Búsqueda de    
Vulnerabilidad   
    Buscar 172616 Descripciones CVE y
81291 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.843369
Categoría:Ubuntu Local Security Checks
Título:Ubuntu Update for linux USN-3485-1
Resumen:The remote host is missing an update for the 'linux'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'linux'
package(s) announced via the referenced advisory.

Vulnerability Insight:
It was discovered that a race condition
existed in the ALSA subsystem of the Linux kernel when creating and deleting a
port via ioctl(). A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-15265) Eric Biggers
discovered that the key management subsystem in the Linux kernel did not
properly restrict adding a key that already exists but is uninstantiated. A
local attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15299) It was discovered that a race
condition existed in the packet fanout implementation in the Linux kernel. A
local attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15649) Eric Biggers discovered a race
condition in the key management subsystem of the Linux kernel around keys in a
negative state. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-15951) Andrey
Konovalov discovered a use-after-free vulnerability in the USB serial console
driver in the Linux kernel. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-16525) Andrey Konovalov discovered that the Ultra Wide Band driver in
the Linux kernel did not properly check for an error condition. A physically
proximate attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-16526) Andrey Konovalov discovered
that the ALSA subsystem in the Linux kernel contained a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-16527) Andrey
Konovalov discovered that the ALSA subsystem in the Linux kernel did not
properly validate USB audio buffer descriptors. A physically proximate attacker
could use this cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2017-16529) Andrey Konovalov discovered that the USB
unattached storage driver in the Linux kernel contained out-of-bounds error when
handling alternative settings. A physically proximate attacker could use to
cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-16530) Andrey Konovalov discovered that the USB subsystem in the Linux
kernel did not properly validate USB interface association descriptors. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2017-16531) Andrey ... Description truncated, for more
information please check the Reference URL

Affected Software/OS:
linux on Ubuntu 16.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-15265
Common Vulnerability Exposure (CVE) ID: CVE-2017-15299
Common Vulnerability Exposure (CVE) ID: CVE-2017-15649
Common Vulnerability Exposure (CVE) ID: CVE-2017-15951
Common Vulnerability Exposure (CVE) ID: CVE-2017-16525
Common Vulnerability Exposure (CVE) ID: CVE-2017-16526
Common Vulnerability Exposure (CVE) ID: CVE-2017-16527
Common Vulnerability Exposure (CVE) ID: CVE-2017-16529
Common Vulnerability Exposure (CVE) ID: CVE-2017-16530
Common Vulnerability Exposure (CVE) ID: CVE-2017-16531
Common Vulnerability Exposure (CVE) ID: CVE-2017-16533
Common Vulnerability Exposure (CVE) ID: CVE-2017-16534
Common Vulnerability Exposure (CVE) ID: CVE-2017-16535
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 81291 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.