Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1808-1)

medium Nessus Plugin ID 66232

Synopsis

The remote Ubuntu host is missing a security-related patch.

Description

Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. (CVE-2012-6542)

Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. (CVE-2012-6544)

Mathias Krause discovered information leaks in the Linux kernel's Bluetooth RFCOMM protocol implementation. A local user could exploit these flaws to examine parts of kernel memory. (CVE-2012-6545)

Mathias Krause discovered information leaks in the Linux kernel's Asynchronous Transfer Mode (ATM) networking stack. A local user could exploit these flaws to examine some parts of kernel memory.
(CVE-2012-6546)

Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. (CVE-2012-6548)

Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege.
(CVE-2013-0228)

An information leak was discovered in the Linux kernel's Bluetooth stack when HIDP (Human Interface Device Protocol) support is enabled.
A local unprivileged user could exploit this flaw to cause an information leak from the kernel. (CVE-2013-0349)

A flaw was discovered in the Edgeort USB serial converter driver when the device is disconnected while it is in use. A local user could exploit this flaw to cause a denial of service (system crash).
(CVE-2013-1774)

Andrew Honig discovered a flaw in guest OS time updates in the Linux kernel's KVM (Kernel-based Virtual Machine). A privileged guest user could exploit this flaw to cause a denial of service (crash host system) or potential escalate privilege to the host kernel level.
(CVE-2013-1796).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected linux-image-2.6-ec2 package.

See Also

https://usn.ubuntu.com/1808-1/

Plugin Details

Severity: Medium

ID: 66232

File Name: ubuntu_USN-1808-1.nasl

Version: 1.14

Type: local

Agent: unix

Published: 4/26/2013

Updated: 9/19/2019

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2, cpe:/o:canonical:ubuntu_linux:10.04:-:lts

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Ease: No known exploits are available

Patch Publication Date: 4/25/2013

Vulnerability Publication Date: 2/28/2013

Reference Information

CVE: CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796

BID: 57940, 58112, 58202, 58607, 58989, 58990, 58991, 58992, 58994

USN: 1808-1