Búsqueda de    
Vulnerabilidad   
    Buscar 211766 Descripciones CVE y
97459 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.844986
Categoría:Ubuntu Local Security Checks
Título:Ubuntu: Security Advisory for linux-oem-5.10 (USN-5001-1)
Resumen:The remote host is missing an update for the 'linux-oem-5.10'; package(s) announced via the USN-5001-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'linux-oem-5.10'
package(s) announced via the USN-5001-1 advisory.

Vulnerability Insight:
Norbert Slusarek discovered a race condition in the CAN BCM networking
protocol of the Linux kernel leading to multiple use-after-free
vulnerabilities. A local attacker could use this issue to execute arbitrary
code. (CVE-2021-3609)

Mathy Vanhoef discovered Linux kernels WiFi implementation did
not properly clear received fragments from memory in some situations. A
physically proximate attacker could possibly use this issue to inject
packets or expose sensitive information. (CVE-2020-24586)

Mathy Vanhoef discovered Linux kernels WiFi implementation
incorrectly handled encrypted fragments. A physically proximate attacker
could possibly use this issue to decrypt fragments. (CVE-2020-24587)

Mathy Vanhoef discovered Linux kernels WiFi implementation
incorrectly handled certain malformed frames. If a user were tricked into
connecting to a malicious server, a physically proximate attacker could use
this issue to inject packets. (CVE-2020-24588)

Mathy Vanhoef discovered Linux kernels WiFi implementation
incorrectly handled EAPOL frames from unauthenticated senders. A physically
proximate attacker could inject malicious packets to cause a denial of
service (system crash). (CVE-2020-26139)

Mathy Vanhoef discovered Linux kernels WiFi implementation did
not properly verify certain fragmented frames. A physically proximate
attacker could possibly use this issue to inject or decrypt packets.
(CVE-2020-26141)

Mathy Vanhoef discovered in the Linux kernels WiFi implementation
leading to accepting plaintext fragments. A physically proximate attacker
could use this issue to inject packets. (CVE-2020-26145)

Mathy Vanhoef discovered the Linux kernels WiFi implementation
leading to reassembling mixed encrypted and plaintext fragments. A
physically proximate attacker could possibly use this issue to inject
packets or exfiltrate selected fragments. (CVE-2020-26147)

Or Cohen discovered SCTP implementation in the Linux kernel
contained a race condition in some situations, leading to a use-after-free
condition. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-23133)

Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the
nfc implementation in the Linux kernel. A privileged local attacker could
use this issue to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-23134)

Manfred Paul discovered extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel contain ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'linux-oem-5.10' package(s) on Ubuntu 20.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-3609
Common Vulnerability Exposure (CVE) ID: CVE-2021-3506
https://bugzilla.redhat.com/show_bug.cgi?id=1944298
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html
https://www.openwall.com/lists/oss-security/2021/03/28/2
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
http://www.openwall.com/lists/oss-security/2021/05/08/1
Common Vulnerability Exposure (CVE) ID: CVE-2021-3543
https://bugzilla.redhat.com/show_bug.cgi?id=1953022
https://lore.kernel.org/lkml/20210429165941.27020-1-andraprs@amazon.com/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 97459 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.