Oval Definition:	oval:com.ubuntu.precise:def:20153339000
Revision Date: 2015-05-27 Version: 1 Title: CVE-2015-3339 on Ubuntu 12.04 LTS (precise) - high. Description: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges. Family: unix Class: vulnerability Status: Reference(s): CVE-2015-3339 Platform(s): Ubuntu 12.04 LTS Product(s): Definition Synopsis Ubuntu 12.04 LTS (precise) is installed. AND Package Information The 'linux' package in precise was vulnerable but has been fixed (note: '3.2.0-83.120'). OR The 'linux-armadaxp' package in precise was vulnerable but has been fixed (note: '3.2.0-1649.69'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was pending [3.5.0-61.90] OEM release'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needs-triage now end-of-life'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was pending [3.11.0-34.55~precise1] OEM release'). OR The 'linux-lts-trusty' package in precise was vulnerable but has been fixed (note: '3.13.0-52.85~precise1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR The 'linux-ti-omap4' package in precise was vulnerable but has been fixed (note: '3.2.0-1464.84').
BACK