Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :
CVE-2013-0160 vladz reported a timing leak with the /dev/ptmx character device. A local user could use this to determine sensitive information such as password length.
CVE-2013-1796 Andrew Honig of Google reported an issue in the KVM subsystem. A user in a guest operating system could corrupt kernel memory, resulting in a denial of service.
CVE-2013-1929 Oded Horovitz and Brad Spengler reported an issue in the device driver for Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach untrusted devices can create an overflow condition, resulting in a denial of service or elevated privileges.
CVE-2013-1979 Andy Lutomirski reported an issue in the socket level control message processing subsystem. Local users may be able to gain eleveated privileges.
CVE-2013-2015 Theodore Ts’o provided a fix for an issue in the ext4 filesystem. Local users with the ability to mount a specially crafted filesystem can cause a denial of service (infinite loop).
CVE-2013-2094 Tommie Rantala discovered an issue in the perf subsystem. An out-of-bounds access vulnerability allows local users to gain elevated privileges.
CVE-2013-3076 Mathias Krause discovered an issue in the userspace interface for hash algorithms. Local users can gain access to sensitive kernel memory.
CVE-2013-3222 Mathias Krause discovered an issue in the Asynchronous Transfer Mode (ATM) protocol support. Local users can gain access to sensitive kernel memory.
CVE-2013-3223 Mathias Krause discovered an issue in the Amateur Radio AX.25 protocol support. Local users can gain access to sensitive kernel memory.
CVE-2013-3224 Mathias Krause discovered an issue in the Bluetooth subsystem. Local users can gain access to sensitive kernel memory.
CVE-2013-3225 Mathias Krause discovered an issue in the Bluetooth RFCOMM protocol support. Local users can gain access to sensitive kernel memory.
CVE-2013-3227 Mathias Krause discovered an issue in the Communication CPU to Application CPU Interface (CAIF). Local users can gain access to sensitive kernel memory.
CVE-2013-3228 Mathias Krause discovered an issue in the IrDA (infrared) subsystem support. Local users can gain access to sensitive kernel memory.
CVE-2013-3229 Mathias Krause discovered an issue in the IUCV support on s390 systems. Local users can gain access to sensitive kernel memory.
CVE-2013-3231 Mathias Krause discovered an issue in the ANSI/IEEE 802.2 LLC type 2 protocol support. Local users can gain access to sensitive kernel memory.
CVE-2013-3234 Mathias Krause discovered an issue in the Amateur Radio X.25 PLP (Rose) protocol support. Local users can gain access to sensitive kernel memory.
CVE-2013-3235 Mathias Krause discovered an issue in the Transparent Inter Process Communication (TIPC) protocol support.
Local users can gain access to sensitive kernel memory.
CVE-2013-3301 Namhyung Kim reported an issue in the tracing subsystem.
A privileged local user could cause a denial of service (system crash). This vulnerabililty is not applicable to Debian systems by default.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-2669. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(66486);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/09/16");
script_cve_id(
"CVE-2013-0160",
"CVE-2013-1796",
"CVE-2013-1929",
"CVE-2013-1979",
"CVE-2013-2015",
"CVE-2013-2094",
"CVE-2013-3076",
"CVE-2013-3222",
"CVE-2013-3223",
"CVE-2013-3224",
"CVE-2013-3225",
"CVE-2013-3227",
"CVE-2013-3228",
"CVE-2013-3229",
"CVE-2013-3231",
"CVE-2013-3234",
"CVE-2013-3235",
"CVE-2013-3301"
);
script_bugtraq_id(
57176,
58607,
58908,
59055,
59377,
59380,
59381,
59383,
59385,
59388,
59389,
59390,
59393,
59397,
59398,
59512,
59538
);
script_xref(name:"DSA", value:"2669");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/10/06");
script_name(english:"Debian DSA-2669-1 : linux - privilege escalation/denial of service/information leak");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
script_set_attribute(attribute:"description", value:
"Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, information leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems :
- CVE-2013-0160
vladz reported a timing leak with the /dev/ptmx
character device. A local user could use this to
determine sensitive information such as password length.
- CVE-2013-1796
Andrew Honig of Google reported an issue in the KVM
subsystem. A user in a guest operating system could
corrupt kernel memory, resulting in a denial of service.
- CVE-2013-1929
Oded Horovitz and Brad Spengler reported an issue in the
device driver for Broadcom Tigon3 based gigabit
Ethernet. Users with the ability to attach untrusted
devices can create an overflow condition, resulting in a
denial of service or elevated privileges.
- CVE-2013-1979
Andy Lutomirski reported an issue in the socket level
control message processing subsystem. Local users may be
able to gain eleveated privileges.
- CVE-2013-2015
Theodore Ts'o provided a fix for an issue in the ext4
filesystem. Local users with the ability to mount a
specially crafted filesystem can cause a denial of
service (infinite loop).
- CVE-2013-2094
Tommie Rantala discovered an issue in the perf
subsystem. An out-of-bounds access vulnerability allows
local users to gain elevated privileges.
- CVE-2013-3076
Mathias Krause discovered an issue in the userspace
interface for hash algorithms. Local users can gain
access to sensitive kernel memory.
- CVE-2013-3222
Mathias Krause discovered an issue in the Asynchronous
Transfer Mode (ATM) protocol support. Local users can
gain access to sensitive kernel memory.
- CVE-2013-3223
Mathias Krause discovered an issue in the Amateur Radio
AX.25 protocol support. Local users can gain access to
sensitive kernel memory.
- CVE-2013-3224
Mathias Krause discovered an issue in the Bluetooth
subsystem. Local users can gain access to sensitive
kernel memory.
- CVE-2013-3225
Mathias Krause discovered an issue in the Bluetooth
RFCOMM protocol support. Local users can gain access to
sensitive kernel memory.
- CVE-2013-3227
Mathias Krause discovered an issue in the Communication
CPU to Application CPU Interface (CAIF). Local users can
gain access to sensitive kernel memory.
- CVE-2013-3228
Mathias Krause discovered an issue in the IrDA
(infrared) subsystem support. Local users can gain
access to sensitive kernel memory.
- CVE-2013-3229
Mathias Krause discovered an issue in the IUCV support
on s390 systems. Local users can gain access to
sensitive kernel memory.
- CVE-2013-3231
Mathias Krause discovered an issue in the ANSI/IEEE
802.2 LLC type 2 protocol support. Local users can gain
access to sensitive kernel memory.
- CVE-2013-3234
Mathias Krause discovered an issue in the Amateur Radio
X.25 PLP (Rose) protocol support. Local users can gain
access to sensitive kernel memory.
- CVE-2013-3235
Mathias Krause discovered an issue in the Transparent
Inter Process Communication (TIPC) protocol support.
Local users can gain access to sensitive kernel memory.
- CVE-2013-3301
Namhyung Kim reported an issue in the tracing subsystem.
A privileged local user could cause a denial of service
(system crash). This vulnerabililty is not applicable to
Debian systems by default.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-0160");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-1796");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-1929");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-1979");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-2015");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-2094");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-3076");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-3222");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-3223");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-3224");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-3225");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-3227");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-3228");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-3229");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-3231");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-3234");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-3235");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-3301");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2013/dsa-2669");
script_set_attribute(attribute:"solution", value:
"Upgrade the linux and user-mode-linux packages.
For the stable distribution (wheezy), this problem has been fixed in
version 3.2.41-2+deb7u1.
Note: Updates are currently available for the amd64, i386, ia64, s390,
s390x and sparc architectures. Updates for the remaining architectures
will be released as they become available.
The following matrix lists additional source packages that were
rebuilt for compatibility with or to take advantage of this update :
Debian 7.0 (wheezy)
user-mode-linux 3.2-2um-1+deb7u1
Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or 'leap-frog' fashion.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/17");
script_set_attribute(attribute:"patch_publication_date", value:"2013/05/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"linux", reference:"3.2.41-2+deb7u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version |
---|---|---|
debian | debian_linux | linux |
debian | debian_linux | 7.0 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3222
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3223
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3224
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3225
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3227
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3228
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3229
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3231
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3234
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3235
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3301
security-tracker.debian.org/tracker/CVE-2013-0160
security-tracker.debian.org/tracker/CVE-2013-1796
security-tracker.debian.org/tracker/CVE-2013-1929
security-tracker.debian.org/tracker/CVE-2013-1979
security-tracker.debian.org/tracker/CVE-2013-2015
security-tracker.debian.org/tracker/CVE-2013-2094
security-tracker.debian.org/tracker/CVE-2013-3076
security-tracker.debian.org/tracker/CVE-2013-3222
security-tracker.debian.org/tracker/CVE-2013-3223
security-tracker.debian.org/tracker/CVE-2013-3224
security-tracker.debian.org/tracker/CVE-2013-3225
security-tracker.debian.org/tracker/CVE-2013-3227
security-tracker.debian.org/tracker/CVE-2013-3228
security-tracker.debian.org/tracker/CVE-2013-3229
security-tracker.debian.org/tracker/CVE-2013-3231
security-tracker.debian.org/tracker/CVE-2013-3234
security-tracker.debian.org/tracker/CVE-2013-3235
security-tracker.debian.org/tracker/CVE-2013-3301
www.debian.org/security/2013/dsa-2669