Lucene search

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)

Ubuntu 12.04 LTS Linux vulnerabilities including file descriptor, USB driver, SCTP, TLS, race condition, and sound architecture vulnerabilitie

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
Ubuntu	Linux kernel vulnerabilities	9 May 201600:00	–	ubuntu
Ubuntu	Linux kernel (OMAP4) vulnerabilities	9 May 201600:00	–	ubuntu
Ubuntu	Linux kernel (Vivid HWE) vulnerabilities	14 Mar 201600:00	–	ubuntu
Ubuntu	Linux kernel (Trusty HWE) vulnerabilities	14 Mar 201600:00	–	ubuntu
Ubuntu	Linux kernel vulnerabilities	14 Mar 201600:00	–	ubuntu
Ubuntu	Linux kernel (Utopic HWE) vulnerabilities	14 Mar 201600:00	–	ubuntu
Ubuntu	Linux kernel (Raspberry Pi 2) vulnerabilities	16 Mar 201600:00	–	ubuntu
Ubuntu	Linux kernel vulnerabilities	14 Mar 201600:00	–	ubuntu
Ubuntu	Linux kernel (Wily HWE) vulnerabilities	14 Mar 201600:00	–	ubuntu
Ubuntu	Linux kernel (Utopic HWE) regression	11 Apr 201600:00	–	ubuntu

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2967-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(91087);
  script_version("2.25");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/12");

  script_cve_id("CVE-2013-4312", "CVE-2015-1805", "CVE-2015-7515", "CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8767", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-0821", "CVE-2016-2069", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847");
  script_xref(name:"USN", value:"2967-1");

  script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description",
    value:
"It was discovered that the Linux kernel did not properly enforce
rlimits for file descriptors sent over UNIX domain sockets. A local
attacker could use this to cause a denial of service. (CVE-2013-4312)

Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in
the Linux kernel did not properly sanity check the endpoints reported
by the device. An attacker with physical access could cause a denial
of service (system crash). (CVE-2015-7515)

Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly sanity check the endpoints reported by
the device. An attacker with physical access could cause a denial of
service (system crash). (CVE-2015-7566)

Ralf Spenneberg discovered that the usbvision driver in the Linux
kernel did not properly sanity check the interfaces and endpoints
reported by the device. An attacker with physical access could cause a
denial of service (system crash). (CVE-2015-7833)

It was discovered that a race condition existed when handling
heartbeat- timeout events in the SCTP implementation of the Linux
kernel. A remote attacker could use this to cause a denial of service.
(CVE-2015-8767)

Venkatesh Pottem discovered a use-after-free vulnerability in the
Linux kernel's CXGB3 driver. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2015-8812)

It was discovered that a race condition existed in the ioctl handler
for the TTY driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or expose sensitive
information. (CVE-2016-0723)

It was discovered that the Linux kernel did not keep accurate track of
pipe buffer details when error conditions occurred, due to an
incomplete fix for CVE-2015-1805. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code with administrative privileges. (CVE-2016-0774)

Zach Riggle discovered that the Linux kernel's list poison feature did
not take into account the mmap_min_addr value. A local attacker could
use this to bypass the kernel's poison-pointer protection mechanism
while attempting to exploit an existing kernel vulnerability.
(CVE-2016-0821)

Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local
attacker could use this to cause a denial of service or possibly leak
sensitive information. (CVE-2016-2069)

Dmitry Vyukov discovered that the Advanced Linux Sound Architecture
(ALSA) framework did not verify that a FIFO was attached to a client
before attempting to clear it. A local attacker could use this to
cause a denial of service (system crash). (CVE-2016-2543)

Dmitry Vyukov discovered that a race condition existed in the Advanced
Linux Sound Architecture (ALSA) framework between timer setup and
closing of the client, resulting in a use-after-free. A local attacker
could use this to cause a denial of service. (CVE-2016-2544)

Dmitry Vyukov discovered a race condition in the timer handling
implementation of the Advanced Linux Sound Architecture (ALSA)
framework, resulting in a use-after-free. A local attacker could use
this to cause a denial of service (system crash). (CVE-2016-2545)

Dmitry Vyukov discovered race conditions in the Advanced Linux Sound
Architecture (ALSA) framework's timer ioctls leading to a
use-after-free. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2016-2546)

Dmitry Vyukov discovered that the Advanced Linux Sound Architecture
(ALSA) framework's handling of high resolution timers did not properly
manage its data structures. A local attacker could use this to cause a
denial of service (system hang or crash) or possibly execute arbitrary
code. (CVE-2016-2547, CVE-2016-2548)

Dmitry Vyukov discovered that the Advanced Linux Sound Architecture
(ALSA) framework's handling of high resolution timers could lead to a
deadlock condition. A local attacker could use this to cause a denial
of service (system hang). (CVE-2016-2549)

Ralf Spenneberg discovered that the USB driver for Treo devices in the
Linux kernel did not properly sanity check the endpoints reported by
the device. An attacker with physical access could cause a denial of
service (system crash). (CVE-2016-2782)

It was discovered that the Linux kernel did not enforce limits on the
amount of data allocated to buffer pipes. A local attacker could use
this to cause a denial of service (resource exhaustion).
(CVE-2016-2847).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/2967-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/05/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
var release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2013-4312", "CVE-2015-1805", "CVE-2015-7515", "CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8767", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-0821", "CVE-2016-2069", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2967-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

var flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-102-generic", pkgver:"3.2.0-102.142")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-102-generic-pae", pkgver:"3.2.0-102.142")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-102-highbank", pkgver:"3.2.0-102.142")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-102-virtual", pkgver:"3.2.0-102.142")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 May 2016 00:00Current

8.3High risk

Vulners AI Score8.3

CVSS210

CVSS39.8

EPSS0.08346