English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.1.2.2014.0015
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DLA-0015-1)
Summary:The remote host is missing an update for the Debian 'linux-2.6' package(s) announced via the DLA-0015-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'linux-2.6' package(s) announced via the DLA-0015-1 advisory.

Vulnerability Insight:
This update fixes several remote and local denial of service attacks and other issues:

CVE-2013-4387: ipv6: udp packets following an UFO enqueued packet need also be handled by UFO to prevent remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet.

CVE-2013-4470: inet: fix possible memory corruption with UDP_CORK and UFO to prevent local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application.

CVE-2014-0203: fix autofs/afs/etc. magic mountpoint breakage, preventing denial of service attacks by local users.

CVE-2014-2678: rds: prevent dereference of a NULL device in rds_iw_laddr_check to prevent local denial of service attacks (system crash or possibly have unspecified other impact).

CVE-2014-3122

: Incorrect locking of memory can result in local denial of service.

CVE-2014-3144

/ CVE-2014-3145: A local user can cause a denial of service (system crash) via crafted BPF instructions.

CVE-2014-3917: auditsc: audit_krule mask accesses need bounds checking to prevent a local denial of service attack (OOPS) or possibly leaking sensitive single-bit values from kernel memory.

CVE-2014-4652: ALSA: control: Protect user controls against concurrent access, resulting in a race condition, possibly allowing local users access to sensitive information from kernel memory.

CVE-2014-4656: ALSA: control: Make sure that id->index does not overflow, to prevent a denial of service of the sound system by local users.

CVE-2014-4667: sctp: Fix sk_ack_backlog wrap-around problem, preventing denial of service (socket outage) via a crafted SCTP packet by remote attackers.

CVE-2014-4699: Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x86_64 processors. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.

For Debian 6 Squeeze, these issues have been fixed in linux-2.6 version 2.6.32-48squeeze8

Affected Software/OS:
'linux-2.6' package(s) on Debian 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4387
RHSA-2013:1490
http://rhn.redhat.com/errata/RHSA-2013-1490.html
RHSA-2013:1645
http://rhn.redhat.com/errata/RHSA-2013-1645.html
RHSA-2014:0284
http://rhn.redhat.com/errata/RHSA-2014-0284.html
USN-2019-1
http://www.ubuntu.com/usn/USN-2019-1
USN-2021-1
http://www.ubuntu.com/usn/USN-2021-1
USN-2022-1
http://www.ubuntu.com/usn/USN-2022-1
USN-2024-1
http://www.ubuntu.com/usn/USN-2024-1
USN-2038-1
http://www.ubuntu.com/usn/USN-2038-1
USN-2039-1
http://www.ubuntu.com/usn/USN-2039-1
USN-2041-1
http://www.ubuntu.com/usn/USN-2041-1
USN-2045-1
http://www.ubuntu.com/usn/USN-2045-1
USN-2049-1
http://www.ubuntu.com/usn/USN-2049-1
USN-2050-1
http://www.ubuntu.com/usn/USN-2050-1
[oss-security] 20130928 Re: linux kernel memory corruption with ipv6 udp offloading
http://www.openwall.com/lists/oss-security/2013/09/29/1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2811ebac2521ceac84f2bdae402455baa6a7fb47
https://bugzilla.redhat.com/show_bug.cgi?id=1011927
https://github.com/torvalds/linux/commit/2811ebac2521ceac84f2bdae402455baa6a7fb47
Common Vulnerability Exposure (CVE) ID: CVE-2013-4470
63359
http://www.securityfocus.com/bid/63359
RHSA-2013:1801
http://rhn.redhat.com/errata/RHSA-2013-1801.html
RHSA-2014:0100
http://rhn.redhat.com/errata/RHSA-2014-0100.html
SUSE-SU-2014:0459
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
USN-2040-1
http://www.ubuntu.com/usn/USN-2040-1
USN-2042-1
http://www.ubuntu.com/usn/USN-2042-1
USN-2043-1
http://www.ubuntu.com/usn/USN-2043-1
USN-2044-1
http://www.ubuntu.com/usn/USN-2044-1
USN-2046-1
http://www.ubuntu.com/usn/USN-2046-1
USN-2066-1
http://www.ubuntu.com/usn/USN-2066-1
USN-2067-1
http://www.ubuntu.com/usn/USN-2067-1
USN-2069-1
http://www.ubuntu.com/usn/USN-2069-1
USN-2073-1
http://www.ubuntu.com/usn/USN-2073-1
[oss-security] 20131025 Re: CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO
http://www.openwall.com/lists/oss-security/2013/10/25/5
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e93b7d748be887cd7639b113ba7d7ef792a7efb9
https://bugzilla.redhat.com/show_bug.cgi?id=1023477
https://github.com/torvalds/linux/commit/c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b
https://github.com/torvalds/linux/commit/e93b7d748be887cd7639b113ba7d7ef792a7efb9
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.12.bz2
Common Vulnerability Exposure (CVE) ID: CVE-2014-0203
59262
http://secunia.com/advisories/59262
59309
http://secunia.com/advisories/59309
59406
http://secunia.com/advisories/59406
59560
http://secunia.com/advisories/59560
68125
http://www.securityfocus.com/bid/68125
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=86acdca1b63e6890540fa19495cfc708beff3d8b
http://linux.oracle.com/errata/ELSA-2014-0771.html
http://linux.oracle.com/errata/ELSA-2014-3043.html
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33
https://bugzilla.redhat.com/show_bug.cgi?id=1094363
https://github.com/torvalds/linux/commit/86acdca1b63e6890540fa19495cfc708beff3d8b
Common Vulnerability Exposure (CVE) ID: CVE-2014-2678
BugTraq ID: 66543
http://www.securityfocus.com/bid/66543
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html
https://lkml.org/lkml/2014/3/29/188
http://www.openwall.com/lists/oss-security/2014/03/31/10
http://secunia.com/advisories/59386
http://secunia.com/advisories/60130
http://secunia.com/advisories/60471
Common Vulnerability Exposure (CVE) ID: CVE-2014-3122
59386
59599
http://secunia.com/advisories/59599
67162
http://www.securityfocus.com/bid/67162
DSA-2926
http://www.debian.org/security/2014/dsa-2926
USN-2240-1
http://www.ubuntu.com/usn/USN-2240-1
[oss-security] 20140430 Re: CVE request Linux kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking
http://www.openwall.com/lists/oss-security/2014/05/01/7
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=57e68e9cd65b4b8eb4045a1e0d0746458502554c
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.3
https://bugzilla.redhat.com/show_bug.cgi?id=1093076
https://github.com/torvalds/linux/commit/57e68e9cd65b4b8eb4045a1e0d0746458502554c
Common Vulnerability Exposure (CVE) ID: CVE-2014-3144
58990
http://secunia.com/advisories/58990
59311
http://secunia.com/advisories/59311
59597
http://secunia.com/advisories/59597
60613
http://secunia.com/advisories/60613
67309
http://www.securityfocus.com/bid/67309
DSA-2949
http://www.debian.org/security/2014/dsa-2949
USN-2251-1
http://www.ubuntu.com/usn/USN-2251-1
USN-2252-1
http://www.ubuntu.com/usn/USN-2252-1
USN-2259-1
http://www.ubuntu.com/usn/USN-2259-1
USN-2261-1
http://www.ubuntu.com/usn/USN-2261-1
USN-2262-1
http://www.ubuntu.com/usn/USN-2262-1
USN-2263-1
http://www.ubuntu.com/usn/USN-2263-1
USN-2264-1
http://www.ubuntu.com/usn/USN-2264-1
[oss-security] 20140509 Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message
http://www.openwall.com/lists/oss-security/2014/05/09/6
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3
http://linux.oracle.com/errata/ELSA-2014-3052.html
https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
Common Vulnerability Exposure (CVE) ID: CVE-2014-3145
1038201
http://www.securitytracker.com/id/1038201
67321
http://www.securityfocus.com/bid/67321
https://source.android.com/security/bulletin/2017-04-01
Common Vulnerability Exposure (CVE) ID: CVE-2014-3917
http://article.gmane.org/gmane.linux.kernel/1713179
http://www.openwall.com/lists/oss-security/2014/05/29/5
RedHat Security Advisories: RHSA-2014:1143
http://rhn.redhat.com/errata/RHSA-2014-1143.html
RedHat Security Advisories: RHSA-2014:1281
http://rhn.redhat.com/errata/RHSA-2014-1281.html
http://secunia.com/advisories/59777
http://secunia.com/advisories/60011
http://secunia.com/advisories/60564
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://www.ubuntu.com/usn/USN-2334-1
http://www.ubuntu.com/usn/USN-2335-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-4652
http://www.openwall.com/lists/oss-security/2014/06/26/6
RedHat Security Advisories: RHSA-2014:1083
http://rhn.redhat.com/errata/RHSA-2014-1083.html
RedHat Security Advisories: RHSA-2015:1272
http://rhn.redhat.com/errata/RHSA-2015-1272.html
http://secunia.com/advisories/59434
http://secunia.com/advisories/60545
XForce ISS Database: linux-kernel-cve20144652-info-disc(94412)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94412
Common Vulnerability Exposure (CVE) ID: CVE-2014-4656
RedHat Security Advisories: RHSA-2015:0087
http://rhn.redhat.com/errata/RHSA-2015-0087.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-4667
BugTraq ID: 68224
http://www.securityfocus.com/bid/68224
Debian Security Information: DSA-2992 (Google Search)
http://www.debian.org/security/2014/dsa-2992
http://www.openwall.com/lists/oss-security/2014/06/27/11
http://secunia.com/advisories/59790
http://secunia.com/advisories/60596
SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-4699
Debian Security Information: DSA-2972 (Google Search)
http://www.debian.org/security/2014/dsa-2972
http://www.exploit-db.com/exploits/34134
http://packetstormsecurity.com/files/127573/Linux-Kernel-ptrace-sysret-Local-Privilege-Escalation.html
http://www.openwall.com/lists/oss-security/2014/07/04/4
http://openwall.com/lists/oss-security/2014/07/05/4
http://openwall.com/lists/oss-security/2014/07/08/16
http://openwall.com/lists/oss-security/2014/07/08/5
http://www.osvdb.org/108754
http://secunia.com/advisories/59633
http://secunia.com/advisories/59639
http://secunia.com/advisories/59654
http://secunia.com/advisories/60220
http://secunia.com/advisories/60380
http://secunia.com/advisories/60393
http://www.ubuntu.com/usn/USN-2266-1
http://www.ubuntu.com/usn/USN-2267-1
http://www.ubuntu.com/usn/USN-2268-1
http://www.ubuntu.com/usn/USN-2269-1
http://www.ubuntu.com/usn/USN-2270-1
http://www.ubuntu.com/usn/USN-2271-1
http://www.ubuntu.com/usn/USN-2272-1
http://www.ubuntu.com/usn/USN-2273-1
http://www.ubuntu.com/usn/USN-2274-1
CopyrightCopyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.