Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2016-2024 Canonical, Inc. / NASL script (C) 2016-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2971-2.NASL
HistoryMay 12, 2016 - 12:00 a.m.

Ubuntu 14.04 LTS : Linux kernel (Wily HWE) vulnerabilities (USN-2971-2)

2016-05-1200:00:00
Ubuntu Security Notice (C) 2016-2024 Canonical, Inc. / NASL script (C) 2016-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
38

7.2 High

AI Score

Confidence

High

JSON

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2971-2 advisory.

  • The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints. (CVE-2015-7515)

  • The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
    (CVE-2016-0821)

  • The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
    (CVE-2016-2184)

  • The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-2185)

  • The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-2186)

  • The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-2188)

  • The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. (CVE-2016-3136)

  • drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. (CVE-2016-3137)

  • The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. (CVE-2016-3138)

  • The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)

  • The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. (CVE-2016-3156)

  • The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context- switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.
    (CVE-2016-3157)

  • The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. (CVE-2016-3689)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2971-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(91093);
  script_version("2.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");

  script_cve_id(
    "CVE-2015-7515",
    "CVE-2016-0821",
    "CVE-2016-2184",
    "CVE-2016-2185",
    "CVE-2016-2186",
    "CVE-2016-2188",
    "CVE-2016-3136",
    "CVE-2016-3137",
    "CVE-2016-3138",
    "CVE-2016-3140",
    "CVE-2016-3156",
    "CVE-2016-3157",
    "CVE-2016-3689"
  );
  script_xref(name:"USN", value:"2971-2");

  script_name(english:"Ubuntu 14.04 LTS : Linux kernel (Wily HWE) vulnerabilities (USN-2971-2)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in
the USN-2971-2 advisory.

  - The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows
    physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash)
    via a crafted USB device that lacks endpoints. (CVE-2015-7515)

  - The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1
    before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it
    easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an
    uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
    (CVE-2016-0821)

  - The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux
    kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer
    dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
    (CVE-2016-2184)

  - The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows
    physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash)
    via a crafted endpoints value in a USB device descriptor. (CVE-2016-2185)

  - The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows
    physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash)
    via a crafted endpoints value in a USB device descriptor. (CVE-2016-2186)

  - The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows
    physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash)
    via a crafted endpoints value in a USB device descriptor. (CVE-2016-2188)

  - The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1
    allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system
    crash) via a crafted USB device without two interrupt-in endpoint descriptors. (CVE-2016-3136)

  - drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to
    cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an
    interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and
    cypress_open functions. (CVE-2016-3137)

  - The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically
    proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB
    device without both a control and a data endpoint descriptor. (CVE-2016-3138)

  - The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1
    allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system
    crash) via a crafted endpoints value in a USB device descriptor. (CVE-2016-3140)

  - The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which
    allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large
    number of IP addresses. (CVE-2016-3156)

  - The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-
    switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial
    of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.
    (CVE-2016-3157)

  - The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1
    allows physically proximate attackers to cause a denial of service (system crash) via a USB device without
    both a master and a slave interface. (CVE-2016-3689)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2971-2");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3157");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/05/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-powerpc-e500mc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-powerpc-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-powerpc64-emb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-powerpc64-smp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2016-2024 Canonical, Inc. / NASL script (C) 2016-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');
include('ksplice.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var kernel_mappings = {
  '14.04': {
    '4.2.0': {
      'generic': '4.2.0-36',
      'generic-lpae': '4.2.0-36',
      'lowlatency': '4.2.0-36',
      'powerpc-e500mc': '4.2.0-36',
      'powerpc-smp': '4.2.0-36',
      'powerpc64-emb': '4.2.0-36',
      'powerpc64-smp': '4.2.0-36'
    }
  }
};

var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);

var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
  extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
  else
{
  audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-2971-2');
}

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  var cve_list = make_list('CVE-2015-7515', 'CVE-2016-0821', 'CVE-2016-2184', 'CVE-2016-2185', 'CVE-2016-2186', 'CVE-2016-2188', 'CVE-2016-3136', 'CVE-2016-3137', 'CVE-2016-3138', 'CVE-2016-3140', 'CVE-2016-3156', 'CVE-2016-3157', 'CVE-2016-3689');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-2971-2');
  }
  else
  {
    extra = extra + ksplice_reporting_text();
  }
}
if (extra) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-image-4.2.0-36-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-generic
canonicalubuntu_linuxlinux-image-4.2.0-36-generic-lpaep-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-generic-lpae
canonicalubuntu_linuxlinux-image-4.2.0-36-lowlatencyp-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-lowlatency
canonicalubuntu_linuxlinux-image-4.2.0-36-powerpc-e500mcp-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-powerpc-e500mc
canonicalubuntu_linuxlinux-image-4.2.0-36-powerpc-smpp-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-powerpc-smp
canonicalubuntu_linuxlinux-image-4.2.0-36-powerpc64-embp-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-powerpc64-emb
canonicalubuntu_linuxlinux-image-4.2.0-36-powerpc64-smpp-cpe:/a:canonical:ubuntu_linux:linux-image-4.2.0-36-powerpc64-smp
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts

Related

nessus 43
ubuntu 17
openvas 30
cloudfoundry 2
fedora 4
suse 7
ubuntucve 14
cve 14
debiancve 14
prion 14
debian 3
osv 2
f5 4
zdt 5
packetstorm 9
exploitpack 1
xen 1
thn 1
android 3
redhat 2
exploitdb 1
oraclelinux 5
talosblog 1
securityvulns 1
amazon 1
nessus
nessus
Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-2971-3)
2016-05-12 00:00:00
Ubuntu 15.10 : linux vulnerabilities (USN-2971-1)
2016-05-12 00:00:00
Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-2970-1)
2016-05-12 00:00:00
ubuntu
ubuntu
Linux kernel (Wily HWE) vulnerabilities
2016-05-09 00:00:00
Linux kernel (Raspberry Pi 2) vulnerabilities
2016-05-09 00:00:00
Linux kernel vulnerabilities
2016-05-09 00:00:00
openvas
openvas
Ubuntu Update for linux-raspi2 USN-2971-3
2016-05-10 00:00:00
Ubuntu Update for linux USN-2971-1
2016-05-10 00:00:00
Ubuntu Update for linux-lts-wily USN-2971-2
2016-05-10 00:00:00
cloudfoundry
cloudfoundry
USN-2970-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
2016-06-03 00:00:00
CVE-2015-3636 - ipv4 use-after-free | Cloud Foundry
2015-06-12 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: kernel-4.4.6-301.fc23
2016-04-08 15:55:57
[SECURITY] Fedora 22 Update: kernel-4.4.6-201.fc22
2016-04-08 20:25:32
[SECURITY] Fedora 24 Update: kernel-4.5.0-302.fc24
2016-04-02 15:56:50
suse
suse
Security update for the Linux Kernel (important)
2016-05-23 16:08:27
Security update for the Linux Kernel (important)
2016-06-28 16:08:01
Security update for the Linux Kernel (important)
2016-06-30 20:07:50
ubuntucve
ubuntucve
CVE-2016-0821
2016-03-12 00:00:00
CVE-2015-7515
2016-04-27 00:00:00
CVE-2016-2184
2016-04-27 00:00:00
cve
cve
CVE-2016-0821
2016-03-12 21:59:00
CVE-2015-7515
2016-04-27 17:59:00
CVE-2016-2184
2016-04-27 17:59:00
debiancve
debiancve
CVE-2016-0821
2016-03-12 21:59:00
CVE-2015-7515
2016-04-27 17:59:00
CVE-2016-3689
2016-05-02 10:59:00
prion
prion
Design/Logic Flaw
2016-03-12 21:59:00
Null pointer dereference
2016-04-27 17:59:00
Design/Logic Flaw
2016-04-12 16:59:00
debian
debian
[SECURITY] [DLA 516-1] linux security update
2016-06-17 12:12:11
[SECURITY] [DSA 3607-1] linux security update
2016-06-28 09:56:48
[SECURITY] [DSA 3607-1] linux security update
2016-06-28 09:56:48
osv
osv
linux - security update
2016-06-17 00:00:00
linux - security update
2016-06-28 00:00:00
f5
f5
SOL24642829 - Linux kernel vulnerability CVE-2015-7515
2016-07-08 00:00:00
K24642829 : Linux kernel vulnerability CVE-2015-7515
2016-07-08 00:00:00
SOL17246 - Linux kernel vulnerability CVE-2015-3636
2015-09-08 00:00:00
zdt
zdt
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'aiptek' Nullpointer Dereference
2016-03-09 00:00:00
Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'snd-usb-audio' Crash (PoC)
2016-03-14 00:00:00
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'digi_acceleport' Nullpointer Dereference
2016-03-09 00:00:00
packetstorm
packetstorm
Linux aiptek Null Pointer Dereference
2016-03-09 00:00:00
Linux snd-usb-audio Denial Of Service
2016-03-12 00:00:00
Linux ati_remote2 Null Pointer Dereference
2016-03-12 00:00:00
exploitpack
exploitpack
Linux Kernel 3.10.0 (CentOS RHEL 7.1) - aiptek Nullpointer Dereference
2016-03-09 00:00:00
xen
xen
I/O port access privilege escalation in x86-64 Linux
2016-03-16 19:00:00
thn
thn
New Android Malware Secretly Records Phone Calls and Steals Private Data
2018-04-03 14:21:00
android
android
CVE-2016-2184
2016-11-01 00:00:00
CVE-2015-3636
2015-09-01 00:00:00
PingPongRoot
2015-05-08 00:00:00
redhat
redhat
(RHSA-2015:1643) Moderate: kernel security and bug fix update
2015-08-18 00:00:00
(RHSA-2015:1583) Moderate: kernel security and bug fix update
2015-08-11 00:00:00
exploitdb
exploitdb
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - &#039;aiptek&#039; Nullpointer Dereference
2016-03-09 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2016-12-21 00:00:00
kernel-uek security update
2016-03-28 00:00:00
Unbreakable Enterprise kernel security update
2016-12-21 00:00:00
talosblog
talosblog
Fake AV Investigation Unearths KevDroid, New Android Malware
2018-04-02 08:48:00
securityvulns
securityvulns
[USN-2634-1] Linux kernel vulnerabilities
2015-06-13 00:00:00
amazon
amazon
Medium: kernel
2015-05-14 14:27:00

7.2 High

AI Score

Confidence

High

JSON
Related for UBUNTU_USN-2971-2.NASL
nessus43ubuntu17openvas30cloudfoundry2fedora4suse7ubuntucve14cve14debiancve14prion14debian3osv2f54zdt5packetstorm9exploitpack1xen1thn1android3redhat2exploitdb1oraclelinux5talosblog1securityvulns1amazon1