Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1796-1.NASL
HistoryApr 09, 2013 - 12:00 a.m.

Ubuntu 12.10 : linux vulnerabilities (USN-1796-1)

2013-04-0900:00:00
Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29
JSON

Andrew Jones discovered a flaw with the xen_iret function in Linux kernel’s Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege.
(CVE-2013-0228)

Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to by pass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). (CVE-2013-0914)

A memory use after free error was discover in the Linux kernel’s tmpfs filesystem. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-1767)

Mateusz Guzik discovered a race in the Linux kernel’s keyring. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-1792)

Mathias Krause discovered a memory leak in the Linux kernel’s crypto report API. A local user with CAP_NET_ADMIN could exploit this leak to examine some of the kernel’s stack memory. (CVE-2013-2546)

Mathias Krause discovered a memory leak in the Linux kernel’s crypto report API. A local user with CAP_NET_ADMIN could exploit this leak to examine some of the kernel’s heap memory. (CVE-2013-2547)

Mathias Krause discovered information leaks in the Linux kernel’s crypto algorithm report API. A local user could exploit these flaws to leak kernel stack and heap memory contents. (CVE-2013-2548).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1796-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(65871);
  script_version("1.10");
  script_cvs_date("Date: 2019/09/19 12:54:29");

  script_cve_id("CVE-2013-0228", "CVE-2013-0914", "CVE-2013-1767", "CVE-2013-1792", "CVE-2013-2546", "CVE-2013-2547", "CVE-2013-2548");
  script_bugtraq_id(57940, 58368);
  script_xref(name:"USN", value:"1796-1");

  script_name(english:"Ubuntu 12.10 : linux vulnerabilities (USN-1796-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Andrew Jones discovered a flaw with the xen_iret function in Linux
kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an
unprivileged guest OS user could exploit this flaw to cause a denial
of service (crash the system) or gain guest OS privilege.
(CVE-2013-0228)

Emese Revfy discovered that in the Linux kernel signal handlers could
leak address information across an exec, making it possible to by pass
ASLR (Address Space Layout Randomization). A local user could use this
flaw to by pass ASLR to reliably deliver an exploit payload that would
otherwise be stopped (by ASLR). (CVE-2013-0914)

A memory use after free error was discover in the Linux kernel's tmpfs
filesystem. A local user could exploit this flaw to gain privileges or
cause a denial of service (system crash). (CVE-2013-1767)

Mateusz Guzik discovered a race in the Linux kernel's keyring. A local
user could exploit this flaw to cause a denial of service (system
crash). (CVE-2013-1792)

Mathias Krause discovered a memory leak in the Linux kernel's crypto
report API. A local user with CAP_NET_ADMIN could exploit this leak to
examine some of the kernel's stack memory. (CVE-2013-2546)

Mathias Krause discovered a memory leak in the Linux kernel's crypto
report API. A local user with CAP_NET_ADMIN could exploit this leak to
examine some of the kernel's heap memory. (CVE-2013-2547)

Mathias Krause discovered information leaks in the Linux kernel's
crypto algorithm report API. A local user could exploit these flaws to
leak kernel stack and heap memory contents. (CVE-2013-2548).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1796-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected linux-image-3.5-generic and / or
linux-image-3.5-highbank packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/09");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-0228", "CVE-2013-0914", "CVE-2013-1767", "CVE-2013-1792", "CVE-2013-2546", "CVE-2013-2547", "CVE-2013-2548");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1796-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.10", pkgname:"linux-image-3.5.0-27-generic", pkgver:"3.5.0-27.46")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"linux-image-3.5.0-27-highbank", pkgver:"3.5.0-27.46")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.5-generic / linux-image-3.5-highbank");
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-image-3.5-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic
canonicalubuntu_linuxlinux-image-3.5-highbankp-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank
canonicalubuntu_linux12.10cpe:/o:canonical:ubuntu_linux:12.10

Related

openvas 75
ubuntu 13
nessus 34
securityvulns 4
cve 9
prion 9
fedora 18
redhat 4
ubuntucve 8
debiancve 8
seebug 2
xen 1
veracode 3
oraclelinux 5
centos 2
amazon 1
suse 2
altlinux 1
openvas
openvas
Ubuntu: Security Advisory (USN-1795-1)
2013-04-15 00:00:00
Ubuntu: Security Advisory (USN-1797-1)
2013-04-15 00:00:00
Ubuntu Update for linux USN-1796-1
2013-04-15 00:00:00
ubuntu
ubuntu
Linux kernel (Quantal HWE) vulnerabilities
2013-04-08 00:00:00
Linux kernel vulnerabilities
2013-04-08 00:00:00
Linux kernel (OMAP4) vulnerabilities
2013-04-08 00:00:00
nessus
nessus
Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1795-1)
2013-04-09 00:00:00
Ubuntu 12.04 LTS : linux vulnerabilities (USN-1793-1)
2013-04-09 00:00:00
Fedora 18 : kernel-3.8.2-206.fc18 (2013-3630)
2013-03-11 00:00:00
securityvulns
securityvulns
[USN-1793-1] Linux kernel vulnerabilities
2013-04-15 00:00:00
Linux kernel multiple security vulnerabilities
2013-04-15 00:00:00
[USN-1787-1] Linux kernel vulnerabilities
2013-04-02 00:00:00
cve
cve
CVE-2013-1825
2013-03-15 20:55:00
CVE-2013-2548
2013-03-15 20:55:00
CVE-2013-2547
2013-03-15 20:55:00
prion
prion
Design/Logic Flaw
2013-03-15 20:55:00
Design/Logic Flaw
2013-03-15 20:55:00
Design/Logic Flaw
2013-03-15 20:55:00
fedora
fedora
[SECURITY] Fedora 18 Update: kernel-3.8.3-201.fc18
2013-03-17 01:07:34
[SECURITY] Fedora 18 Update: kernel-3.8.3-203.fc18
2013-03-19 20:06:30
[SECURITY] Fedora 18 Update: kernel-3.8.2-206.fc18
2013-03-11 01:24:13
redhat
redhat
(RHSA-2013:0829) Important: kernel-rt security and bug fix update
2013-05-20 00:00:00
(RHSA-2013:0630) Important: kernel security and bug fix update
2013-03-12 00:00:00
(RHSA-2013:0882) Important: kernel security and bug fix update
2013-05-30 00:00:00
ubuntucve
ubuntucve
CVE-2013-2548
2013-03-15 00:00:00
CVE-2013-2546
2013-03-15 00:00:00
CVE-2013-2547
2013-03-15 00:00:00
debiancve
debiancve
CVE-2013-2547
2013-03-15 20:55:00
CVE-2013-2548
2013-03-15 20:55:00
CVE-2013-2546
2013-03-15 20:55:00
seebug
seebug
Linux Kernel 本地权限提升漏洞(CVE-2013-0228)
2013-03-10 00:00:00
Linux Kernel 本地权限提升漏洞(CVE-2013-1767)
2013-02-28 00:00:00
xen
xen
Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.
2013-02-12 12:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:54:55
Authorization Bypass
2019-05-02 04:54:55
Denial Of Service (DoS)
2019-05-02 04:54:55
oraclelinux
oraclelinux
Unbreakable Enterprise kernel Security update
2013-04-24 00:00:00
Unbreakable Enterprise kernel security and bugfix update
2013-05-09 00:00:00
kernel security and bug fix update
2013-03-12 00:00:00
centos
centos
kernel, perf, python security update
2013-03-13 11:49:36
kernel, perf, python security update
2013-04-24 02:13:29
amazon
amazon
Medium: kernel
2013-06-11 22:45:00
suse
suse
Security update for Linux kernel (important)
2013-05-08 05:04:26
Security update for Linux kernel (important)
2013-05-07 21:04:31
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt13
2013-11-24 00:00:00
JSON
Related for UBUNTU_USN-1796-1.NASL
openvas75ubuntu13nessus34securityvulns4cve9prion9fedora18redhat4ubuntucve8debiancve8seebug2xen1veracode3oraclelinux5centos2amazon1suse2altlinux1