Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1090-1.NASL
HistoryMar 21, 2011 - 12:00 a.m.

Ubuntu 10.04 LTS / 10.10 : linux vulnerabilities (USN-1090-1)

2011-03-2100:00:00
Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

15.5%

JSON

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4075)

Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2010-4163, CVE-2010-4668).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1090-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(52740);
  script_version("1.14");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-4075", "CVE-2010-4076", "CVE-2010-4077", "CVE-2010-4158", "CVE-2010-4163", "CVE-2010-4175", "CVE-2010-4668");
  script_bugtraq_id(44758, 44793, 44921, 45059);
  script_xref(name:"USN", value:"1090-1");

  script_name(english:"Ubuntu 10.04 LTS / 10.10 : linux vulnerabilities (USN-1090-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Dan Rosenberg discovered that multiple terminal ioctls did not
correctly initialize structure memory. A local attacker could exploit
this to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4075)

Dan Rosenberg discovered that the SCSI subsystem did not correctly
validate iov segments. A local attacker with access to a SCSI device
could send specially crafted requests to crash the system, leading to
a denial of service. (CVE-2010-4163, CVE-2010-4668).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1090-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-preempt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.32");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.35");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tools-2.6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/03/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/21");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2010-4075", "CVE-2010-4076", "CVE-2010-4077", "CVE-2010-4158", "CVE-2010-4163", "CVE-2010-4175", "CVE-2010-4668");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1090-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"linux-doc", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-headers-2.6.32-30", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-headers-2.6.32-30-386", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-headers-2.6.32-30-generic", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-headers-2.6.32-30-generic-pae", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-headers-2.6.32-30-preempt", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-headers-2.6.32-30-server", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-30-386", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-30-generic", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-30-generic-pae", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-30-lpia", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-30-preempt", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-30-server", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-30-versatile", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-30-virtual", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-libc-dev", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-source-2.6.32", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-tools-2.6.32-30", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-tools-common", pkgver:"2.6.32-30.59")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-doc", pkgver:"2.6.35-28.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-headers-2.6.35-28", pkgver:"2.6.35-28.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-headers-2.6.35-28-generic", pkgver:"2.6.35-28.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-headers-2.6.35-28-generic-pae", pkgver:"2.6.35-28.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-headers-2.6.35-28-server", pkgver:"2.6.35-28.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-headers-2.6.35-28-virtual", pkgver:"2.6.35-28.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.35-28-generic", pkgver:"2.6.35-28.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.35-28-generic-pae", pkgver:"2.6.35-28.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.35-28-server", pkgver:"2.6.35-28.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.35-28-versatile", pkgver:"2.6.35-28.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-image-2.6.35-28-virtual", pkgver:"2.6.35-28.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-libc-dev", pkgver:"2.6.35-1028.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-source-2.6.35", pkgver:"2.6.35-28.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-tools-2.6.35-28", pkgver:"2.6.35-28.49")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"linux-tools-common", pkgver:"2.6.35-28.49")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-doc / linux-headers-2.6 / linux-headers-2.6-386 / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-headers-2.6-genericp-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-generic
canonicalubuntu_linuxlinux-source-2.6.35p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.35
canonicalubuntu_linuxlinux-image-2.6-generic-paep-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae
canonicalubuntu_linuxlinux-source-2.6.32p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.32
canonicalubuntu_linuxlinux-image-2.6-386p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386
canonicalubuntu_linuxlinux-headers-2.6-386p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386
canonicalubuntu_linuxlinux-headers-2.6-virtualp-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-virtual
canonicalubuntu_linux10.10cpe:/o:canonical:ubuntu_linux:10.10
canonicalubuntu_linuxlinux-image-2.6-preemptp-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt
canonicalubuntu_linuxlinux-tools-2.6p-cpe:/a:canonical:ubuntu_linux:linux-tools-2.6
Rows per page:
1-10 of 231

Related

nessus 38
openvas 65
ubuntu 16
securityvulns 4
cve 8
nvd 8
cvelist 8
prion 8
ubuntucve 8
seebug 3
veracode 5
exploitpack 1
suse 7
exploitdb 1
redhatcve 1
redhat 5
fedora 5
oraclelinux 4
centos 1
osv 1
debian 1
packetstorm 1
nessus
nessus
Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1086-1)
2011-03-09 00:00:00
Ubuntu 9.10 : linux, linux-ec2 vulnerabilities (USN-1089-1)
2011-03-21 00:00:00
Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-1092-1)
2011-03-27 00:00:00
openvas
openvas
Ubuntu Update for linux-ec2 vulnerabilities USN-1086-1
2011-03-15 00:00:00
Ubuntu Update for linux vulnerabilities USN-1090-1
2011-03-24 00:00:00
Ubuntu: Security Advisory (USN-1086-1)
2011-03-15 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2011-03-18 00:00:00
Linux kernel (EC2) vulnerabilities
2011-03-08 00:00:00
Linux kernel vulnerabilities
2011-03-18 00:00:00
securityvulns
securityvulns
[USN-1089-1] Linux kernel vulnerabilities
2011-03-23 00:00:00
Linux kernel multiple security vulnerabilities
2011-03-23 00:00:00
Linux kernel multiple security vulnerabilities
2011-02-02 00:00:00
cve
cve
CVE-2010-4668
2011-01-03 20:00:43
CVE-2010-4075
2010-11-29 16:00:03
CVE-2010-4158
2010-12-30 19:00:03
nvd
nvd
CVE-2010-4668
2011-01-03 20:00:43
CVE-2010-4076
2010-11-29 16:00:03
CVE-2010-4075
2010-11-29 16:00:03
cvelist
cvelist
CVE-2010-4668
2011-01-03 19:26:00
CVE-2010-4075
2010-11-29 15:00:00
CVE-2010-4076
2022-10-03 16:21:06
prion
prion
Cross site request forgery (csrf)
2011-01-03 20:00:00
Session fixation
2010-11-29 16:00:00
Session fixation
2010-11-29 16:00:00
ubuntucve
ubuntucve
CVE-2010-4668
2011-01-03 00:00:00
CVE-2010-4158
2010-12-30 00:00:00
CVE-2010-4076
2010-11-29 00:00:00
seebug
seebug
Linux Kernel套接字过滤器内存泄露漏洞
2010-11-17 00:00:00
Linux <= 2.6.37-rc1 serial_core TIOCGICOUNT Leak Exploit
2014-07-01 00:00:00
Linux &lt;= 2.6.37-rc1 serial_core TIOCGICOUNT Leak Exploit
2011-03-18 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:57:23
Information Disclosure
2020-04-10 00:55:13
Information Disclosure
2020-04-10 00:55:17
exploitpack
exploitpack
Linux Kenel 2.6.37-rc1 - serial_core TIOCGICOUNT Leak
2011-03-14 00:00:00
suse
suse
remote denial of service in kernel
2011-03-24 16:29:15
remote denial of service, local privilege in kernel
2011-03-08 16:13:04
potential local privilege escalation in kernel
2011-01-03 15:33:25
exploitdb
exploitdb
Linux Kenel 2.6.37-rc1 - serial_core TIOCGICOUNT Leak
2011-03-14 00:00:00
redhatcve
redhatcve
CVE-2010-4175
2015-10-30 09:39:12
redhat
redhat
(RHSA-2011:0007) Important: kernel security and bug fix update
2011-01-11 00:00:00
(RHSA-2011:0162) Important: kernel security and bug fix update
2011-01-18 00:00:00
(RHSA-2010:0958) Important: kernel-rt security and bug fix update
2010-12-08 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: kernel-2.6.35.9-64.fc14
2010-12-05 00:42:46
[SECURITY] Fedora 14 Update: kernel-2.6.35.11-83.fc14
2011-02-10 21:27:10
[SECURITY] Fedora 13 Update: kernel-2.6.34.7-63.fc13
2010-12-07 20:07:41
oraclelinux
oraclelinux
Oracle Linux 6 Unbreakable Enterprise kernel security fix update
2011-03-16 00:00:00
kernel security and bug fix update
2011-01-18 00:00:00
kernel security and bug fix update
2011-02-12 00:00:00
centos
centos
kernel security update
2011-01-27 09:25:23
osv
osv
linux-2.6 - several issues
2011-01-30 00:00:00
debian
debian
[SECURITY] [DSA 2153-1] linux-2.6 security update
2011-01-30 06:42:05
packetstorm
packetstorm
Ubuntu Security Notice USN-1202-1
2011-09-14 00:00:00

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

15.5%

JSON
Related for UBUNTU_USN-1090-1.NASL
nessus38openvas65ubuntu16securityvulns4cve8nvd8cvelist8prion8ubuntucve8seebug3veracode5exploitpack1suse7exploitdb1redhatcve1redhat5fedora5oraclelinux4centos1osv1debian1packetstorm1