Ubuntu 12.04 LTS : linux vulnerabilities (USN-2376-1)

Ubuntu Security Notice (C) 2014-2016 Canonical, Inc. / NASL script (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Steven Vittitoe reported multiple stack buffer overflows in Linux
kernel's magicmouse HID driver. A physically proximate attacker could
exploit this flaw to cause a denial of service (system crash) or
possibly execute arbitrary code via specially crafted devices.
(CVE-2014-3181)

Ben Hawkes reported some off by one errors for report descriptors in
the Linux kernel's HID stack. A physically proximate attacker could
exploit these flaws to cause a denial of service (out-of-bounds write)
via a specially crafted device. (CVE-2014-3184)

Several bounds check flaws allowing for buffer overflows were
discovered in the Linux kernel's Whiteheat USB serial driver. A
physically proximate attacker could exploit these flaws to cause a
denial of service (system crash) via a specially crafted device.
(CVE-2014-3185)

Steven Vittitoe reported a buffer overflow in the Linux kernel's
PicoLCD HID device driver. A physically proximate attacker could
exploit this flaw to cause a denial of service (system crash) or
possibly execute arbitrary code via a specially craft device.
(CVE-2014-3186)

A flaw was discovered in the Linux kernel's UDF filesystem (used on
some CD-ROMs and DVDs) when processing indirect ICBs. An attacker who
can cause CD, DVD or image file with a specially crafted inode to be
mounted can cause a denial of service (infinite loop or stack
consumption). (CVE-2014-6410)

James Eckersall discovered a buffer overflow in the Ceph filesystem in
the Linux kernel. A remote attacker could exploit this flaw to cause a
denial of service (memory consumption and panic) or possibly have
other unspecified impact via a long unencrypted auth ticket.
(CVE-2014-6416)

James Eckersall discovered a flaw in the handling of memory allocation
failures in the Ceph filesystem. A remote attacker could exploit this
flaw to cause a denial of service (system crash) or possibly have
unspecified other impact. (CVE-2014-6417)

James Eckersall discovered a flaw in how the Ceph filesystem validates
auth replies. A remote attacker could exploit this flaw to cause a
denial of service (system crash) or possibly have other unspecified
impact. (CVE-2014-6418).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now