to sensitive kernel memory.

- CVE-2013-3223 Mathias Krause discovered an issue in the Amateur Radio AX.25 protocol support. Local users can gain access to sensitive kernel memory.

- CVE-2013-3224 Mathias Krause discovered an issue in the Bluetooth subsystem. Local users can gain access to sensitive kernel memory.

- CVE-2013-3225 Mathias Krause discovered an issue in the Bluetooth RFCOMM protocol support. Local users can gain access to sensitive kernel memory.

- CVE-2013-3227 Mathias Krause discovered an issue in the Communication CPU to Application CPU Interface (CAIF). Local users can gain access to sensitive kernel memory.

- CVE-2013-3228 Mathias Krause discovered an issue in the IrDA (infrared) subsystem support. Local users can gain access to sensitive kernel memory.

- CVE-2013-3229 Mathias Krause discovered an issue in the IUCV support on s390 systems. Local users can gain access to sensitive kernel memory.

- CVE-2013-3231 Mathias Krause discovered an issue in the ANSI/IEEE 802.2 LLC type 2 protocol support. Local users can gain access to sensitive kernel memory.

- CVE-2013-3234 Mathias Krause discovered an issue in the Amateur Radio X.25 PLP (Rose) protocol support. Local users can gain access to sensitive kernel memory.

- CVE-2013-3235 Mathias Krause discovered an issue in the Transparent Inter Process Communication (TIPC) protocol support.
Local users can gain access to sensitive kernel memory.

- CVE-2013-3301 Namhyung Kim reported an issue in the tracing subsystem.
A privileged local user could cause a denial of service (system crash). This vulnerabililty is not applicable to Debian systems by default.

Solution

Upgrade the linux and user-mode-linux packages.

For the stable distribution (wheezy), this problem has been fixed in version 3.2.41-2+deb7u1.

Note: Updates are currently available for the amd64, i386, ia64, s390, s390x and sparc architectures. Updates for the remaining architectures will be released as they become available.

The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update :

Debian 7.0 (wheezy) user-mode-linux 3.2-2um-1+deb7u1 Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or 'leap-frog' fashion.

See Also

https://security-tracker.debian.org/tracker/CVE-2013-0160

https://security-tracker.debian.org/tracker/CVE-2013-1796

https://security-tracker.debian.org/tracker/CVE-2013-1929

https://security-tracker.debian.org/tracker/CVE-2013-1979

https://security-tracker.debian.org/tracker/CVE-2013-2015

https://security-tracker.debian.org/tracker/CVE-2013-2094

https://security-tracker.debian.org/tracker/CVE-2013-3076

https://security-tracker.debian.org/tracker/CVE-2013-3222

https://security-tracker.debian.org/tracker/CVE-2013-3223

https://security-tracker.debian.org/tracker/CVE-2013-3224

https://security-tracker.debian.org/tracker/CVE-2013-3225

https://security-tracker.debian.org/tracker/CVE-2013-3227

https://security-tracker.debian.org/tracker/CVE-2013-3228

https://security-tracker.debian.org/tracker/CVE-2013-3229

https://security-tracker.debian.org/tracker/CVE-2013-3231

https://security-tracker.debian.org/tracker/CVE-2013-3234

https://security-tracker.debian.org/tracker/CVE-2013-3235

https://security-tracker.debian.org/tracker/CVE-2013-3301

https://www.debian.org/security/2013/dsa-2669

Plugin Details

Severity: High

ID: 66486

File Name: debian_DSA-2669.nasl

Version: 1.17

Type: local

Agent: unix

Published: 5/17/2013

Updated: 9/16/2022

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/15/2013

Vulnerability Publication Date: 2/17/2013

CISA Known Exploited Vulnerability Due Dates: 10/6/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2013-0160, CVE-2013-1796, CVE-2013-1929, CVE-2013-1979, CVE-2013-2015, CVE-2013-2094, CVE-2013-3076, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224, CVE-2013-3225, CVE-2013-3227, CVE-2013-3228, CVE-2013-3229, CVE-2013-3231, CVE-2013-3234, CVE-2013-3235, CVE-2013-3301

BID: 57176, 58607, 58908, 59055, 59377, 59380, 59381, 59383, 59385, 59388, 59389, 59390, 59393, 59397, 59398, 59512, 59538

DSA: 2669