Basic search

K
openvasCopyright (C) 2017 Greenbone Networks GmbHOPENVAS:1361412562310843009
HistoryJan 12, 2017 - 12:00 a.m.

Ubuntu Update for linux-lts-trusty USN-3168-2

2017-01-1200:00:00
Copyright (C) 2017 Greenbone Networks GmbH
plugins.openvas.org
23

0.0004 Low

EPSS

Percentile

12.9%

The remote host is missing an update for the

###############################################################################
# OpenVAS Vulnerability Test
#
# Ubuntu Update for linux-lts-trusty USN-3168-2
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.843009");
  script_version("$Revision: 14140 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $");
  script_tag(name:"creation_date", value:"2017-01-12 05:38:25 +0100 (Thu, 12 Jan 2017)");
  script_cve_id("CVE-2016-9756", "CVE-2016-9793", "CVE-2016-9794", "CVE-2016-9806");
  script_tag(name:"cvss_base", value:"7.2");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"qod_type", value:"package");
  script_name("Ubuntu Update for linux-lts-trusty USN-3168-2");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'linux-lts-trusty'
  package(s) announced via the referenced advisory.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"insight", value:"USN-3168-1 fixed vulnerabilities in the Linux
  kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the
  Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
  12.04 LTS.

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
did not properly initialize the Code Segment (CS) in certain error cases. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2016-9756)

Andrey Konovalov discovered that signed integer overflows existed in the
setsockopt() system call when handling the SO_SNDBUFFORCE and
SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability
could use this to cause a denial of service (system crash or memory
corruption). (CVE-2016-9793)

Baozeng Ding discovered a race condition that could lead to a use-after-
free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash). (CVE-2016-9794)

Baozeng Ding discovered a double free in the netlink_dump() function in the
Linux kernel. A local attacker could use this to cause a denial of service
(system crash). (CVE-2016-9806)");
  script_tag(name:"affected", value:"linux-lts-trusty on Ubuntu 12.04 LTS");
  script_tag(name:"solution", value:"Please Install the Updated Packages.");

  script_xref(name:"USN", value:"3168-2");
  script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-3168-2/");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU12\.04 LTS");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "UBUNTU12.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"linux-image-3.13.0-107-generic", ver:"3.13.0-107.154~precise1", rls:"UBUNTU12.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"linux-image-3.13.0-107-generic-lpae", ver:"3.13.0-107.154~precise1", rls:"UBUNTU12.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"linux-image-generic-lpae-lts-trusty", ver:"3.13.0.107.98", rls:"UBUNTU12.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"linux-image-generic-lts-trusty", ver:"3.13.0.107.98", rls:"UBUNTU12.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

0.0004 Low

EPSS

Percentile

12.9%

Related for OPENVAS:1361412562310843009