English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.68585
Kategorie:Mandrake Local Security Checks
Titel:Mandriva Security Advisory MDVSA-2010:257 (kernel)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to kernel
announced via advisory MDVSA-2010:257.

A vulnerability was discovered and corrected in the Linux 2.6 kernel:

The setup_arg_pages function in fs/exec.c in the Linux kernel before
2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict
the stack memory consumption of the (1) arguments and (2) environment
for a 32-bit application on a 64-bit platform, which allows local
users to cause a denial of service (system crash) via a crafted exec
system call, a related issue to CVE-2010-2240. (CVE-2010-3858)

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L)
implementation in the Linux kernel before 2.6.36 on 64-bit platforms
does not validate the destination of a memory copy operation, which
allows local users to write to arbitrary kernel memory locations,
and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a
/dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this
device. (CVE-2010-2963)

Integer overflow in the do_io_submit function in fs/aio.c in the
Linux kernel before 2.6.36-rc4-next-20100915 allows local users to
cause a denial of service or possibly have unspecified other impact
via crafted use of the io_submit system call. (CVE-2010-3067)

Multiple integer overflows in the snd_ctl_new function
in sound/core/control.c in the Linux kernel before
2.6.36-rc5-next-20100929 allow local users to cause a denial of
service (heap memory corruption) or possibly have unspecified
other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2)
SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. (CVE-2010-3442)

A kernel stack overflow, a bad pointer dereference and a missing
permission check were corrected in the econet implementation
(CVE-2010-3848) (CVE-2010-3849) (CVE-2010-3850).

Additionally, the kernel has been updated to the stable upstream
version 2.6.27.56.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Affected: 2009.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:257

Risk factor : High

CVSS Score:
7.2

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-2240
1024344
http://securitytracker.com/id?1024344
20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
http://www.securityfocus.com/archive/1/517739/100/0/threaded
DSA-2094
http://www.debian.org/security/2010/dsa-2094
MDVSA-2010:172
http://www.mandriva.com/security/advisories?name=MDVSA-2010:172
MDVSA-2010:198
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
MDVSA-2011:051
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
RHSA-2010:0660
http://www.redhat.com/support/errata/RHSA-2010-0660.html
RHSA-2010:0661
https://rhn.redhat.com/errata/RHSA-2010-0661.html
RHSA-2010:0670
http://www.redhat.com/support/errata/RHSA-2010-0670.html
RHSA-2010:0882
http://www.redhat.com/support/errata/RHSA-2010-0882.html
[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=320b2b8de12698082609ebbc1a17165727f4c893
http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2
http://www.vmware.com/security/advisories/VMSA-2011-0007.html
http://www.vmware.com/security/advisories/VMSA-2011-0009.html
https://bugzilla.redhat.com/show_bug.cgi?id=606611
oval:org.mitre.oval:def:13247
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247
Common Vulnerability Exposure (CVE) ID: CVE-2010-3858
15619
http://www.exploit-db.com/exploits/15619
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
http://www.securityfocus.com/archive/1/520102/100/0/threaded
42758
http://secunia.com/advisories/42758
42789
http://secunia.com/advisories/42789
44301
http://www.securityfocus.com/bid/44301
46397
http://secunia.com/advisories/46397
ADV-2011-0024
http://www.vupen.com/english/advisories/2011/0024
ADV-2011-0070
http://www.vupen.com/english/advisories/2011/0070
DSA-2126
http://www.debian.org/security/2010/dsa-2126
MDVSA-2010:257
http://www.mandriva.com/security/advisories?name=MDVSA-2010:257
RHSA-2010:0958
http://www.redhat.com/support/errata/RHSA-2010-0958.html
RHSA-2011:0004
http://www.redhat.com/support/errata/RHSA-2011-0004.html
USN-1041-1
http://www.ubuntu.com/usn/USN-1041-1
[oss-security] 20101021 CVE request: kernel: setup_arg_pages: diagnose excessive argument size
http://www.openwall.com/lists/oss-security/2010/10/21/1
[oss-security] 20101022 Re: CVE request: kernel: setup_arg_pages: diagnose excessive argument size
http://www.openwall.com/lists/oss-security/2010/10/22/4
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1b528181b2ffa14721fb28ad1bd539fe1732c583
http://grsecurity.net/~spender/64bit_dos.c
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=645222
Common Vulnerability Exposure (CVE) ID: CVE-2010-2963
BugTraq ID: 44242
http://www.securityfocus.com/bid/44242
Debian Security Information: DSA-2126 (Google Search)
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html
http://www.outflux.net/blog/archives/2010/10/19/cve-2010-2963-v4l-compat-exploit/
http://www.securitytracker.com/id?1024710
http://secunia.com/advisories/42745
SuSE Security Announcement: SUSE-SA:2010:053 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html
SuSE Security Announcement: SUSE-SA:2010:057 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html
http://www.ubuntu.com/usn/USN-1000-1
http://www.vupen.com/english/advisories/2010/3321
Common Vulnerability Exposure (CVE) ID: CVE-2010-3067
42778
http://secunia.com/advisories/42778
42801
http://secunia.com/advisories/42801
42890
http://secunia.com/advisories/42890
43291
http://secunia.com/advisories/43291
ADV-2011-0012
http://www.vupen.com/english/advisories/2011/0012
ADV-2011-0298
http://www.vupen.com/english/advisories/2011/0298
ADV-2011-0375
http://www.vupen.com/english/advisories/2011/0375
MDVSA-2011:029
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
RHSA-2010:0758
http://www.redhat.com/support/errata/RHSA-2010-0758.html
RHSA-2010:0779
http://www.redhat.com/support/errata/RHSA-2010-0779.html
RHSA-2010:0839
http://www.redhat.com/support/errata/RHSA-2010-0839.html
RHSA-2011:0007
http://www.redhat.com/support/errata/RHSA-2011-0007.html
SUSE-SA:2010:060
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
SUSE-SA:2011:001
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html
SUSE-SA:2011:002
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html
SUSE-SA:2011:007
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
SUSE-SA:2011:008
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
USN-1000-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=75e1c70fc31490ef8a373ea2a4bea2524099b478
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc4-next-20100915.bz2
https://bugzilla.redhat.com/show_bug.cgi?id=629441
kernel-doiosubmit-dos(61884)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61884
Common Vulnerability Exposure (CVE) ID: CVE-2010-3442
42400
http://secunia.com/advisories/42400
42745
43787
http://www.securityfocus.com/bid/43787
ADV-2010-3113
http://www.vupen.com/english/advisories/2010/3113
ADV-2010-3321
FEDORA-2010-18983
RHSA-2010:0842
http://www.redhat.com/support/errata/RHSA-2010-0842.html
RHSA-2010:0936
http://www.redhat.com/support/errata/RHSA-2010-0936.html
[oss-security] 20100929 CVE request - kernel: prevent heap corruption in snd_ctl_new()
http://www.openwall.com/lists/oss-security/2010/09/29/2
[oss-security] 20100929 Re: CVE request - kernel: prevent heap corruption in snd_ctl_new()
http://www.openwall.com/lists/oss-security/2010/09/29/3
http://www.openwall.com/lists/oss-security/2010/09/29/4
http://www.openwall.com/lists/oss-security/2010/09/29/9
http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=5591bf07225523600450edd9e6ad258bb877b779
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc5-next-20100928.bz2
https://bugzilla.redhat.com/show_bug.cgi?id=638478
Common Vulnerability Exposure (CVE) ID: CVE-2010-3848
43056
http://secunia.com/advisories/43056
ADV-2011-0213
http://www.vupen.com/english/advisories/2011/0213
SUSE-SA:2011:005
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html
USN-1023-1
http://www.ubuntu.com/usn/USN-1023-1
[oss-security] 20101129 kernel: Multiple vulnerabilities in AF_ECONET
http://openwall.com/lists/oss-security/2010/11/30/1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a27e13d370415add3487949c60810e36069a23a6
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2
https://bugzilla.redhat.com/show_bug.cgi?id=644156
Common Vulnerability Exposure (CVE) ID: CVE-2010-3849
20101207 Linux kernel exploit
http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96
Common Vulnerability Exposure (CVE) ID: CVE-2010-3850
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16c41745c7b92a243d0874f534c1655196c64b74
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.