Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2287-1
HistoryJul 17, 2014 - 12:00 a.m.

Linux kernel (Saucy HWE) vulnerabilities

2014-07-1700:00:00
ubuntu.com
39

8 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.8%

JSON

Releases

  • Ubuntu 12.04

Packages

  • linux-lts-saucy - Linux hardware enablement kernel from Saucy

Details

Sasha Levin reported a flaw in the Linux kernel’s point-to-point protocol
(PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user
could exploit this flaw to gain administrative privileges. (CVE-2014-4943)

Michael S. Tsirkin discovered an information leak in the Linux kernel’s
segmentation of skbs when using the zerocopy feature of vhost-net. A local
attacker could exploit this flaw to gain potentially sensitive information
from kernel memory. (CVE-2014-0131)

An flaw was discovered in the Linux kernel’s audit subsystem when auditing
certain syscalls. A local attacker could exploit this flaw to obtain
potentially sensitive single-bit values from kernel memory or cause a
denial of service (OOPS). (CVE-2014-3917)

A flaw was discovered in the Linux kernel’s implementation of user
namespaces with respect to inode permissions. A local user could exploit
this flaw by creating a user namespace to gain administrative privileges.
(CVE-2014-4014)

Don Bailey and Ludvig Strigeus discovered an integer overflow in the Linux
kernel’s implementation of the LZ4 decompression algorithm, when used by
code not complying with API limitations. An attacker could exploit this
flaw to cause a denial of service (memory corruption) or possibly other
unspecified impact. (CVE-2014-4611)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.04noarchlinux-image-3.11.0-26-generic-lpae< 3.11.0-26.45~precise1UNKNOWN
Ubuntu12.04noarchblock-modules-3.11.0-26-generic-di< 3.11.0-26.45~precise1UNKNOWN
Ubuntu12.04noarchcrypto-modules-3.11.0-26-generic-di< 3.11.0-26.45~precise1UNKNOWN
Ubuntu12.04noarchfat-modules-3.11.0-26-generic-di< 3.11.0-26.45~precise1UNKNOWN
Ubuntu12.04noarchfb-modules-3.11.0-26-generic-di< 3.11.0-26.45~precise1UNKNOWN
Ubuntu12.04noarchfirewire-core-modules-3.11.0-26-generic-di< 3.11.0-26.45~precise1UNKNOWN
Ubuntu12.04noarchfloppy-modules-3.11.0-26-generic-di< 3.11.0-26.45~precise1UNKNOWN
Ubuntu12.04noarchfs-core-modules-3.11.0-26-generic-di< 3.11.0-26.45~precise1UNKNOWN
Ubuntu12.04noarchfs-secondary-modules-3.11.0-26-generic-di< 3.11.0-26.45~precise1UNKNOWN
Ubuntu12.04noarchinput-modules-3.11.0-26-generic-di< 3.11.0-26.45~precise1UNKNOWN
Rows per page:
1-10 of 421

Related

openvas 45
nessus 50
securityvulns 6
ubuntu 11
oraclelinux 13
mageia 8
hackerone 1
seebug 3
zdt 2
prion 6
canvas 1
cve 6
exploitpack 2
ubuntucve 6
debiancve 6
f5 12
exploitdb 3
redhat 6
altlinux 1
centos 4
attackerkb 1
suse 2
cisa 1
osv 1
debian 2
openvas
openvas
Ubuntu: Security Advisory (USN-2287-1)
2014-07-21 00:00:00
Ubuntu: Security Advisory (USN-2289-1)
2014-07-21 00:00:00
Ubuntu: Security Advisory (USN-2285-1)
2014-07-21 00:00:00
nessus
nessus
Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2287-1)
2014-07-17 00:00:00
Ubuntu 13.10 : linux vulnerabilities (USN-2289-1)
2014-07-17 00:00:00
Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2285-1)
2014-07-17 00:00:00
securityvulns
securityvulns
[USN-2289-1] Linux kernel vulnerabilities
2014-07-21 00:00:00
[oss-security] LMS-2014-06-16-5: Linux Kernel LZ4
2014-06-28 00:00:00
[oss-security] CVE-2014-4943: Linux privilege escalation in ppp over l2tp sockets
2014-07-21 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2014-07-17 00:00:00
Linux kernel (Quantal HWE) vulnerabilities
2014-07-17 00:00:00
Linux kernel vulnerabilities
2014-07-16 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2014-09-22 00:00:00
kernel security and bug fix update
2014-09-04 00:00:00
Unbreakable Enterprise kernel security update
2014-09-10 00:00:00
mageia
mageia
Updated eet packages fix security vulnerability
2014-08-06 14:31:11
Updated kernel packages fixes security vulnerabilities
2014-06-23 01:13:23
Updated kernel-tmb package fixes security vulnerabilities
2014-08-18 13:14:56
hackerone
hackerone
Internet Bug Bounty: LZ4 Core
2014-06-26 20:11:22
seebug
seebug
Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)
2014-07-01 00:00:00
Linux Kernel vhost-net分段内存泄露漏洞
2014-04-02 00:00:00
Linux kernel skb_segment函数释放后使用漏洞
2014-03-26 00:00:00
zdt
zdt
Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)
2014-06-22 00:00:00
Linux Kernel PPP-over-L2TP Socket Level Handling - Crash PoC
2015-03-05 00:00:00
prion
prion
Design/Logic Flaw
2014-07-19 19:55:00
Design/Logic Flaw
2014-06-23 11:21:00
Design/Logic Flaw
2014-03-24 16:40:00
canvas
canvas
Immunity Canvas: LINUX_PPPOL2TP
2014-07-19 19:55:00
cve
cve
CVE-2014-4943
2014-07-19 19:55:00
CVE-2014-4014
2014-06-23 11:21:00
CVE-2014-3917
2014-06-05 17:55:00
exploitpack
exploitpack
Linux Kernel 3.13 - SGID Privilege Escalation
2014-06-21 00:00:00
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)
2015-03-04 00:00:00
ubuntucve
ubuntucve
CVE-2014-4014
2014-06-23 00:00:00
CVE-2014-4943
2014-07-16 00:00:00
CVE-2014-3917
2014-06-05 00:00:00
debiancve
debiancve
CVE-2014-4943
2014-07-19 19:55:00
CVE-2014-4014
2014-06-23 11:21:00
CVE-2014-3917
2014-06-05 17:55:00
f5
f5
SOL15677 - Linux kernel vulnerability CVE-2014-4014
2014-10-09 00:00:00
K15482 : Linux kernel vulnerability CVE-2014-4943
2014-08-05 00:00:00
K15677 : Linux kernel vulnerability CVE-2014-4014
2014-10-09 00:00:00
exploitdb
exploitdb
Linux x86 - Socket Re-use Shellcode 50 bytes
2014-07-14 00:00:00
Linux Kernel 3.13 - SGID Privilege Escalation
2014-06-21 00:00:00
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)
2015-03-04 00:00:00
redhat
redhat
(RHSA-2014:1025) Important: kernel security and bug fix update
2014-08-06 00:00:00
(RHSA-2014:1143) Moderate: kernel security and bug fix update
2014-09-03 00:00:00
(RHSA-2014:1281) Moderate: kernel security and bug fix update
2014-09-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt24
2014-06-20 00:00:00
centos
centos
kernel, perf, python security update
2014-09-23 05:23:08
kernel security update
2014-09-04 07:18:06
kernel, perf, python security update
2014-07-25 12:19:52
attackerkb
attackerkb
The LZO/LZ4 Integer Overflow Summary
2014-07-03 00:00:00
suse
suse
kernel: security and bugfix update (important)
2014-08-11 12:04:19
kernel: security and bugfix update (important)
2014-08-01 15:04:21
cisa
cisa
Vulnerabilities in LZO and LZ4 compression libraries
2014-07-21 00:00:00
osv
osv
linux - security update
2014-07-29 00:00:00
debian
debian
[SECURITY] [DSA 2992-1] linux security update
2014-07-29 06:42:00
[SECURITY] [DSA 2992-1] linux security update
2014-07-29 06:42:00

8 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.8%

JSON
Related for USN-2287-1
openvas45nessus50securityvulns6ubuntu11oraclelinux13mageia8hackerone1seebug3zdt2prion6canvas1cve6exploitpack2ubuntucve6debiancve6f512exploitdb3redhat6altlinux1centos4attackerkb1suse2cisa1osv1debian2