Ubuntu 12.04 LTS : linux vulnerabilities (USN-2334-1)

Ubuntu Security Notice (C) 2014-2017 Canonical, Inc. / NASL script (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

An flaw was discovered in the Linux kernel's audit subsystem when
auditing certain syscalls. A local attacker could exploit this flaw to
obtain potentially sensitive single-bit values from kernel memory or
cause a denial of service (OOPS). (CVE-2014-3917)

An information leak was discovered in the rd_mcp backend of the iSCSI
target subsystem in the Linux kernel. A local user could exploit this
flaw to obtain sensitive information from ramdisk_mcp memory by
leveraging access to a SCSI initiator. (CVE-2014-4027)

Sasha Levin reported an issue with the Linux kernel's shared memory
subsystem when used with range notifications and hole punching. A
local user could exploit this flaw to cause a denial of service.
(CVE-2014-4171)

Toralf Forster reported an error in the Linux kernels syscall
auditing on 32 bit x86 platforms. A local user could exploit this flaw
to cause a denial of service (OOPS and system crash). (CVE-2014-4508)

An information leak was discovered in the control implemenation of the
Advanced Linux Sound Architecture (ALSA) subsystem in the Linux
kernel. A local user could exploit this flaw to obtain sensitive
information from kernel memory. (CVE-2014-4652)

A use-after-free flaw was discovered in the Advanced Linux Sound
Architecture (ALSA) control implementation of the Linux kernel. A
local user could exploit this flaw to cause a denial of service
(system crash). (CVE-2014-4653)

A authorization bug was discovered with the snd_ctl_elem_add function
of the Advanced Linux Sound Architecture (ALSA) in the Linux kernel. A
local user could exploit his bug to cause a denial of service (remove
kernel controls). (CVE-2014-4654)

A flaw discovered in how the snd_ctl_elem function of the Advanced
Linux Sound Architecture (ALSA) handled a reference count. A local
user could exploit this flaw to cause a denial of service (integer
overflow and limit bypass). (CVE-2014-4655)

An integer overflow flaw was discovered in the control implementation
of the Advanced Linux Sound Architecture (ALSA). A local user could
exploit this flaw to cause a denial of service (system crash).
(CVE-2014-4656)

An integer underflow flaw was discovered in the Linux kernel's
handling of the backlog value for certain SCTP packets. A remote
attacker could exploit this flaw to cause a denial of service (socket
outage) via a crafted SCTP packet. (CVE-2014-4667)

Jason Gunthorpe reported a flaw with SCTP authentication in the Linux
kernel. A remote attacker could exploit this flaw to cause a denial of
service (NULL pointer dereference and OOPS). (CVE-2014-5077).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.6
(CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C)
CVSS Temporal Score : 5.5
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now