Ubuntu 12.04 LTS : linux vulnerabilities (USN-1809-1)

high Nessus Plugin ID 66291
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6548)

Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6549)

An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. (CVE-2013-0913)

Andrew Honig discovered a flaw in guest OS time updates in the Linux kernel's KVM (Kernel-based Virtual Machine). A privileged guest user could exploit this flaw to cause a denial of service (crash host system) or potentially escalate privilege to the host kernel level.
(CVE-2013-1796)

Andrew Honig discovered a use after free error in guest OS time updates in the Linux kernel's KVM (Kernel-based Virtual Machine). A privileged guest user could exploit this flaw to escalate privilege to the host kernel level. (CVE-2013-1797)

Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual Machine) emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service (crash the host). (CVE-2013-1798)

A format-string bug was discovered in the Linux kernel's ext3 filesystem driver. A local user could exploit this flaw to possibly escalate privileges on the system. (CVE-2013-1848)

A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2013-1860)

An information leak in the Linux kernel's dcb netlink interface was discovered. A local user could obtain sensitive information by examining kernel stack memory. (CVE-2013-2634)

A kernel stack information leak was discovered in the RTNETLINK component of the Linux kernel. A local user could read sensitive information from the kernel stack. (CVE-2013-2635).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

https://usn.ubuntu.com/1809-1/

Plugin Details

Severity: High

ID: 66291

File Name: ubuntu_USN-1809-1.nasl

Version: 1.8

Type: local

Agent: unix

Published: 5/2/2013

Updated: 9/19/2019

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual, cpe:/o:canonical:ubuntu_linux:12.04:-:lts

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Patch Publication Date: 5/1/2013

Vulnerability Publication Date: 3/15/2013

Reference Information

CVE: CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635

USN: 1809-1