Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2337-1)

medium Nessus Plugin ID 77492

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2337-1 advisory.

A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq).
A guest OS user could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0155)

Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. (CVE-2014-0181)

An information leak was discovered in the Linux kernels aio_read_events_ring function. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-0206)

A flaw was discovered in the Linux kernel's implementation of user namespaces with respect to inode permissions. A local user could exploit this flaw by creating a user namespace to gain administrative privileges. (CVE-2014-4014)

An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (CVE-2014-4027)

Sasha Levin reported an issue with the Linux kernel's shared memory subsystem when used with range notifications and hole punching. A local user could exploit this flaw to cause a denial of service.
(CVE-2014-4171)

Toralf Frster reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). (CVE-2014-4508)

An information leak was discovered in the control implemenation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-4652)

A use-after-free flaw was discovered in the Advanced Linux Sound Architecture (ALSA) control implementation of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-4653)

A authorization bug was discovered with the snd_ctl_elem_add function of the Advanced Linux Sound Architecture (ALSA) in the Linux kernel. A local user could exploit his bug to cause a denial of service (remove kernel controls). (CVE-2014-4654)

A flaw discovered in how the snd_ctl_elem function of the Advanced Linux Sound Architecture (ALSA) handled a reference count. A local user could exploit this flaw to cause a denial of service (integer overflow and limit bypass). (CVE-2014-4655)

An integer overflow flaw was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA). A local user could exploit this flaw to cause a denial of service (system crash).
(CVE-2014-4656)

An integer underflow flaw was discovered in the Linux kernel's handling of the backlog value for certain SCTP packets. A remote attacker could exploit this flaw to cause a denial of service (socket outage) via a crafted SCTP packet. (CVE-2014-4667)

Vasily Averin discover a reference count flaw during attempts to umount in conjunction with a symlink. A local user could exploit this flaw to cause a denial of service (memory consumption or use after free) or possibly have other unspecified impact. (CVE-2014-5045)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

https://ubuntu.com/security/notices/USN-2337-1

Plugin Details

Severity: Medium

ID: 77492

File Name: ubuntu_USN-2337-1.nasl

Version: 1.25

Type: local

Agent: unix

Published: 9/3/2014

Updated: 8/28/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-5045

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2014-0181

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-35-powerpc-e500mc, cpe:/o:canonical:ubuntu_linux:14.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-35-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-35-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-35-powerpc64-smp, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-35-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-35-powerpc-e500, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-35-powerpc-smp, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-35-powerpc64-emb

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/2/2014

Vulnerability Publication Date: 4/14/2014

Reference Information

CVE: CVE-2014-0155, CVE-2014-0181, CVE-2014-0206, CVE-2014-4014, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5045

BID: 66688, 67034, 67985, 67988, 68126, 68157, 68162, 68163, 68164, 68170, 68176, 68224, 68862

USN: 2337-1