Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.702928 |
Category: | Debian Local Security Checks |
Title: | Debian Security Advisory DSA 2928-1 (linux-2.6 - privilege escalation/denial of service/information leak) |
Summary: | Several vulnerabilities have been discovered in the Linux kernel that may lead;to a denial of service, information leak or privilege escalation. The Common;Vulnerabilities and Exposures project identifies the following problems:;;CVE-2014-0196;Jiri Slaby discovered a race condition in the pty layer, which could lead;to a denial of service or privilege escalation.;;CVE-2014-1737 CVE-2014-1738;Matthew Daley discovered an information leak and missing input;sanitising in the FDRAWCMD ioctl of the floppy driver. This could result;in a privilege escalation. |
Description: | Summary: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0196 Jiri Slaby discovered a race condition in the pty layer, which could lead to a denial of service or privilege escalation. CVE-2014-1737 CVE-2014-1738 Matthew Daley discovered an information leak and missing input sanitising in the FDRAWCMD ioctl of the floppy driver. This could result in a privilege escalation. Affected Software/OS: linux-2.6 on Debian Linux Solution: For the oldstable distribution (squeeze), this problem has been fixed in version 2.6.32-48squeeze6. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: ?Debian 6.0 (squeeze)user-mode-linux2.6.32-1um-4+48squeeze6 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note : Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or 'leap-frog' fashion. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-0196 Debian Security Information: DSA-2926 (Google Search) http://www.debian.org/security/2014/dsa-2926 Debian Security Information: DSA-2928 (Google Search) http://www.debian.org/security/2014/dsa-2928 http://www.exploit-db.com/exploits/33516 http://pastebin.com/raw.php?i=yTSFUBgZ http://www.openwall.com/lists/oss-security/2014/05/05/6 http://www.osvdb.org/106646 RedHat Security Advisories: RHSA-2014:0512 http://rhn.redhat.com/errata/RHSA-2014-0512.html http://secunia.com/advisories/59218 http://secunia.com/advisories/59262 http://secunia.com/advisories/59599 SuSE Security Announcement: SUSE-SU-2014:0667 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html SuSE Security Announcement: SUSE-SU-2014:0683 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html http://www.ubuntu.com/usn/USN-2196-1 http://www.ubuntu.com/usn/USN-2197-1 http://www.ubuntu.com/usn/USN-2198-1 http://www.ubuntu.com/usn/USN-2199-1 http://www.ubuntu.com/usn/USN-2200-1 http://www.ubuntu.com/usn/USN-2201-1 http://www.ubuntu.com/usn/USN-2202-1 http://www.ubuntu.com/usn/USN-2203-1 http://www.ubuntu.com/usn/USN-2204-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-1737 BugTraq ID: 67300 http://www.securityfocus.com/bid/67300 http://www.openwall.com/lists/oss-security/2014/05/09/2 RedHat Security Advisories: RHSA-2014:0800 http://rhn.redhat.com/errata/RHSA-2014-0800.html RedHat Security Advisories: RHSA-2014:0801 http://rhn.redhat.com/errata/RHSA-2014-0801.html http://www.securitytracker.com/id/1030474 http://secunia.com/advisories/59309 http://secunia.com/advisories/59406 Common Vulnerability Exposure (CVE) ID: CVE-2014-1738 BugTraq ID: 67302 http://www.securityfocus.com/bid/67302 |
Copyright | Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |