Ubuntu 10.04 LTS : linux vulnerabilities (USN-1824-1)
medium Nessus Plugin ID 66467
Language:
New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.
VPR Score: 5.9
Synopsis
The remote Ubuntu host is missing one or more security-related patches.Description
Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6549)Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local attacker with NET_ADMIN capability could potentially exploit this flaw to escalate privileges. (CVE-2013-1826)
A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2013-1860)
An information leak was discovered in the Linux kernel's /dev/dvb device. A local user could exploit this flaw to obtain sensitive information from the kernel's stack memory. (CVE-2013-1928)
An information leak in the Linux kernel's dcb netlink interface was discovered. A local user could obtain sensitive information by examining kernel stack memory. (CVE-2013-2634).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 66467
File Name: ubuntu_USN-1824-1.nasl
Version: 1.9
Type: local
Agent: unix
Family: Ubuntu Local Security Checks
Published: 5/16/2013
Updated: 9/19/2019
Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl
Risk Information
Risk Factor: Medium
VPR Score: 5.9
CVSS v2.0
Base Score: 6.9
Temporal Score: 6
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: E:ND/RL:OF/RC:C
Vulnerability Information
CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile, p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual, cpe:/o:canonical:ubuntu_linux:10.04:-:lts
Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 5/15/2013
Vulnerability Publication Date: 3/15/2013
Reference Information
CVE: CVE-2012-6549, CVE-2013-1826, CVE-2013-1860, CVE-2013-1928, CVE-2013-2634
USN: 1824-1