Vulners
Lucene search
Ubuntu Update for linux-ec2 USN-2129-1
🗓️ 12 Mar 2014 00:00:00Reported by Copyright (C) 2014 Greenbone Networks GmbHType 
openvas🔗 plugins.openvas.org👁 30 Views
| Reporter | Title | Published | Views | Family All 966 |
|---|---|---|---|---|
 | Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt25 | 21 Jun 201400:00 | – | altlinux |
| Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt17 | 9 Jan 201400:00 | – | altlinux |
| Security fix for the ALT Linux 7 package kernel-src-kvm version 3.10.21-alt1 | 20 Dec 201300:00 | – | altlinux |
| Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt16 | 20 Dec 201300:00 | – | altlinux |
| Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt18 | 13 Feb 201400:00 | – | altlinux |
 | Linux Kernel /dev/ptmx Key Stroke Timing Local Disclosure | 5 Feb 201300:00 | – | zdt |
 | CVE-2013-0160 | 18 Feb 201304:41 | – | attackerkb |
 | Low: kernel | 11 Dec 201300:00 | – | amazon |
| Medium: kernel | 26 Feb 201400:00 | – | amazon |
 | Amazon Linux AMI : kernel (ALAS-2013-258) | 14 Dec 201300:00 | – | nessus |
10
| Source | Link |
|---|---|
| ubuntu | www.ubuntu.com/usn/usn-2129-1/ |
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_2129_1.nasl 7957 2017-12-01 06:40:08Z santu $
#
# Ubuntu Update for linux-ec2 USN-2129-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
if(description)
{
script_id(841748);
script_version("$Revision: 7957 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $");
script_tag(name:"creation_date", value:"2014-03-12 09:42:24 +0530 (Wed, 12 Mar 2014)");
script_cve_id("CVE-2013-0160", "CVE-2013-2929", "CVE-2013-4587", "CVE-2013-6367",
"CVE-2013-6380", "CVE-2013-6382", "CVE-2013-7027", "CVE-2013-7266",
"CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270",
"CVE-2013-7271", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446",
"CVE-2014-1874");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_name("Ubuntu Update for linux-ec2 USN-2129-1");
tag_insight = "An information leak was discovered in the Linux kernel when
inotify is used to monitor the /dev/ptmx device. A local user could exploit
this flaw to discover keystroke timing and potentially discover sensitive
information like password length. (CVE-2013-0160)
Vasily Kulikov reported a flaw in the Linux kernel's implementation of
ptrace. An unprivileged local user could exploit this flaw to obtain
sensitive information from kernel memory. (CVE-2013-2929)
Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu
function of the Kernel Virtual Machine (KVM) subsystem. A local user could
exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)
Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel
Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could
exploit this flaw to cause a denial of service or host OS system crash.
(CVE-2013-6367)
Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec
AACRAID scsi raid devices in the Linux kernel. A local user could use this
flaw to cause a denial of service or possibly other unspecified impact.
(CVE-2013-6380)
Nico Golde and Fabian Yamaguchi reported buffer underflow errors in the
implementation of the XFS filesystem in the Linux kernel. A local user with
CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory
corruption) or possibly other unspecified issues. (CVE-2013-6382)
Evan Huus reported a buffer overflow in the Linux kernel's radiotap header
parsing. A remote attacker could cause a denial of service (buffer over-
read) via a specially crafted header. (CVE-2013-7027)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg
systemcalls when used with ISDN sockets in the Linux kernel. A local user
could exploit this leak to obtain potentially sensitive information from
kernel memory. (CVE-2013-7266)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg
systemcalls when used with apple talk sockets in the Linux kernel. A local
user could exploit this leak to obtain potentially sensitive information
from kernel memory. (CVE-2013-7267)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg
systemcalls when used with ipx protocol sockets in the Linux kernel. A
local user could exploit this leak to obtain potentially sensitive
information from kernel memory. (CVE-2013-7268)
An information leak was discovered in the recvfrom, recvmmsg, and recvmsg
systemcalls when used with the netrom address family in the Linux kernel. A
local user could exploit this leak to obtain potential ...
Description truncated, for more information please check the Reference URL";
tag_affected = "linux-ec2 on Ubuntu 10.04 LTS";
tag_solution = "Please Install the Updated Packages.";
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name: "USN", value: "2129-1");
script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-2129-1/");
script_summary("Check for the Version of linux-ec2");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
exit(0);
}
include("pkg-lib-deb.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"linux-image-2.6.32-362-ec2", ver:"2.6.32-362.75", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Dec 2017 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.00564