ID de Prueba:	1.3.6.1.4.1.25623.1.0.842658
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for linux-lts-utopic USN-2909-1
Resumen:	The remote host is missing an update for the 'linux-lts-utopic'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'linux-lts-utopic' package(s) announced via the referenced advisory. Vulnerability Insight: halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785) Affected Software/OS: linux-lts-utopic on Ubuntu 14.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1576 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360 http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/ https://launchpadlibrarian.net/235300093/0005-overlayfs-Be-more-careful-about-copying-up-sxid-file.patch https://launchpadlibrarian.net/235300225/0006-overlayfs-Propogate-nosuid-from-lower-and-upper-moun.patch http://www.openwall.com/lists/oss-security/2016/02/24/8 Common Vulnerability Exposure (CVE) ID: CVE-2016-1575 http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/ http://www.openwall.com/lists/oss-security/2016/02/24/7 Common Vulnerability Exposure (CVE) ID: CVE-2015-8785 BugTraq ID: 81688 http://www.securityfocus.com/bid/81688 Debian Security Information: DSA-3503 (Google Search) http://www.debian.org/security/2016/dsa-3503 http://www.openwall.com/lists/oss-security/2016/01/24/1 SuSE Security Announcement: SUSE-SU-2016:0911 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html SuSE Security Announcement: SUSE-SU-2016:1102 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html SuSE Security Announcement: SUSE-SU-2016:1764 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html SuSE Security Announcement: SUSE-SU-2016:2074 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html SuSE Security Announcement: openSUSE-SU-2016:1008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://www.ubuntu.com/usn/USN-2886-1
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.