OVAL Reference oval:com.ubuntu.precise:def:20162550000

Oval Definition:

oval:com.ubuntu.precise:def:20162550000

Revision Date:	2016-04-27	Version:	1
Title:	CVE-2016-2550 on Ubuntu 12.04 LTS (precise) - medium.
Description:	The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312. David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion).
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2016-2550
Platform(s):	Ubuntu 12.04 LTS	Product(s):
Definition Synopsis
Ubuntu 12.04 LTS (precise) is installed. AND Package Information NOT While related to the CVE in some way, the 'linux' package in precise is not affected (note: '3.2.0-102.142'). OR NOT While related to the CVE in some way, the 'linux-armadaxp' package in precise is not affected (note: '3.2.0-1665.90'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'end-of-life'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'end-of-life'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'end-of-life'). OR The 'linux-lts-trusty' package in precise was vulnerable but has been fixed (note: '3.13.0-85.129~precise1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR NOT While related to the CVE in some way, the 'linux-ti-omap4' package in precise is not affected (note: '3.2.0-1480.106').

BACK