Ubuntu Update for linux USN-1756-1

Ubuntu Update for linux USN-1756-1. Check for the Version of linux. A failure to validate input in the Linux kernel's Xen netback (network backend) driver could lead to a denial of service to the guest OS and other guest domains. Memory leak in the Xen netback driver could cause a denial of service on the system. Flaw with the xen_iret function could lead to a denial of service or gain guest OS privilege. A local root user with all capabilities dropped could execute code with full root capabilities. Information leak in the Bluetooth stack could lead to an information leak from the kernel. VFAT filesystem driver flaw could allow an unprivileged user to gain root privileges

Reporter	Title	Published	Views	Family All 486
0day.today	Linux Kernel 'MSR' Driver Local Privilege Escalation	3 Aug 201300:00	–	zdt
0day.today	Linux Kernel MSR Driver Privilege Escalation Vulnerability	5 Aug 201300:00	–	zdt
Amazon	Medium: kernel	11 Jun 201300:00	–	amazon
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2013-200)	4 Sep 201300:00	–	nessus
Tenable Nessus	CentOS 6 : kernel (CESA-2013:0496)	10 Mar 201300:00	–	nessus
Tenable Nessus	CentOS 5 : kernel (CESA-2013:0621)	13 Mar 201300:00	–	nessus
Tenable Nessus	CentOS 6 : kernel (CESA-2013:0630)	15 Mar 201300:00	–	nessus
Tenable Nessus	CentOS 6 : kernel (CESA-2013:0744)	25 Apr 201300:00	–	nessus
Tenable Nessus	CentOS 5 : kernel (CESA-2013:0747)	17 Apr 201300:00	–	nessus
Tenable Nessus	Debian DLA-103-1 : linux-2.6 security update	26 Mar 201500:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/usn/usn-1756-1/

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1756_1.nasl 8526 2018-01-25 06:57:37Z teissa $
#
# Ubuntu Update for linux USN-1756-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "A failure to validate input was discovered in the Linux kernel's Xen
  netback (network backend) driver. A user in a guest OS may exploit this
  flaw to cause a denial of service to the guest OS and other guest domains.
  (CVE-2013-0216)

  A memory leak was discovered in the Linux kernel's Xen netback (network
  backend) driver. A user in a guest OS could trigger this flaw to cause a
  denial of service on the system. (CVE-2013-0217)

  Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
  Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
  guest OS user could exploit this flaw to cause a denial of service (crash
  the system) or gain guest OS privilege. (CVE-2013-0228)

  A flaw was reported in the permission checks done by the Linux kernel for
  /dev/cpu/*/msr. A local root user with all capabilities dropped could
  exploit this flaw to execute code with full root capabilities.
  (CVE-2013-0268)

  A flaw was discovered in the Linux kernel's vhost driver used to accelerate
  guest networking in KVM based virtual machines. A privileged guest user
  could exploit this flaw to crash the host system. (CVE-2013-0311)

  An information leak was discovered in the Linux kernel's Bluetooth stack
  when HIDP (Human Interface Device Protocol) support is enabled. A local
  unprivileged user could exploit this flaw to cause an information leak from
  the kernel. (CVE-2013-0349)

  A flaw was discovered on the Linux kernel's VFAT filesystem driver when a
  disk is mounted with the utf8 option (this is the default on Ubuntu). On a
  system where disks/images can be auto-mounted or a FAT filesystem is
  mounted an unprivileged user can exploit the flaw to gain root privileges.
  (CVE-2013-1773)";


tag_affected = "linux on Ubuntu 11.10";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-1756-1/");
  script_id(841351);
  script_version("$Revision: 8526 $");
  script_tag(name:"last_modification", value:"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $");
  script_tag(name:"creation_date", value:"2013-03-08 10:22:33 +0530 (Fri, 08 Mar 2013)");
  script_cve_id("CVE-2013-0216", "CVE-2013-0217", "CVE-2013-0228", "CVE-2013-0268",
                "CVE-2013-0311", "CVE-2013-0349", "CVE-2013-1773");
  script_tag(name:"cvss_base", value:"6.5");
  script_tag(name:"cvss_base_vector", value:"AV:A/AC:H/Au:S/C:C/I:C/A:C");
  script_xref(name: "USN", value: "1756-1");
  script_name("Ubuntu Update for linux USN-1756-1");

  script_tag(name: "summary" , value: "Check for the Version of linux");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-deb.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "UBUNTU11.10")
{

  if ((res = isdpkgvuln(pkg:"linux-image-3.0.0-32-generic", ver:"3.0.0-32.50", rls:"UBUNTU11.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"linux-image-3.0.0-32-generic-pae", ver:"3.0.0-32.50", rls:"UBUNTU11.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"linux-image-3.0.0-32-omap", ver:"3.0.0-32.50", rls:"UBUNTU11.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"linux-image-3.0.0-32-powerpc", ver:"3.0.0-32.50", rls:"UBUNTU11.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"linux-image-3.0.0-32-powerpc-smp", ver:"3.0.0-32.50", rls:"UBUNTU11.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"linux-image-3.0.0-32-powerpc64-smp", ver:"3.0.0-32.50", rls:"UBUNTU11.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"linux-image-3.0.0-32-server", ver:"3.0.0-32.50", rls:"UBUNTU11.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"linux-image-3.0.0-32-virtual", ver:"3.0.0-32.50", rls:"UBUNTU11.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

25 Jan 2018 00:00Current

0.1Low risk

Vulners AI Score0.1

EPSS0.02897