Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2014-2021 Canonical, Inc. / NASL script (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2336-1.NASL
HistorySep 03, 2014 - 12:00 a.m.

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2336-1)

2014-09-0300:00:00
Ubuntu Security Notice (C) 2014-2021 Canonical, Inc. / NASL script (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
104
JSON

A flaw was discovered in the Linux kernel virtual machine’s (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash).
(CVE-2014-0155)

Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. (CVE-2014-0181)

An information leak was discovered in the Linux kernels aio_read_events_ring function. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-0206)

A flaw was discovered in the Linux kernel’s implementation of user namespaces with respect to inode permissions. A local user could exploit this flaw by creating a user namespace to gain administrative privileges. (CVE-2014-4014)

An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (CVE-2014-4027)

Sasha Levin reported an issue with the Linux kernel’s shared memory subsystem when used with range notifications and hole punching. A local user could exploit this flaw to cause a denial of service.
(CVE-2014-4171)

Toralf Forster reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). (CVE-2014-4508)

An information leak was discovered in the control implemenation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-4652)

A use-after-free flaw was discovered in the Advanced Linux Sound Architecture (ALSA) control implementation of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-4653)

A authorization bug was discovered with the snd_ctl_elem_add function of the Advanced Linux Sound Architecture (ALSA) in the Linux kernel. A local user could exploit his bug to cause a denial of service (remove kernel controls). (CVE-2014-4654)

A flaw discovered in how the snd_ctl_elem function of the Advanced Linux Sound Architecture (ALSA) handled a reference count. A local user could exploit this flaw to cause a denial of service (integer overflow and limit bypass). (CVE-2014-4655)

An integer overflow flaw was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA). A local user could exploit this flaw to cause a denial of service (system crash).
(CVE-2014-4656)

An integer underflow flaw was discovered in the Linux kernel’s handling of the backlog value for certain SCTP packets. A remote attacker could exploit this flaw to cause a denial of service (socket outage) via a crafted SCTP packet. (CVE-2014-4667)

Vasily Averin discover a reference count flaw during attempts to umount in conjunction with a symlink. A local user could exploit this flaw to cause a denial of service (memory consumption or use after free) or possibly have other unspecified impact. (CVE-2014-5045).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2336-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(77491);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-0155", "CVE-2014-0181", "CVE-2014-0206", "CVE-2014-4014", "CVE-2014-4027", "CVE-2014-4171", "CVE-2014-4508", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-5045");
  script_bugtraq_id(66688, 67034, 67985, 67988, 68126, 68157, 68162, 68163, 68164, 68170, 68176, 68224, 68862);
  script_xref(name:"USN", value:"2336-1");

  script_name(english:"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2336-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description",
    value:
"A flaw was discovered in the Linux kernel virtual machine's (kvm)
validation of interrupt requests (irq). A guest OS user could exploit
this flaw to cause a denial of service (host OS crash).
(CVE-2014-0155)

Andy Lutomirski discovered a flaw in the authorization of netlink
socket operations when a socket is passed to a process of more
privilege. A local user could exploit this flaw to bypass access
restrictions by having a privileged executable do something it was not
intended to do. (CVE-2014-0181)

An information leak was discovered in the Linux kernels
aio_read_events_ring function. A local user could exploit this flaw to
obtain potentially sensitive information from kernel memory.
(CVE-2014-0206)

A flaw was discovered in the Linux kernel's implementation of user
namespaces with respect to inode permissions. A local user could
exploit this flaw by creating a user namespace to gain administrative
privileges. (CVE-2014-4014)

An information leak was discovered in the rd_mcp backend of the iSCSI
target subsystem in the Linux kernel. A local user could exploit this
flaw to obtain sensitive information from ramdisk_mcp memory by
leveraging access to a SCSI initiator. (CVE-2014-4027)

Sasha Levin reported an issue with the Linux kernel's shared memory
subsystem when used with range notifications and hole punching. A
local user could exploit this flaw to cause a denial of service.
(CVE-2014-4171)

Toralf Forster reported an error in the Linux kernels syscall
auditing on 32 bit x86 platforms. A local user could exploit this flaw
to cause a denial of service (OOPS and system crash). (CVE-2014-4508)

An information leak was discovered in the control implemenation of the
Advanced Linux Sound Architecture (ALSA) subsystem in the Linux
kernel. A local user could exploit this flaw to obtain sensitive
information from kernel memory. (CVE-2014-4652)

A use-after-free flaw was discovered in the Advanced Linux Sound
Architecture (ALSA) control implementation of the Linux kernel. A
local user could exploit this flaw to cause a denial of service
(system crash). (CVE-2014-4653)

A authorization bug was discovered with the snd_ctl_elem_add function
of the Advanced Linux Sound Architecture (ALSA) in the Linux kernel. A
local user could exploit his bug to cause a denial of service (remove
kernel controls). (CVE-2014-4654)

A flaw discovered in how the snd_ctl_elem function of the Advanced
Linux Sound Architecture (ALSA) handled a reference count. A local
user could exploit this flaw to cause a denial of service (integer
overflow and limit bypass). (CVE-2014-4655)

An integer overflow flaw was discovered in the control implementation
of the Advanced Linux Sound Architecture (ALSA). A local user could
exploit this flaw to cause a denial of service (system crash).
(CVE-2014-4656)

An integer underflow flaw was discovered in the Linux kernel's
handling of the backlog value for certain SCTP packets. A remote
attacker could exploit this flaw to cause a denial of service (socket
outage) via a crafted SCTP packet. (CVE-2014-4667)

Vasily Averin discover a reference count flaw during attempts to
umount in conjunction with a symlink. A local user could exploit this
flaw to cause a denial of service (memory consumption or use after
free) or possibly have other unspecified impact. (CVE-2014-5045).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2336-1/"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Update the affected linux-image-3.13-generic and / or
linux-image-3.13-generic-lpae packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2014-2021 Canonical, Inc. / NASL script (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2014-0155", "CVE-2014-0181", "CVE-2014-0206", "CVE-2014-4014", "CVE-2014-4027", "CVE-2014-4171", "CVE-2014-4508", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-5045");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2336-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-35-generic", pkgver:"3.13.0-35.62~precise1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-35-generic-lpae", pkgver:"3.13.0-35.62~precise1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.13-generic / linux-image-3.13-generic-lpae");
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-image-3.13-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic
canonicalubuntu_linuxlinux-image-3.13-generic-lpaep-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae
canonicalubuntu_linux12.04cpe:/o:canonical:ubuntu_linux:12.04:-:lts

Related

openvas 40
nessus 41
ubuntu 6
securityvulns 5
redhat 4
mageia 8
suse 5
amazon 1
oraclelinux 13
veracode 15
centos 2
prion 12
f5 4
ubuntucve 12
osv 1
debiancve 13
cve 13
exploitpack 1
seebug 1
zdt 1
debian 1
openvas
openvas
Ubuntu: Security Advisory (USN-2337-1)
2014-09-03 00:00:00
Ubuntu: Security Advisory (USN-2336-1)
2014-09-03 00:00:00
Ubuntu: Security Advisory (USN-2334-1)
2014-09-03 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2337-1)
2014-09-03 00:00:00
Ubuntu 12.04 LTS : linux vulnerabilities (USN-2334-1)
2014-09-03 00:00:00
Ubuntu 10.04 LTS : linux vulnerabilities (USN-2332-1)
2014-09-03 00:00:00
ubuntu
ubuntu
Linux kernel (Trusty HWE) vulnerabilities
2014-09-02 00:00:00
Linux kernel vulnerabilities
2014-09-02 00:00:00
Linux kernel vulnerabilities
2014-09-02 00:00:00
securityvulns
securityvulns
[USN-2332-1] Linux kernel vulnerabilities
2014-09-03 00:00:00
Linux kernel multiple security vulnerabilities
2014-09-29 00:00:00
Linux kernel multiple security vulnerabilities
2014-07-21 00:00:00
redhat
redhat
(RHSA-2014:1083) Important: kernel-rt security and bug fix update
2014-08-20 00:00:00
(RHSA-2014:1392) Important: kernel security, bug fix, and enhancement update
2014-10-14 00:00:00
(RHSA-2014:0913) Important: kernel-rt security update
2014-07-22 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2014-08-06 00:08:48
Updated kernel-tmb package fixes security vulnerabilities
2014-08-18 13:14:56
Updated kernel-vserver package fixes security vulnerabilities
2014-08-18 13:14:56
suse
suse
kernel: security and bugfix update (important)
2014-08-11 12:04:19
kernel: security and bugfix update (important)
2014-08-01 15:04:21
Security update for the Linux Kernel (important)
2014-09-16 19:04:20
amazon
amazon
Medium: kernel
2014-07-09 16:29:00
oraclelinux
oraclelinux
unbreakable enterprise kernel security update
2014-08-11 00:00:00
Unbreakable Enterprise kernel security update
2014-10-17 00:00:00
Unbreakable Enterprise kernel Security update
2014-10-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:12:40
Denial Of Service (DoS)
2019-05-02 05:12:39
Denial Of Service (DoS)
2019-05-02 05:12:40
centos
centos
kernel, perf, python security update
2014-10-20 18:09:23
kernel, perf, python security update
2014-12-10 12:48:13
prion
prion
Design/Logic Flaw
2014-06-23 11:21:00
Design/Logic Flaw
2014-07-03 04:22:00
Double free
2014-07-03 04:22:00
f5
f5
K16531 : Linux kernel vulnerability CVE-2014-4027
2015-04-30 00:00:00
SOL16531 - Linux kernel vulnerability CVE-2014-4027
2015-04-30 00:00:00
SOL15677 - Linux kernel vulnerability CVE-2014-4014
2014-10-09 00:00:00
ubuntucve
ubuntucve
CVE-2014-4027
2014-06-23 00:00:00
CVE-2014-4654
2014-07-03 00:00:00
CVE-2014-5045
2014-08-01 00:00:00
osv
osv
linux-2.6 - security update
2014-12-09 00:00:00
debiancve
debiancve
CVE-2014-4654
2014-07-03 04:22:00
CVE-2014-4667
2014-07-03 04:22:00
CVE-2014-4653
2014-07-03 04:22:00
cve
cve
CVE-2014-4027
2014-06-23 11:21:00
CVE-2014-4653
2014-07-03 04:22:00
CVE-2014-4667
2014-07-03 04:22:00
exploitpack
exploitpack
Linux Kernel 3.13 - SGID Privilege Escalation
2014-06-21 00:00:00
seebug
seebug
Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)
2014-07-01 00:00:00
zdt
zdt
Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)
2014-06-22 00:00:00
debian
debian
[SECURITY] [DLA 103-1] linux-2.6 security update
2014-12-09 01:05:55
JSON
Related for UBUNTU_USN-2336-1.NASL
openvas40nessus41ubuntu6securityvulns5redhat4mageia8suse5amazon1oraclelinux13veracode15centos2prion12f54ubuntucve12osv1debiancve13cve13exploitpack1seebug1zdt1debian1