Ubuntu Security Notice (C) 2014-2016 Canonical, Inc. / NASL script (C) 2014-2016 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
Ben Hawkes reported some off by one errors for report descriptors in
the Linux kernel's HID stack. A physically proximate attacker could
exploit these flaws to cause a denial of service (out-of-bounds write)
via a specially crafted device. (CVE-2014-3184)
Several bounds check flaws allowing for buffer overflows were
discovered in the Linux kernel's Whiteheat USB serial driver. A
physically proximate attacker could exploit these flaws to cause a
denial of service (system crash) via a specially crafted device.
A flaw was discovered in the Linux kernel's UDF filesystem (used on
some CD-ROMs and DVDs) when processing indirect ICBs. An attacker who
can cause CD, DVD or image file with a specially crafted inode to be
mounted can cause a denial of service (infinite loop or stack
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Update the affected linux-image-2.6-ec2 package.
Risk factor :
Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 5.1
Public Exploit Available : false