Debian DSA-3426-1 : Linux Security Update

high Nessus Plugin ID 92679

Synopsis

The remote Debian host is missing a security-related update.

Description

The remote Debian host is running a version of the Linux kernel prior to 3.2.73-2+deb7u1 on Debian 7 or is running a version of the Linux kernel prior to 3.16.7-ckt20-1+deb8u1 on Debian 8. It is, therefore, affected by the following vulnerabilities :

- A use-after-free error exists in the unix_dgram_poll() function within file net/unix/af_unix.c. A local attacker can exploit this, via specially crafted epoll_ctl calls, to cause a denial of service condition or bypass AF_UNIX socket permissions. (CVE-2013-7446)

- A NULL pointer dereference flaw exists in the slhc_init() function within file drivers/net/slip/slhc.c due to improper validation of slot numbers. A local attacker can exploit this, via specially crafted PPPIOCSMAXCID IOCTL calls, to cause a denial of service condition. (CVE-2015-7799)

- A flaw exists in the usbvision driver that allows a local attacker, via a nonzero bInterfaceNumber value in a USB device descriptor, to cause a kernel panic, resulting in a denial of service condition.
(CVE-2015-7833)

- An infinite loop condition exists in the KVM subsystem on some unspecified CPU chipsets. A local attacker who has sufficient privileges within a virtual guest OS can exploit this issue, by triggering many debug exceptions, to cause a denial of service condition. (CVE-2015-8104)

- A flaw exists in the truncate_space_check() function within file /fs/btrfs/inode.c due to improper handling of compressed file extents. A local attacker can exploit this, via a clone action, to disclose sensitive pre-truncation information from a file. (CVE-2015-8374)

- A NULL pointer dereference flaw exists in the inet_autobind() function within file net/ipv4/af_inet.c when handling connection attempts via IPv6. A local attacker can exploit this, via a specially crafted SOCK_RAW application that makes use of CLONE_NEWUSER support, to cause a denial of service condition or possibly gain elevated privileges. (CVE-2015-8543)

Solution

Upgrade the Linux packages.

For the oldstable distribution (wheezy), these issues have been fixed in version 3.2.73-2+deb7u1. In addition, this update contains several changes originally targeted for the Wheezy point release.

For the stable distribution (jessie), these issues have been fixed in version 3.16.7-ckt20-1+deb8u1. In addition, this update contains several changes originally targeted for the Jessie point release.

See Also

https://security-tracker.debian.org/tracker/CVE-2013-7446

https://security-tracker.debian.org/tracker/CVE-2015-7799

https://security-tracker.debian.org/tracker/CVE-2015-7833

https://security-tracker.debian.org/tracker/CVE-2015-8104

https://security-tracker.debian.org/tracker/CVE-2015-8374

https://security-tracker.debian.org/tracker/CVE-2015-8543

https://packages.debian.org/source/wheezy/linux

https://packages.debian.org/source/jessie/linux

http://www.debian.org/security/2015/dsa-3426

Plugin Details

Severity: High

ID: 92679

File Name: debian_DSA-3426-1.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/2/2016

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:8.0, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 12/17/2015

Vulnerability Publication Date: 9/10/2015

Reference Information

CVE: CVE-2013-7446, CVE-2015-7799, CVE-2015-7833, CVE-2015-8104, CVE-2015-8374, CVE-2015-8543

BID: 77030, 77033, 77524, 77638, 78219, 79698

DSA: 3426