USN-1530-1 : linux-ti-omap4 vulnerabilities

High Nessus Plugin ID 61508

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server (attacker) could exploit this flaw to cause a denial of service. (CVE-2011-4131)

Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. (CVE-2012-2123)

An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. (CVE-2012-2136)

Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. (CVE-2012-2313)

Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user could exploit these flaws to gain root system priviliges. (CVE-2012-2319)

A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372)

A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS). (CVE-2012-2375)

Solution

Update the affected package(s).

See Also

http://www.ubuntu.com/usn/usn-1530-1/

Plugin Details

Severity: High

ID: 61508

File Name: ubuntu_USN-1530-1.nasl

Version: Revision: 1.3

Type: local

Agent: unix

Published: 2012/08/13

Updated: 2016/12/01

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux

Required KB Items: Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Patch Publication Date: 2012/08/10

Reference Information

CVE: CVE-2011-4131, CVE-2012-2123, CVE-2012-2136, CVE-2012-2313, CVE-2012-2319, CVE-2012-2372, CVE-2012-2375

USN: 1530-1