Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2158-1)

Ubuntu Security Notice (C) 2014-2016 Canonical, Inc. / NASL script (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Stephan Mueller reported an error in the Linux kernel's ansi cprng
random number generator. This flaw makes it easier for a local
attacker to break cryptographic protections. (CVE-2013-4345)

Nico Golde and Fabian Yamaguchi reported buffer underflow errors in
the implementation of the XFS filesystem in the Linux kernel. A local
user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of
service (memory corruption) or possibly other unspecified issues.

An information leak was discovered in the Linux kernel when built with
the NetFilter Connection Tracking (NF_CONNTRACK) support for IRC
protocol (NF_NAT_IRC). A remote attacker could exploit this flaw to
obtain potentially sensitive kernel information when communicating
over a client- to-client IRC connection(/dcc) via a NAT-ed network.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected linux-image-3.8-generic package.

Risk factor :

Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 5.0
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 73288 ()

Bugtraq ID: 62740

CVE ID: CVE-2013-4345

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now