Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2289-1
HistoryJul 17, 2014 - 12:00 a.m.

Linux kernel vulnerabilities

2014-07-1700:00:00
ubuntu.com
71

7.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

Releases

  • Ubuntu 13.10

Packages

  • linux - Linux kernel

Details

Sasha Levin reported a flaw in the Linux kernel’s point-to-point protocol
(PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user
could exploit this flaw to gain administrative privileges. (CVE-2014-4943)

Michael S. Tsirkin discovered an information leak in the Linux kernel’s
segmentation of skbs when using the zerocopy feature of vhost-net. A local
attacker could exploit this flaw to gain potentially sensitive information
from kernel memory. (CVE-2014-0131)

An flaw was discovered in the Linux kernel’s audit subsystem when auditing
certain syscalls. A local attacker could exploit this flaw to obtain
potentially sensitive single-bit values from kernel memory or cause a
denial of service (OOPS). (CVE-2014-3917)

A flaw was discovered in the Linux kernel’s implementation of user
namespaces with respect to inode permissions. A local user could exploit
this flaw by creating a user namespace to gain administrative privileges.
(CVE-2014-4014)

Don Bailey discovered a flaw in the LZO decompress algorithm used by the
Linux kernel. An attacker could exploit this flaw to cause a denial of
service (memory corruption or OOPS). (CVE-2014-4608)

Don Bailey and Ludvig Strigeus discovered an integer overflow in the Linux
kernel’s implementation of the LZ4 decompression algorithm, when used by
code not complying with API limitations. An attacker could exploit this
flaw to cause a denial of service (memory corruption) or possibly other
unspecified impact. (CVE-2014-4611)

OSVersionArchitecturePackageVersionFilename
Ubuntu13.10noarchlinux-image-3.11.0-26-generic-lpae< 3.11.0-26.45UNKNOWN
Ubuntu13.10noarchblock-modules-3.11.0-26-generic-di< 3.11.0-26.45UNKNOWN
Ubuntu13.10noarchcrypto-modules-3.11.0-26-generic-di< 3.11.0-26.45UNKNOWN
Ubuntu13.10noarchfat-modules-3.11.0-26-generic-di< 3.11.0-26.45UNKNOWN
Ubuntu13.10noarchfb-modules-3.11.0-26-generic-di< 3.11.0-26.45UNKNOWN
Ubuntu13.10noarchfirewire-core-modules-3.11.0-26-generic-di< 3.11.0-26.45UNKNOWN
Ubuntu13.10noarchfloppy-modules-3.11.0-26-generic-di< 3.11.0-26.45UNKNOWN
Ubuntu13.10noarchfs-core-modules-3.11.0-26-generic-di< 3.11.0-26.45UNKNOWN
Ubuntu13.10noarchfs-secondary-modules-3.11.0-26-generic-di< 3.11.0-26.45UNKNOWN
Ubuntu13.10noarchinput-modules-3.11.0-26-generic-di< 3.11.0-26.45UNKNOWN
Rows per page:
1-10 of 441

Related

nessus 49
securityvulns 7
openvas 42
ubuntu 13
cisa 1
oraclelinux 12
amazon 1
mageia 6
thn 1
hackerone 1
freebsd 1
exploitpack 2
ubuntucve 7
seebug 3
zdt 2
f5 12
debiancve 7
prion 7
canvas 1
cve 7
exploitdb 3
redhat 6
altlinux 1
centos 4
attackerkb 1
suse 1
debian 1
nessus
nessus
Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2287-1)
2014-07-17 00:00:00
Ubuntu 13.10 : linux vulnerabilities (USN-2289-1)
2014-07-17 00:00:00
Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2281-1)
2014-07-17 00:00:00
securityvulns
securityvulns
[USN-2289-1] Linux kernel vulnerabilities
2014-07-21 00:00:00
Linux kernel multiple security vulnerabilities
2014-07-21 00:00:00
[oss-security] LMS-2014-06-16-5: Linux Kernel LZ4
2014-06-28 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2289-1)
2014-07-21 00:00:00
Ubuntu: Security Advisory (USN-2287-1)
2014-07-21 00:00:00
Ubuntu: Security Advisory (USN-2285-1)
2014-07-21 00:00:00
ubuntu
ubuntu
Linux kernel (Saucy HWE) vulnerabilities
2014-07-17 00:00:00
Linux kernel (Raring HWE) vulnerabilities
2014-07-17 00:00:00
Linux kernel (Quantal HWE) vulnerabilities
2014-07-17 00:00:00
cisa
cisa
Vulnerabilities in LZO and LZ4 compression libraries
2014-07-21 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2014-09-22 00:00:00
kernel security and bug fix update
2014-09-04 00:00:00
Unbreakable Enterprise kernel security update
2014-09-10 00:00:00
amazon
amazon
Medium: kernel
2014-07-09 16:29:00
mageia
mageia
Updated eet packages fix security vulnerability
2014-08-06 14:31:11
Updated kernel packages fixes security vulnerabilities
2014-06-23 01:13:23
Updated kernel-tmb package fixes security vulnerabilities
2014-08-18 13:14:56
thn
thn
20-Year Old Vulnerability in LZO Compression Algorithm Went to Planet Mars
2014-06-27 05:43:00
hackerone
hackerone
Internet Bug Bounty: LZ4 Core
2014-06-26 20:11:22
freebsd
freebsd
LZO -- potential buffer overrun when processing malicious input data
2014-06-25 00:00:00
exploitpack
exploitpack
Linux Kernel 3.13 - SGID Privilege Escalation
2014-06-21 00:00:00
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)
2015-03-04 00:00:00
ubuntucve
ubuntucve
CVE-2014-4014
2014-06-23 00:00:00
CVE-2014-4943
2014-07-16 00:00:00
CVE-2014-4608
2014-07-03 00:00:00
seebug
seebug
Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)
2014-07-01 00:00:00
Linux Kernel vhost-net分段内存泄露漏洞
2014-04-02 00:00:00
Linux kernel skb_segment函数释放后使用漏洞
2014-03-26 00:00:00
zdt
zdt
Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)
2014-06-22 00:00:00
Linux Kernel PPP-over-L2TP Socket Level Handling - Crash PoC
2015-03-05 00:00:00
f5
f5
SOL15512 - LZO decompressor vulnerability CVE-2014-4608
2014-08-18 00:00:00
K15512 : LZO decompressor vulnerability CVE-2014-4608
2014-08-18 00:00:00
K15482 : Linux kernel vulnerability CVE-2014-4943
2014-08-05 00:00:00
debiancve
debiancve
CVE-2014-4608
2014-07-03 04:22:00
CVE-2014-4943
2014-07-19 19:55:00
CVE-2014-4014
2014-06-23 11:21:00
prion
prion
Design/Logic Flaw
2014-07-19 19:55:00
Integer overflow
2014-07-03 04:22:00
Design/Logic Flaw
2014-06-23 11:21:00
canvas
canvas
Immunity Canvas: LINUX_PPPOL2TP
2014-07-19 19:55:00
cve
cve
CVE-2014-4943
2014-07-19 19:55:00
CVE-2014-4608
2014-07-03 04:22:00
CVE-2014-4014
2014-06-23 11:21:00
exploitdb
exploitdb
Linux x86 - Socket Re-use Shellcode 50 bytes
2014-07-14 00:00:00
Linux Kernel 3.13 - SGID Privilege Escalation
2014-06-21 00:00:00
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)
2015-03-04 00:00:00
redhat
redhat
(RHSA-2014:1025) Important: kernel security and bug fix update
2014-08-06 00:00:00
(RHSA-2014:1143) Moderate: kernel security and bug fix update
2014-09-03 00:00:00
(RHSA-2014:1281) Moderate: kernel security and bug fix update
2014-09-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt24
2014-06-20 00:00:00
centos
centos
kernel, perf, python security update
2014-09-23 05:23:08
kernel security update
2014-09-04 07:18:06
kernel, perf, python security update
2014-07-25 12:19:52
attackerkb
attackerkb
The LZO/LZ4 Integer Overflow Summary
2014-07-03 00:00:00
suse
suse
kernel: security and bugfix update (important)
2014-08-11 12:04:19
debian
debian
[SECURITY] [DSA 2992-1] linux security update
2014-07-29 06:42:00

7.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON
Related for USN-2289-1
nessus49securityvulns7openvas42ubuntu13cisa1oraclelinux12amazon1mageia6thn1hackerone1freebsd1exploitpack2ubuntucve7seebug3zdt2f512debiancve7prion7canvas1cve7exploitdb3redhat6altlinux1centos4attackerkb1suse1debian1