Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : libksba vulnerability (USN-2427-1)

high Nessus Plugin ID 79623
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote Ubuntu host is missing a security-related patch.


Hanno Bock discovered that Libksba incorrectly handled certain S/MIME messages or ECC based OpenPGP data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected libksba8 package.

See Also


Plugin Details

Severity: High

ID: 79623

File Name: ubuntu_USN-2427-1.nasl

Version: 1.13

Type: local

Agent: unix

Published: 11/28/2014

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:libksba8, cpe:/o:canonical:ubuntu_linux:12.04:-:lts, cpe:/o:canonical:ubuntu_linux:14.04, cpe:/o:canonical:ubuntu_linux:14.10

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 11/27/2014

Vulnerability Publication Date: 12/1/2014

Reference Information

CVE: CVE-2014-9087

BID: 71285

USN: 2427-1