Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2375-1)

Medium Nessus Plugin ID 78256

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9


The remote Ubuntu host is missing a security-related patch.


Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. (CVE-2014-3184)

Several bounds check flaws allowing for buffer overflows were discovered in the Linux kernel's Whiteheat USB serial driver. A physically proximate attacker could exploit these flaws to cause a denial of service (system crash) via a specially crafted device.

A flaw was discovered in the Linux kernel's UDF filesystem (used on some CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause CD, DVD or image file with a specially crafted inode to be mounted can cause a denial of service (infinite loop or stack consumption). (CVE-2014-6410).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected linux-image-2.6-ec2 package.

See Also


Plugin Details

Severity: Medium

ID: 78256

File Name: ubuntu_USN-2375-1.nasl

Version: 1.12

Type: local

Agent: unix

Published: 2014/10/11

Updated: 2021/01/19

Dependencies: 12634, 122878

Risk Information

Risk Factor: Medium

VPR Score: 5.9

CVSS v2.0

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2, cpe:/o:canonical:ubuntu_linux:10.04:-:lts

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/10/09

Vulnerability Publication Date: 2014/09/28

Reference Information

CVE: CVE-2014-3184, CVE-2014-3185, CVE-2014-6410

BID: 69768, 69781, 69799

USN: 2375-1