Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2544-1.NASL
HistoryMar 25, 2015 - 12:00 a.m.

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2544-1)

2015-03-2500:00:00
Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28

7.7 High

AI Score

Confidence

High

JSON

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2544-1 advisory.

  • The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. (CVE-2013-7421)

  • The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem. (CVE-2014-7822)

  • The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.
    (CVE-2014-9644)

  • The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c. (CVE-2014-9728)

  • The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. (CVE-2014-9729)

  • The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. (CVE-2014-9730)

  • The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target’s name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c. (CVE-2014-9731)

  • The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access. (CVE-2015-0274)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2544-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82071);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");

  script_cve_id(
    "CVE-2013-7421",
    "CVE-2014-7822",
    "CVE-2014-9644",
    "CVE-2014-9728",
    "CVE-2014-9729",
    "CVE-2014-9730",
    "CVE-2014-9731",
    "CVE-2015-0274"
  );
  script_bugtraq_id(72320, 72322, 73156);
  script_xref(name:"USN", value:"2544-1");

  script_name(english:"Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2544-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in
the USN-2544-1 advisory.

  - The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a
    bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability
    than CVE-2014-9644. (CVE-2013-7421)

  - The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not
    enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of
    service (system crash) or possibly have unspecified other impact via a crafted splice system call, as
    demonstrated by use of a file descriptor associated with an ext4 filesystem. (CVE-2014-7822)

  - The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a
    bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name
    field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.
    (CVE-2014-9644)

  - The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths,
    which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted
    filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c. (CVE-2014-9728)

  - The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain
    data-structure size consistency, which allows local users to cause a denial of service (system crash) via
    a crafted UDF filesystem image. (CVE-2014-9729)

  - The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component
    lengths that are unused, which allows local users to cause a denial of service (system crash) via a
    crafted UDF filesystem image. (CVE-2014-9730)

  - The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is
    available for storing a symlink target's name along with a trailing \0 character, which allows local users
    to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and
    fs/udf/unicode.c. (CVE-2014-9731)

  - The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote
    attribute replacement, which allows local users to cause a denial of service (transaction overrun and data
    corruption) or possibly gain privileges by leveraging XFS filesystem access. (CVE-2015-0274)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2544-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0274");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2014-9730");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-powerpc-e500");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-powerpc-e500mc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-powerpc-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-powerpc64-emb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-powerpc64-smp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');
include('ksplice.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var kernel_mappings = {
  '14.04': {
    '3.13.0': {
      'generic': '3.13.0-48',
      'generic-lpae': '3.13.0-48',
      'lowlatency': '3.13.0-48',
      'powerpc-e500': '3.13.0-48',
      'powerpc-e500mc': '3.13.0-48',
      'powerpc-smp': '3.13.0-48',
      'powerpc64-emb': '3.13.0-48',
      'powerpc64-smp': '3.13.0-48'
    }
  }
};

var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);

var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
  extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
  else
{
  audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-2544-1');
}

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  var cve_list = make_list('CVE-2013-7421', 'CVE-2014-7822', 'CVE-2014-9644', 'CVE-2014-9728', 'CVE-2014-9729', 'CVE-2014-9730', 'CVE-2014-9731', 'CVE-2015-0274');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-2544-1');
  }
  else
  {
    extra = extra + ksplice_reporting_text();
  }
}
if (extra) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-image-3.13.0-48-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-generic
canonicalubuntu_linuxlinux-image-3.13.0-48-generic-lpaep-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-generic-lpae
canonicalubuntu_linuxlinux-image-3.13.0-48-lowlatencyp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-lowlatency
canonicalubuntu_linuxlinux-image-3.13.0-48-powerpc-e500p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-powerpc-e500
canonicalubuntu_linuxlinux-image-3.13.0-48-powerpc-e500mcp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-powerpc-e500mc
canonicalubuntu_linuxlinux-image-3.13.0-48-powerpc-smpp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-powerpc-smp
canonicalubuntu_linuxlinux-image-3.13.0-48-powerpc64-embp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-powerpc64-emb
canonicalubuntu_linuxlinux-image-3.13.0-48-powerpc64-smpp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-48-powerpc64-smp
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts

Related

ubuntu 10
openvas 45
nessus 48
f5 8
prion 8
debiancve 8
ubuntucve 8
veracode 6
cve 8
ibm 3
suse 9
redhat 7
oraclelinux 10
exploitpack 1
centos 4
debian 3
amazon 2
osv 4
securityvulns 2
exploitdb 1
mageia 4
ubuntu
ubuntu
Linux kernel (Trusty HWE) vulnerabilities
2015-03-24 00:00:00
Linux kernel vulnerabilities
2015-03-24 00:00:00
Linux kernel (OMAP4) vulnerabilities
2015-03-24 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2543-1)
2015-03-25 00:00:00
Ubuntu: Security Advisory (USN-2544-1)
2015-03-25 00:00:00
Ubuntu: Security Advisory (USN-2541-1)
2015-03-25 00:00:00
nessus
nessus
Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2543-1)
2015-03-25 00:00:00
Mandriva Linux Security Advisory : kernel (MDVSA-2015:057)
2015-03-19 00:00:00
SUSE SLED12 / SLES12 Security Update : SUSE Linux Enterprise 12 kernel (SUSE-SU-2015:1324-1)
2015-08-03 00:00:00
f5
f5
SOL17447 - Linux kernel UDF vulnerabilities CVE-2014-9728, CVE-2014-9729, and CVE-2014-9730
2015-10-16 00:00:00
K17447 : Linux kernel UDF vulnerabilities CVE-2014-9728, CVE-2014-9729, and CVE-2014-9730
2015-10-16 00:00:00
K16427 : Linux kernel vulnerability CVE-2013-7421
2015-04-14 00:00:00
prion
prion
Design/Logic Flaw
2015-03-02 11:59:00
Code injection
2015-03-02 11:59:00
Design/Logic Flaw
2015-08-31 10:59:00
debiancve
debiancve
CVE-2013-7421
2015-03-02 11:59:00
CVE-2014-9644
2015-03-02 11:59:00
CVE-2014-9731
2015-08-31 10:59:00
ubuntucve
ubuntucve
CVE-2014-9644
2014-12-31 00:00:00
CVE-2013-7421
2013-12-31 00:00:00
CVE-2014-9728
2014-12-31 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 09:09:54
Denial Of Service (DoS)
2019-05-02 05:12:38
Denial Of Service (DoS)
2019-01-15 09:04:29
cve
cve
CVE-2013-7421
2015-03-02 11:59:00
CVE-2014-9644
2015-03-02 11:59:00
CVE-2014-9728
2015-08-31 10:59:00
ibm
ibm
Security Bulletin: Multiple Kernel vulnerabilities affect PowerKVM (Multiple CVEs)
2018-06-18 01:28:02
Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM
2018-06-18 01:29:25
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-06-18 01:33:24
suse
suse
Security update for the SUSE Linux Enterprise 12 kernel (important)
2015-07-31 10:08:48
Security update for the Linux Kernel (important)
2015-07-10 16:08:16
Security update for the Linux Kernel (important)
2015-09-22 10:09:40
redhat
redhat
(RHSA-2016:0068) Important: kernel-rt security update
2016-01-26 00:00:00
(RHSA-2015:0694) Important: kernel-rt security, bug fix, and enhancement update
2015-03-17 00:00:00
(RHSA-2015:0164) Moderate: kernel security and bug fix update
2015-02-10 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2016-01-08 00:00:00
kernel security and bug fix update
2015-02-11 00:00:00
kernel security and bug fix update
2015-02-11 00:00:00
exploitpack
exploitpack
Linux Kernel 3.133.14 (Ubuntu) - splice() System Call Local Denial of Service
2015-04-13 00:00:00
centos
centos
kernel security update
2015-02-11 05:47:40
kernel, perf, python security update
2015-03-12 15:31:30
kernel, perf, python security update
2015-01-29 23:49:27
debian
debian
[SECURITY] [DLA 246-1] linux-2.6 security update
2015-06-17 11:25:00
[SECURITY] [DLA 246-2] linux-2.6 regression update
2015-06-17 19:06:53
[SECURITY] [DSA 3170-1] linux security update
2015-02-23 17:42:49
amazon
amazon
Medium: kernel
2015-03-05 09:31:00
Medium: kernel
2015-02-11 19:34:00
osv
osv
linux-2.6 - security update
2015-06-17 00:00:00
linux-2.6 - security update
2015-06-17 00:00:00
linux - security update
2015-02-23 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3170-1] linux security update
2015-03-07 00:00:00
Linux kernel multiple security vulnerabilities
2015-03-15 00:00:00
exploitdb
exploitdb
Linux Kernel 3.13/3.14 (Ubuntu) - &#039;splice()&#039; System Call Local Denial of Service
2015-04-13 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2015-02-17 21:38:13
Updated kernel-linus packages fix security vulnerabilities
2015-02-19 17:43:07
Updated kernel-tmb packages fix security vulnerabilities
2015-02-19 17:43:07

7.7 High

AI Score

Confidence

High

JSON
Related for UBUNTU_USN-2544-1.NASL
ubuntu10openvas45nessus48f58prion8debiancve8ubuntucve8veracode6cve8ibm3suse9redhat7oraclelinux10exploitpack1centos4debian3amazon2osv4securityvulns2exploitdb1mageia4