English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 134041 CVE Beschreibungen
und 69903 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.70887
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu USN-1170-1 (linux-image-2.6.24-29-386)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to linux-image-2.6.24-29-386
announced via advisory USN-1170-1.

Details:

Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)

It was discovered that Xen did not correctly handle certain block requests.
A local attacker in a Xen guest could cause the Xen host to use all
available CPU resources, leading to a denial of service. (CVE-2010-4247)

It was discovered that the ICMP stack did not correctly handle certain
unreachable messages. If a remote attacker were able to acquire a socket
lock, they could send specially crafted traffic that would crash the
system, leading to a denial of service. (CVE-2010-4526)

Kees Cook reported that /proc/pid/stat did not correctly filter certain
memory locations. A local attacker could determine the memory layout of
processes in an attempt to increase the chances of a successful memory
corruption exploit. (CVE-2011-0726)

Timo Warns discovered that OSF partition parsing routines did not correctly
clear memory. A local attacker with physical access could plug in a
specially crafted block device to read kernel memory, leading to a loss of
privacy. (CVE-2011-1163)

Timo Warns discovered that the GUID partition parsing routines did not
correctly validate certain structures. A local attacker with physical
access could plug in a specially crafted block device to crash the system,
leading to a denial of service. (CVE-2011-1577)

Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl
values. A local attacker with access to the video subsystem could exploit
this to crash the system, leading to a denial of service, or possibly gain
root privileges. (CVE-2011-1745, CVE-2011-2022)

Vasiliy Kulikov discovered that the AGP driver did not check the size of
certain memory allocations. A local attacker with access to the video
subsystem could exploit this to run the system out of memory, leading to a
denial of service. (CVE-2011-1746, CVE-2011-1747)

Solution:
The problem can be corrected by updating your system to the following
package versions:

Ubuntu 8.04 LTS:
linux-image-2.6.24-29-386 2.6.24-29.91
linux-image-2.6.24-29-generic 2.6.24-29.91
linux-image-2.6.24-29-hppa32 2.6.24-29.91
linux-image-2.6.24-29-hppa64 2.6.24-29.91
linux-image-2.6.24-29-itanium 2.6.24-29.91
linux-image-2.6.24-29-lpia 2.6.24-29.91
linux-image-2.6.24-29-lpiacompat 2.6.24-29.91
linux-image-2.6.24-29-mckinley 2.6.24-29.91
linux-image-2.6.24-29-openvz 2.6.24-29.91
linux-image-2.6.24-29-powerpc 2.6.24-29.91
linux-image-2.6.24-29-powerpc-smp 2.6.24-29.91
linux-image-2.6.24-29-powerpc64-smp 2.6.24-29.91
linux-image-2.6.24-29-rt 2.6.24-29.91
linux-image-2.6.24-29-server 2.6.24-29.91
linux-image-2.6.24-29-sparc64 2.6.24-29.91
linux-image-2.6.24-29-sparc64-smp 2.6.24-29.91
linux-image-2.6.24-29-virtual 2.6.24-29.91
linux-image-2.6.24-29-xen 2.6.24-29.91

http://www.securityspace.com/smysecure/catid.html?in=USN-1170-1

CVSS Score:
7.1

CVSS Vector:
AV:L/AC:H/Au:NR/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-4076
http://lkml.org/lkml/2010/9/15/389
http://www.openwall.com/lists/oss-security/2010/09/25/2
http://www.openwall.com/lists/oss-security/2010/10/07/1
http://www.openwall.com/lists/oss-security/2010/10/06/6
http://www.openwall.com/lists/oss-security/2010/10/25/3
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862
Common Vulnerability Exposure (CVE) ID: CVE-2010-4077
http://lkml.indiana.edu/hypermail//linux/kernel/1009.1/03387.html
http://www.redhat.com/support/errata/RHSA-2010-0958.html
http://www.redhat.com/support/errata/RHSA-2011-0007.html
BugTraq ID: 45059
http://www.securityfocus.com/bid/45059
http://secunia.com/advisories/42890
http://securityreason.com/securityalert/8129
Common Vulnerability Exposure (CVE) ID: CVE-2010-4247
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/archive/1/520102/100/0/threaded
http://www.openwall.com/lists/oss-security/2010/11/23/1
http://www.openwall.com/lists/oss-security/2010/11/24/8
http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c
http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d
http://www.redhat.com/support/errata/RHSA-2011-0004.html
BugTraq ID: 45029
http://www.securityfocus.com/bid/45029
http://secunia.com/advisories/35093
http://secunia.com/advisories/42789
http://secunia.com/advisories/46397
http://www.vupen.com/english/advisories/2011/0024
Common Vulnerability Exposure (CVE) ID: CVE-2010-4526
http://www.openwall.com/lists/oss-security/2011/01/04/3
http://www.openwall.com/lists/oss-security/2011/01/04/13
http://www.redhat.com/support/errata/RHSA-2011-0163.html
BugTraq ID: 45661
http://www.securityfocus.com/bid/45661
http://secunia.com/advisories/42964
http://www.vupen.com/english/advisories/2011/0169
XForce ISS Database: kernel-icmp-message-dos(64616)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64616
Common Vulnerability Exposure (CVE) ID: CVE-2011-0726
https://lkml.org/lkml/2011/3/11/380
http://www.spinics.net/lists/mm-commits/msg82726.html
RedHat Security Advisories: RHSA-2011:0833
http://rhn.redhat.com/errata/RHSA-2011-0833.html
BugTraq ID: 47791
http://www.securityfocus.com/bid/47791
Common Vulnerability Exposure (CVE) ID: CVE-2011-1163
Bugtraq: 20110317 [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel (Google Search)
http://www.securityfocus.com/archive/1/517050
http://www.spinics.net/lists/mm-commits/msg82737.html
http://openwall.com/lists/oss-security/2011/03/15/9
http://openwall.com/lists/oss-security/2011/03/15/14
http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
BugTraq ID: 46878
http://www.securityfocus.com/bid/46878
http://securitytracker.com/id?1025225
http://securityreason.com/securityalert/8189
Common Vulnerability Exposure (CVE) ID: CVE-2011-1577
Bugtraq: 20110413 [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/517477/100/0/threaded
http://www.spinics.net/lists/mm-commits/msg83274.html
http://openwall.com/lists/oss-security/2011/04/12/17
http://openwall.com/lists/oss-security/2011/04/13/1
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html
BugTraq ID: 47343
http://www.securityfocus.com/bid/47343
http://securitytracker.com/id?1025355
http://securityreason.com/securityalert/8238
XForce ISS Database: kernel-guid-dos(66773)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66773
Common Vulnerability Exposure (CVE) ID: CVE-2011-1745
https://lkml.org/lkml/2011/4/14/293
http://openwall.com/lists/oss-security/2011/04/21/4
http://openwall.com/lists/oss-security/2011/04/22/7
RedHat Security Advisories: RHSA-2011:0927
http://rhn.redhat.com/errata/RHSA-2011-0927.html
BugTraq ID: 47534
http://www.securityfocus.com/bid/47534
Common Vulnerability Exposure (CVE) ID: CVE-2011-2022
BugTraq ID: 47843
http://www.securityfocus.com/bid/47843
Common Vulnerability Exposure (CVE) ID: CVE-2011-1746
https://lkml.org/lkml/2011/4/14/294
https://lkml.org/lkml/2011/4/19/400
BugTraq ID: 47535
http://www.securityfocus.com/bid/47535
Common Vulnerability Exposure (CVE) ID: CVE-2011-1747
http://openwall.com/lists/oss-security/2011/04/22/8
http://openwall.com/lists/oss-security/2011/04/22/9
http://openwall.com/lists/oss-security/2011/04/22/11
http://openwall.com/lists/oss-security/2011/04/22/10
BugTraq ID: 47832
http://www.securityfocus.com/bid/47832
http://securitytracker.com/id?1025441
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 69903 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2018 E-Soft Inc. Alle Rechte vorbehalten.