Ubuntu update for Linux kernel (Trusty HWE)



Published: 2017-08-07
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2016-8405
CVE-2017-1000365
CVE-2017-7482
CVE-2017-2618
CWE-ID CWE-200
CWE-264
CWE-193
CWE-120
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Ubuntu
Operating systems & Components / Operating system

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU5583

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-8405

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists in kernel components including the ION subsystem, Binder, USB driver and networking subsystem due to improper information control. A local attacker can gain access to data outside of its permission levels.

Mitigation

Update the affected packages

Ubuntu 12.04 LTS:
linux-image-3.13.0-126-generic-lpae 3.13.0-126.175~precise1
linux-image-generic-lpae-lts-trusty 3.13.0.126.117
linux-image-3.13.0-126-generic 3.13.0-126.175~precise1
linux-image-generic-lts-trusty 3.13.0.126.117

Vulnerable software versions

Ubuntu: 12.04

External links

http://www.ubuntu.com/usn/usn-3381-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security restrictions bypass

EUVDB-ID: #VU7237

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-1000365,CVE-2017-7482

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to the failure to take the argument and environment strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size) into account when imposing a size restriction. A local attacker can bypass security limitation and perform unauthorized actions.

Successful exploitation of the vulnerability results in access to the system.

Mitigation

Update the affected packages

Ubuntu 12.04 LTS:
linux-image-3.13.0-126-generic-lpae 3.13.0-126.175~precise1
linux-image-generic-lpae-lts-trusty 3.13.0.126.117
linux-image-3.13.0-126-generic 3.13.0-126.175~precise1
linux-image-generic-lts-trusty 3.13.0.126.117

Vulnerable software versions

Ubuntu: 12.04

External links

http://www.ubuntu.com/usn/usn-3381-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Off-by-one error

EUVDB-ID: #VU5832

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:W/RC:C]

CVE-ID: CVE-2017-2618

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to cause denial of service.

The vulnerability exists due to off-by-one error in setprocattr. A local process with the process:setfscreate permission can cause a kernel panic.

Successful exploitation of this vulnerability may lead to denial of service conditions.

Mitigation

Update the affected packages

Ubuntu 12.04 LTS:
linux-image-3.13.0-126-generic-lpae 3.13.0-126.175~precise1
linux-image-generic-lpae-lts-trusty 3.13.0.126.117
linux-image-3.13.0-126-generic 3.13.0-126.175~precise1
linux-image-generic-lts-trusty 3.13.0.126.117

Vulnerable software versions

Ubuntu: 12.04

External links

http://www.ubuntu.com/usn/usn-3381-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Privilege escalation

EUVDB-ID: #VU7208

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7482

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to buffer overflow. A local attacker can load a specially crafted Kerberos 5 ticket into a RxRPC key, trigger memory corruption and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages

Ubuntu 12.04 LTS:
linux-image-3.13.0-126-generic-lpae 3.13.0-126.175~precise1
linux-image-generic-lpae-lts-trusty 3.13.0.126.117
linux-image-3.13.0-126-generic 3.13.0-126.175~precise1
linux-image-generic-lts-trusty 3.13.0.126.117

Vulnerable software versions

Ubuntu: 12.04

External links

http://www.ubuntu.com/usn/usn-3381-2/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###