Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2359-1)

high Nessus Plugin ID 77821

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2359-1 advisory.

- The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. (CVE-2014-3601)

- The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. (CVE-2014-5077)

- Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (CVE-2014-5471)

- The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (CVE-2014-5472)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

https://ubuntu.com/security/notices/USN-2359-1

Plugin Details

Severity: High

ID: 77821

File Name: ubuntu_USN-2359-1.nasl

Version: 1.15

Type: local

Agent: unix

Published: 9/24/2014

Updated: 1/9/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.8

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2014-5077

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2014-5471

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-36-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-36-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-36-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-36-powerpc-e500, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-36-powerpc-e500mc, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-36-powerpc-smp, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-36-powerpc64-emb, p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-36-powerpc64-smp, cpe:/o:canonical:ubuntu_linux:14.04:-:lts

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/23/2014

Vulnerability Publication Date: 8/1/2014

Reference Information

CVE: CVE-2014-3601, CVE-2014-5077, CVE-2014-5471, CVE-2014-5472

BID: 68881, 69396, 69428, 69489

USN: 2359-1