Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1971-1.NASL
HistorySep 28, 2013 - 12:00 a.m.

Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-1971-1)

2013-09-2800:00:00
Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash).
(CVE-2013-4254)

A memory leak was discovered in the user namespace facility of the Linux kernel. A local user could cause a denial of service (memory consumption) via the CLONE_NEWUSER unshare call. (CVE-2013-4205).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1971-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(70192);
  script_version("1.9");
  script_cvs_date("Date: 2019/09/19 12:54:29");

  script_cve_id("CVE-2013-4205", "CVE-2013-4254");
  script_xref(name:"USN", value:"1971-1");

  script_name(english:"Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-1971-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Vince Weaver discovered a flaw in the perf subsystem of the Linux
kernel on ARM platforms. A local user could exploit this flaw to gain
privileges or cause a denial of service (system crash).
(CVE-2013-4254)

A memory leak was discovered in the user namespace facility of the
Linux kernel. A local user could cause a denial of service (memory
consumption) via the CLONE_NEWUSER unshare call. (CVE-2013-4205).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1971-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected linux-image-3.8-generic package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-4205", "CVE-2013-4254");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1971-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.8.0-31-generic", pkgver:"3.8.0-31.46~precise1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.8-generic");
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-image-3.8-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic
canonicalubuntu_linux12.04cpe:/o:canonical:ubuntu_linux:12.04:-:lts

Related

openvas 89
securityvulns 3
ubuntu 8
nessus 10
redhatcve 1
debiancve 2
prion 2
ubuntucve 2
cve 2
seebug 1
fedora 37
suse 1
mageia 10
oraclelinux 1
openvas
openvas
Ubuntu Update for linux-lts-raring USN-1971-1
2013-10-03 00:00:00
Ubuntu: Security Advisory (USN-1971-1)
2013-10-03 00:00:00
Ubuntu: Security Advisory (USN-1974-1)
2013-10-03 00:00:00
securityvulns
securityvulns
[USN-1974-1] Linux kernel vulnerabilities
2013-10-01 00:00:00
[USN-1968-1] Linux kernel vulnerabilities
2013-10-01 00:00:00
Linux kernel mulriple security vulnerabilities
2013-10-28 00:00:00
ubuntu
ubuntu
Linux kernel (Raring HWE) vulnerabilities
2013-09-27 00:00:00
Linux kernel vulnerabilities
2013-09-27 00:00:00
Linux kernel (OMAP4) vulnerabilities
2013-09-27 00:00:00
nessus
nessus
Ubuntu 13.04 : linux vulnerabilities (USN-1974-1)
2013-09-28 00:00:00
Fedora 19 : kernel-3.10.9-200.fc19 (2013-15198)
2013-08-23 00:00:00
Ubuntu 12.04 LTS : linux vulnerabilities (USN-1968-1)
2013-09-28 00:00:00
redhatcve
redhatcve
CVE-2013-4205
2015-10-30 10:21:35
debiancve
debiancve
CVE-2013-4205
2013-08-25 03:27:00
CVE-2013-4254
2013-08-25 03:27:00
prion
prion
Memory corruption
2013-08-25 03:27:00
Null pointer dereference
2013-08-25 03:27:00
ubuntucve
ubuntucve
CVE-2013-4205
2013-08-24 00:00:00
CVE-2013-4254
2013-08-24 00:00:00
cve
cve
CVE-2013-4205
2013-08-25 03:27:00
CVE-2013-4254
2013-08-25 03:27:00
seebug
seebug
Linux Kernelζœ¬εœ°ζ‹’η»ζœεŠ‘ζΌζ΄ž(CVE-2013-4205)
2013-08-11 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: kernel-3.10.9-200.fc19
2013-08-23 00:44:38
[SECURITY] Fedora 19 Update: kernel-3.10.11-200.fc19
2013-09-13 01:05:37
[SECURITY] Fedora 19 Update: kernel-3.11.1-200.fc19
2013-09-19 02:05:03
suse
suse
kernel: security and bugfix update (important)
2014-05-19 14:04:14
mageia
mageia
Updated kernel-rt package fixes security vulnerabilites.
2013-11-22 23:04:02
Updated kernel package fixes security vulnerabilites.
2013-11-22 22:57:32
Updated kernel-linus package fixes security vulnerabilites.
2013-11-22 23:00:03
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security and bug fix update (Unbreakable Enterprise Kernel Release 3 QU1)
2014-02-11 00:00:00
JSON
Related for UBUNTU_USN-1971-1.NASL
openvas89securityvulns3ubuntu8nessus10redhatcve1debiancve2prion2ubuntucve2cve2seebug1fedora37suse1mageia10oraclelinux1