Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2043-1.NASL
HistoryDec 04, 2013 - 12:00 a.m.

Ubuntu 12.10 : linux vulnerabilities (USN-2043-1)

2013-12-0400:00:00
Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

A flaw was discovered in the Linux kernel’s dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299)

Hannes Frederic Sowa discovered a flaw in the Linux kernel’s UDP Fragmenttation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2013-4470).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2043-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(71209);
  script_version("1.10");
  script_cvs_date("Date: 2019/09/19 12:54:29");

  script_cve_id("CVE-2013-4299", "CVE-2013-4470");
  script_bugtraq_id(63183, 63359);
  script_xref(name:"USN", value:"2043-1");

  script_name(english:"Ubuntu 12.10 : linux vulnerabilities (USN-2043-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A flaw was discovered in the Linux kernel's dm snapshot facility. A
remote authenticated user could exploit this flaw to obtain sensitive
information or modify/corrupt data. (CVE-2013-4299)

Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP
Fragmenttation Offload (UFO). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or possibly gain
administrative privileges. (CVE-2013-4470).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2043-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected linux-image-3.5-generic and / or
linux-image-3.5-highbank packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-4299", "CVE-2013-4470");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2043-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.10", pkgname:"linux-image-3.5.0-44-generic", pkgver:"3.5.0-44.67")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"linux-image-3.5.0-44-highbank", pkgver:"3.5.0-44.67")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.5-generic / linux-image-3.5-highbank");
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-image-3.5-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic
canonicalubuntu_linuxlinux-image-3.5-highbankp-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank
canonicalubuntu_linux12.10cpe:/o:canonical:ubuntu_linux:12.10

Related

openvas 66
ubuntu 17
nessus 50
ubuntucve 2
oraclelinux 11
debiancve 2
cve 2
prion 2
redhat 13
veracode 13
securityvulns 5
altlinux 2
centos 3
fedora 1
amazon 2
suse 3
osv 1
mageia 4
openvas
openvas
Ubuntu Update for linux-lts-quantal USN-2040-1
2013-12-04 00:00:00
Ubuntu: Security Advisory (USN-2044-1)
2013-12-04 00:00:00
Ubuntu: Security Advisory (USN-2043-1)
2013-12-04 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2013-12-03 00:00:00
Linux kernel (OMAP4) vulnerabilities
2013-12-03 00:00:00
Linux kernel (OMAP4) vulnerabilities
2013-12-03 00:00:00
nessus
nessus
Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2040-1)
2013-12-04 00:00:00
Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2042-1)
2013-12-04 00:00:00
Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2013-2576)
2013-10-20 00:00:00
ubuntucve
ubuntucve
CVE-2013-4299
2013-10-24 00:00:00
CVE-2013-4470
2013-11-04 00:00:00
oraclelinux
oraclelinux
unbreakable enterprise kernel security update
2013-10-23 00:00:00
unbreakable enterprise kernel security update
2013-10-18 00:00:00
kernel security and bug fix update
2013-10-16 00:00:00
debiancve
debiancve
CVE-2013-4299
2013-10-24 10:53:00
CVE-2013-4470
2013-11-04 15:55:00
cve
cve
CVE-2013-4299
2013-10-24 10:53:00
CVE-2013-4470
2013-11-04 15:55:00
prion
prion
Input validation
2013-10-24 10:53:00
Memory corruption
2013-11-04 15:55:00
redhat
redhat
(RHSA-2013:1860) Moderate: kernel security and bug fix update
2013-12-19 00:00:00
(RHSA-2013:1436) Moderate: kernel security and bug fix update
2013-10-16 00:00:00
(RHSA-2013:1520) Moderate: kernel security, bug fix, and enhancement update
2013-11-14 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:56:30
Access Controls Bypass
2019-05-16 01:22:57
Heap-based Out-Of-Bounds Write
2019-05-02 04:56:54
securityvulns
securityvulns
[USN-2049-1] Linux kernel vulnerabilities
2013-12-09 00:00:00
[USN-2015-1] Linux kernel vulnerabilities
2013-11-13 00:00:00
Linux kernel security vulnerabilities
2013-11-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt12
2013-10-25 00:00:00
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt16
2013-12-20 00:00:00
centos
centos
kernel, perf, python security update
2013-10-17 16:14:23
kernel security update
2013-10-23 00:10:49
kernel, perf, python security update
2013-12-13 00:18:44
fedora
fedora
[SECURITY] Fedora 20 Update: kernel-3.11.7-300.fc20
2013-11-10 07:57:32
amazon
amazon
Medium: kernel
2013-12-02 20:30:00
Medium: kernel
2013-10-16 20:53:00
suse
suse
Security update for Linux Kernel (important)
2014-03-28 02:04:16
Security update for Linux kernel (important)
2014-04-16 01:05:16
Security update for Linux kernel (important)
2014-04-17 02:05:07
osv
osv
linux-2.6 - security update
2014-07-12 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2013-12-18 03:19:07
Updated kernel and related packages fix security vulnerabilities
2013-12-18 02:38:56
Updated kernel-rt packages fix security vulnerabilities
2013-12-18 03:27:56
JSON
Related for UBUNTU_USN-2043-1.NASL
openvas66ubuntu17nessus50ubuntucve2oraclelinux11debiancve2cve2prion2redhat13veracode13securityvulns5altlinux2centos3fedora1amazon2suse3osv1mageia4