Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702928
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2928-1 (linux-2.6 - privilege escalation/denial of service/information leak)
Summary:Several vulnerabilities have been discovered in the Linux kernel that may lead;to a denial of service, information leak or privilege escalation. The Common;Vulnerabilities and Exposures project identifies the following problems:;;CVE-2014-0196;Jiri Slaby discovered a race condition in the pty layer, which could lead;to a denial of service or privilege escalation.;;CVE-2014-1737 CVE-2014-1738;Matthew Daley discovered an information leak and missing input;sanitising in the FDRAWCMD ioctl of the floppy driver. This could result;in a privilege escalation.
Description:Summary:
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service, information leak or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2014-0196
Jiri Slaby discovered a race condition in the pty layer, which could lead
to a denial of service or privilege escalation.

CVE-2014-1737 CVE-2014-1738
Matthew Daley discovered an information leak and missing input
sanitising in the FDRAWCMD ioctl of the floppy driver. This could result
in a privilege escalation.

Affected Software/OS:
linux-2.6 on Debian Linux

Solution:
For the oldstable distribution (squeeze), this problem has been fixed in
version 2.6.32-48squeeze6.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

?Debian 6.0 (squeeze)user-mode-linux2.6.32-1um-4+48squeeze6
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

Note
: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or 'leap-frog' fashion.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-0196
Debian Security Information: DSA-2926 (Google Search)
http://www.debian.org/security/2014/dsa-2926
Debian Security Information: DSA-2928 (Google Search)
http://www.debian.org/security/2014/dsa-2928
http://www.exploit-db.com/exploits/33516
http://pastebin.com/raw.php?i=yTSFUBgZ
http://www.openwall.com/lists/oss-security/2014/05/05/6
http://www.osvdb.org/106646
RedHat Security Advisories: RHSA-2014:0512
http://rhn.redhat.com/errata/RHSA-2014-0512.html
http://secunia.com/advisories/59218
http://secunia.com/advisories/59262
http://secunia.com/advisories/59599
SuSE Security Announcement: SUSE-SU-2014:0667 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
SuSE Security Announcement: SUSE-SU-2014:0683 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
http://www.ubuntu.com/usn/USN-2196-1
http://www.ubuntu.com/usn/USN-2197-1
http://www.ubuntu.com/usn/USN-2198-1
http://www.ubuntu.com/usn/USN-2199-1
http://www.ubuntu.com/usn/USN-2200-1
http://www.ubuntu.com/usn/USN-2201-1
http://www.ubuntu.com/usn/USN-2202-1
http://www.ubuntu.com/usn/USN-2203-1
http://www.ubuntu.com/usn/USN-2204-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-1737
BugTraq ID: 67300
http://www.securityfocus.com/bid/67300
http://www.openwall.com/lists/oss-security/2014/05/09/2
RedHat Security Advisories: RHSA-2014:0800
http://rhn.redhat.com/errata/RHSA-2014-0800.html
RedHat Security Advisories: RHSA-2014:0801
http://rhn.redhat.com/errata/RHSA-2014-0801.html
http://www.securitytracker.com/id/1030474
http://secunia.com/advisories/59309
http://secunia.com/advisories/59406
Common Vulnerability Exposure (CVE) ID: CVE-2014-1738
BugTraq ID: 67302
http://www.securityfocus.com/bid/67302
CopyrightCopyright (c) 2014 Greenbone Networks GmbH http://greenbone.net

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.