Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3018-2.NASL
HistoryJun 28, 2016 - 12:00 a.m.

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3018-2)

2016-06-2800:00:00
Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
36
JSON

USN-3018-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS.

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997)

Kangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory.
(CVE-2016-4482)

Jann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)

Kangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory.
(CVE-2016-4569, CVE-2016-4578)

Kangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory.
(CVE-2016-4580)

It was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory.
(CVE-2016-4913)

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2016-4998).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3018-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(91881);
  script_version("2.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/12");

  script_cve_id("CVE-2016-4482", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4913", "CVE-2016-4997", "CVE-2016-4998");
  script_xref(name:"USN", value:"3018-2");

  script_name(english:"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3018-2)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description",
    value:
"USN-3018-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.

Jesse Hertz and Tim Newsham discovered that the Linux netfilter
implementation did not correctly perform validation when handling 32
bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A
local unprivileged attacker could use this to cause a denial of
service (system crash) or execute arbitrary code with administrative
privileges. (CVE-2016-4997)

Kangjie Lu discovered an information leak in the core USB
implementation in the Linux kernel. A local attacker could use this to
obtain potentially sensitive information from kernel memory.
(CVE-2016-4482)

Jann Horn discovered that the InfiniBand interfaces within the Linux
kernel could be coerced into overwriting kernel memory. A local
unprivileged attacker could use this to possibly gain administrative
privileges on systems where InifiniBand related kernel modules are
loaded. (CVE-2016-4565)

Kangjie Lu discovered an information leak in the timer handling
implementation in the Advanced Linux Sound Architecture (ALSA)
subsystem of the Linux kernel. A local attacker could use this to
obtain potentially sensitive information from kernel memory.
(CVE-2016-4569, CVE-2016-4578)

Kangjie Lu discovered an information leak in the X.25 Call Request
handling in the Linux kernel. A local attacker could use this to
obtain potentially sensitive information from kernel memory.
(CVE-2016-4580)

It was discovered that an information leak exists in the Rock Ridge
implementation in the Linux kernel. A local attacker who is able to
mount a malicious iso9660 file system image could exploit this flaw to
obtain potentially sensitive information from kernel memory.
(CVE-2016-4913)

Jesse Hertz and Tim Newsham discovered that the Linux netfilter
implementation did not correctly perform validation when handling
IPT_SO_SET_REPLACE events. A local unprivileged attacker could use
this to cause a denial of service (system crash) or obtain potentially
sensitive information from kernel memory. (CVE-2016-4998).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3018-2/"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Update the affected linux-image-3.13-generic and / or
linux-image-3.13-generic-lpae packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
var release = chomp(release);
if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2016-4482", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4913", "CVE-2016-4997", "CVE-2016-4998");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3018-2");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

var flag = 0;

if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-91-generic", pkgver:"3.13.0-91.138~precise1")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-91-generic-lpae", pkgver:"3.13.0-91.138~precise1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.13-generic / linux-image-3.13-generic-lpae");
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-image-3.13-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic
canonicalubuntu_linuxlinux-image-3.13-generic-lpaep-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae
canonicalubuntu_linux12.04cpe:/o:canonical:ubuntu_linux:12.04:-:lts

Related

nessus 54
openvas 30
ubuntu 13
cloudfoundry 1
oraclelinux 10
suse 10
redhat 8
fedora 4
amazon 2
prion 8
f5 3
ubuntucve 8
redhatcve 7
centos 2
debiancve 8
cve 8
veracode 4
ibm 1
packetstorm 3
zdt 3
exploitpack 2
metasploit 1
exploitdb 3
osv 2
debian 3
photon 1
nessus
nessus
Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-3019-1)
2016-06-28 00:00:00
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3018-1)
2016-06-28 00:00:00
Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-3017-2)
2016-06-28 00:00:00
openvas
openvas
Ubuntu Update for linux-lts-utopic USN-3019-1
2016-06-28 00:00:00
Ubuntu Update for linux-lts-trusty USN-3018-2
2016-06-28 00:00:00
Ubuntu Update for linux USN-3018-1
2016-06-28 00:00:00
ubuntu
ubuntu
Linux kernel (Utopic HWE) vulnerabilities
2016-06-27 00:00:00
Linux kernel vulnerabilities
2016-06-27 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2016-06-27 00:00:00
cloudfoundry
cloudfoundry
USN 3020-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
2016-07-01 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2016-09-22 00:00:00
Unbreakable Enterprise kernel security update
2016-09-22 00:00:00
Unbreakable Enterprise kernel security update
2016-09-22 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2016-06-30 21:07:43
Security update for the Linux Kernel (important)
2016-06-30 21:09:07
Security update for the Linux Kernel (important)
2016-08-08 20:09:26
redhat
redhat
(RHSA-2016:1883) Important: kernel-rt security and bug fix update
2016-09-14 14:42:27
(RHSA-2016:1875) Important: kernel-rt security and bug fix update
2016-09-14 14:34:58
(RHSA-2016:1847) Important: kernel security, bug fix, and enhancement update
2016-09-14 14:34:54
fedora
fedora
[SECURITY] Fedora 22 Update: kernel-4.4.14-200.fc22
2016-07-19 07:20:52
[SECURITY] Fedora 23 Update: kernel-4.4.9-300.fc23
2016-05-12 07:33:17
[SECURITY] Fedora 24 Update: kernel-4.5.3-300.fc24
2016-05-08 10:31:39
amazon
amazon
Medium: kernel
2016-06-24 22:21:00
Low: kernel
2016-06-02 17:36:00
prion
prion
Out-of-bounds
2016-07-03 21:59:00
Design/Logic Flaw
2016-05-23 10:59:00
Design/Logic Flaw
2016-05-23 10:59:00
f5
f5
K74171196 : Linux kernel vulnerability CVE-2016-4998
2017-02-22 00:00:00
SOL02254805 - InfiniBand vulnerability in the Linux Kernel CVE-2016-4565
2016-11-07 00:00:00
K02254805 : InfiniBand vulnerability in the Linux kernel CVE-2016-4565
2016-11-07 00:00:00
ubuntucve
ubuntucve
CVE-2016-4998
2016-06-24 00:00:00
CVE-2016-4482
2016-05-23 00:00:00
CVE-2016-4913
2016-05-23 00:00:00
redhatcve
redhatcve
CVE-2016-4998
2016-06-27 06:49:23
CVE-2016-4580
2016-05-23 12:18:24
CVE-2016-4997
2016-06-27 06:49:15
centos
centos
kernel, perf, python security update
2016-09-19 15:43:06
kernel, perf, python security update
2016-07-12 19:12:15
debiancve
debiancve
CVE-2016-4482
2016-05-23 10:59:00
CVE-2016-4998
2016-07-03 21:59:00
CVE-2016-4580
2016-05-23 10:59:00
cve
cve
CVE-2016-4998
2016-07-03 21:59:00
CVE-2016-4482
2016-05-23 10:59:00
CVE-2016-4997
2016-07-03 21:59:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:14:51
Denial Of Service (DoS)
2019-05-02 05:49:27
Memory Corruption
2019-05-16 03:18:21
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-06-18 01:34:02
packetstorm
packetstorm
Linux Kernel 4.6.3 Netfilter Privilege Escalation
2016-11-23 00:00:00
Linux Kernel 4.6.3 Netfilter Privilege Escalation
2016-09-27 00:00:00
Linux Kernel 4.4 (Ubuntu 16.04) snd_timer_user_ccallback() Kernel Pointer Leak
2019-03-11 00:00:00
zdt
zdt
Linux Kernel 4.6.3 Netfilter Privilege Escalation Vulnerability
2016-09-27 00:00:00
Linux Kernel 4.6.3 Netfilter Privilege Escalation Exploit
2016-11-24 00:00:00
Linux Kernel 4.4 (Ubuntu 16.04) - snd_timer_user_ccallback() Kernel Pointer Leak Exploit
2019-03-11 00:00:00
exploitpack
exploitpack
Linux Kernel 4.6.2 (Ubuntu 16.04.1) - IP6T_SO_SET_REPLACE Local Privilege Escalation
2016-10-10 00:00:00
Linux Kernel 4.4 (Ubuntu 16.04) - snd_timer_user_ccallback() Kernel Pointer Leak
2019-03-11 00:00:00
metasploit
metasploit
Linux Kernel 4.6.3 Netfilter Privilege Escalation
2016-11-18 18:52:09
exploitdb
exploitdb
Linux Kernel 4.6.2 (Ubuntu 16.04.1) - &#039;IP6T_SO_SET_REPLACE&#039; Local Privilege Escalation
2016-10-10 00:00:00
Linux Kernel 4.6.3 (x86) - &#039;Netfilter&#039; Local Privilege Escalation (Metasploit)
2016-09-27 00:00:00
Linux Kernel 4.4 (Ubuntu 16.04) - &#039;snd_timer_user_ccallback()&#039; Kernel Pointer Leak
2019-03-11 00:00:00
osv
osv
linux - security update
2016-06-28 00:00:00
linux - security update
2016-06-17 00:00:00
debian
debian
[SECURITY] [DSA 3607-1] linux security update
2016-06-28 09:56:48
[SECURITY] [DSA 3607-1] linux security update
2016-06-28 09:56:48
[SECURITY] [DLA 516-1] linux security update
2016-06-17 12:12:11
photon
photon
Moderate Photon OS Security Update - PHSA-2016-0007
2016-10-21 00:00:00
JSON
Related for UBUNTU_USN-3018-2.NASL
nessus54openvas30ubuntu13cloudfoundry1oraclelinux10suse10redhat8fedora4amazon2prion8f53ubuntucve8redhatcve7centos2debiancve8cve8veracode4ibm1packetstorm3zdt3exploitpack2metasploit1exploitdb3osv2debian3photon1