Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3880-1)

high Nessus Plugin ID 121598

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3880-1 advisory.

- The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. (CVE-2018-1066)

- An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (CVE-2018-17972)

- Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.
If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions:
4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)

- In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References:
Upstream kernel. (CVE-2018-9568)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

https://ubuntu.com/security/notices/USN-3880-1

Plugin Details

Severity: High

ID: 121598

File Name: ubuntu_USN-3880-1.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2/5/2019

Updated: 1/9/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-9568

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-165-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-165-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-165-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-165-powerpc-e500, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-165-powerpc-e500mc, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-165-powerpc-smp, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-165-powerpc64-emb, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-165-powerpc64-smp, cpe:/o:canonical:ubuntu_linux:14.04:-:lts

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/4/2019

Vulnerability Publication Date: 3/2/2018

Reference Information

CVE: CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, CVE-2018-9568

USN: 3880-1