USN-1241-1 : linux-fsl-imx51 vulnerabilities

critical Nessus Plugin ID 56640
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 5.9

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573)

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.
(CVE-2011-1576)

Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)

Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.
(CVE-2011-2213)

Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)

Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)

Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)

Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)

It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)

Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)

It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)

Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)

Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905)

Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909)

Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.
(CVE-2011-2928)

Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)

Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)

Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)

Solution

Update the affected package(s).

See Also

http://www.ubuntu.com/usn/usn-1241-1/

Plugin Details

Severity: Critical

ID: 56640

File Name: ubuntu_USN-1241-1.nasl

Version: Revision: 1.2

Type: local

Agent: unix

Published: 10/26/2011

Updated: 12/1/2016

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: Critical

VPR Score: 5.9

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux

Required KB Items: Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Patch Publication Date: 10/25/2011

Reference Information

CVE: CVE-2011-1573, CVE-2011-1576, CVE-2011-1776, CVE-2011-2213, CVE-2011-2494, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517, CVE-2011-2525, CVE-2011-2695, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191, CVE-2011-3363

USN: 1241-1