ID de Prueba:	1.3.6.1.4.1.25623.1.0.842650
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for linux-lts-trusty USN-2907-2
Resumen:	The remote host is missing an update for the 'linux-lts-trusty'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'linux-lts-trusty' package(s) announced via the referenced advisory. Vulnerability Insight: halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). (CVE-2015-7550) 郭 永 刚 discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2015-8543) Dmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. (CVE-2015-8569) David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. (CVE-2015-8575) It was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785) Affected Software/OS: linux-lts-trusty on Ubuntu 12.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1576 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360 http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/ https://launchpadlibrarian.net/235300093/0005-overlayfs-Be-more-careful-about-copying-up-sxid-file.patch https://launchpadlibrarian.net/235300225/0006-overlayfs-Propogate-nosuid-from-lower-and-upper-moun.patch http://www.openwall.com/lists/oss-security/2016/02/24/8 Common Vulnerability Exposure (CVE) ID: CVE-2016-1575 http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/ http://www.openwall.com/lists/oss-security/2016/02/24/7 Common Vulnerability Exposure (CVE) ID: CVE-2015-7550 BugTraq ID: 79903 http://www.securityfocus.com/bid/79903 Debian Security Information: DSA-3434 (Google Search) http://www.debian.org/security/2016/dsa-3434 SuSE Security Announcement: SUSE-SU-2016:0911 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html SuSE Security Announcement: SUSE-SU-2016:1102 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html SuSE Security Announcement: SUSE-SU-2016:2074 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://www.ubuntu.com/usn/USN-2888-1 http://www.ubuntu.com/usn/USN-2890-1 http://www.ubuntu.com/usn/USN-2890-2 http://www.ubuntu.com/usn/USN-2890-3 http://www.ubuntu.com/usn/USN-2911-1 http://www.ubuntu.com/usn/USN-2911-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-8543 BugTraq ID: 79698 http://www.securityfocus.com/bid/79698 Debian Security Information: DSA-3426 (Google Search) http://www.debian.org/security/2015/dsa-3426 http://www.openwall.com/lists/oss-security/2015/12/09/5 RedHat Security Advisories: RHSA-2016:0855 http://rhn.redhat.com/errata/RHSA-2016-0855.html RedHat Security Advisories: RHSA-2016:2574 http://rhn.redhat.com/errata/RHSA-2016-2574.html RedHat Security Advisories: RHSA-2016:2584 http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.securitytracker.com/id/1034892 http://www.ubuntu.com/usn/USN-2886-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-8569 BugTraq ID: 79428 http://www.securityfocus.com/bid/79428 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://twitter.com/grsecurity/statuses/676744240802750464 https://lkml.org/lkml/2015/12/14/252 http://www.openwall.com/lists/oss-security/2015/12/15/11 http://www.securitytracker.com/id/1034549 Common Vulnerability Exposure (CVE) ID: CVE-2015-8575 BugTraq ID: 79724 http://www.securityfocus.com/bid/79724 http://www.openwall.com/lists/oss-security/2015/12/16/3 Common Vulnerability Exposure (CVE) ID: CVE-2015-8785 BugTraq ID: 81688 http://www.securityfocus.com/bid/81688 Debian Security Information: DSA-3503 (Google Search) http://www.debian.org/security/2016/dsa-3503 http://www.openwall.com/lists/oss-security/2016/01/24/1 SuSE Security Announcement: SUSE-SU-2016:1764 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html SuSE Security Announcement: openSUSE-SU-2016:1008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.