English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.67087
Categoría:Mandrake Local Security Checks
Título:Mandriva Security Advisory MDVSA-2010:066 (kernel)
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing an update to kernel
announced via advisory MDVSA-2010:066.

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The gfs2_lock function in the Linux kernel before
2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux
kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly
remove POSIX locks on files that are setgid without group-execute
permission, which allows local users to cause a denial of service
(BUG and system crash) by locking a file on a (1) GFS or (2) GFS2
filesystem, and then changing this file's permissions. (CVE-2010-0727)

The do_pages_move function in mm/migrate.c in the Linux kernel before
2.6.33-rc7 does not validate node values, which allows local users
to read arbitrary kernel memory locations, cause a denial of service
(OOPS), and possibly have unspecified other impact by specifying a
node that is not part of the kernel's node set. (CVE-2010-0415)

drivers/net/e1000e/netdev.c in the e1000e driver in the Linux
kernel 2.6.32.3 and earlier does not properly check the size of an
Ethernet frame that exceeds the MTU, which allows remote attackers
to have an unspecified impact via crafted packets, a related issue
to CVE-2009-4537. (CVE-2009-4538)

The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel
before 2.6.32.8 on the x86_64 platform does not ensure that the
ELF interpreter is available before a call to the SET_PERSONALITY
macro, which allows local users to cause a denial of service (system
crash) via a 32-bit application that attempts to execute a 64-bit
application and then triggers a segmentation fault, as demonstrated by
amd64_killer, related to the flush_old_exec function. (CVE-2010-0307)

Aditionally, it was added support for some backlight models used in
Samsung laptops and fixes to detect Saitek X52 joysticks.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Affected: 2010.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:066

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0727
1023809
http://securitytracker.com/id?1023809
39830
http://secunia.com/advisories/39830
DSA-2053
http://www.debian.org/security/2010/dsa-2053
MDVSA-2010:066
http://www.mandriva.com/security/advisories?name=MDVSA-2010:066
RHSA-2010:0330
http://www.redhat.com/support/errata/RHSA-2010-0330.html
RHSA-2010:0380
http://www.redhat.com/support/errata/RHSA-2010-0380.html
RHSA-2010:0521
http://www.redhat.com/support/errata/RHSA-2010-0521.html
[linux-kernel] 20100311 [PATCH 3/3] GFS2: Skip check for mandatory locks when unlocking
http://lkml.org/lkml/2010/3/11/269
[oss-security] 20100312 CVE-2010-0727 kernel: gfs/gfs2 locking code DoS flaw
http://www.openwall.com/lists/oss-security/2010/03/12/1
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2
https://bugzilla.redhat.com/show_bug.cgi?id=570863
oval:org.mitre.oval:def:11392
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11392
Common Vulnerability Exposure (CVE) ID: CVE-2010-0415
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.securityfocus.com/archive/1/516397/100/0/threaded
38144
http://www.securityfocus.com/bid/38144
38492
http://secunia.com/advisories/38492
38557
http://secunia.com/advisories/38557
38779
http://secunia.com/advisories/38779
38922
http://secunia.com/advisories/38922
39033
http://secunia.com/advisories/39033
43315
http://secunia.com/advisories/43315
ADV-2010-0638
http://www.vupen.com/english/advisories/2010/0638
DSA-1996
http://www.debian.org/security/2010/dsa-1996
DSA-2005
http://www.debian.org/security/2010/dsa-2005
FEDORA-2010-1787
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html
FEDORA-2010-1804
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035070.html
MDVSA-2010:198
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
RHSA-2010:0147
http://www.redhat.com/support/errata/RHSA-2010-0147.html
RHSA-2010:0161
http://www.redhat.com/support/errata/RHSA-2010-0161.html
SUSE-SA:2010:014
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html
SUSE-SA:2010:018
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html
USN-914-1
http://www.ubuntu.com/usn/USN-914-1
[oss-security] 20100207 CVE request: information leak / potential crash in sys_move_pages
http://www.openwall.com/lists/oss-security/2010/02/07/1
[oss-security] 20100207 Re: CVE request: information leak / potential crash in sys_move_pages
http://www.openwall.com/lists/oss-security/2010/02/07/2
[oss-security] 20100208 Re: CVE request: information leak / potential crash in sys_move_pages
http://www.openwall.com/lists/oss-security/2010/02/08/2
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f5a55f1a6c5abee15a0e878e5c74d9f1569b8b0
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.33-rc7
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://bugzilla.redhat.com/show_bug.cgi?id=562582
oval:org.mitre.oval:def:9399
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9399
Common Vulnerability Exposure (CVE) ID: CVE-2009-4537
BugTraq ID: 37521
http://www.securityfocus.com/bid/37521
Debian Security Information: DSA-2053 (Google Search)
http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
http://twitter.com/dakami/statuses/7104238406
http://marc.info/?l=linux-netdev&m=126202972828626&w=2
http://www.openwall.com/lists/oss-security/2009/12/28/1
http://www.openwall.com/lists/oss-security/2009/12/29/2
http://www.openwall.com/lists/oss-security/2009/12/31/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439
http://www.redhat.com/support/errata/RHSA-2010-0019.html
http://www.redhat.com/support/errata/RHSA-2010-0020.html
http://www.redhat.com/support/errata/RHSA-2010-0041.html
http://www.redhat.com/support/errata/RHSA-2010-0053.html
RedHat Security Advisories: RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://www.redhat.com/support/errata/RHSA-2010-0111.html
http://securitytracker.com/id?1023419
http://secunia.com/advisories/38031
http://secunia.com/advisories/38610
http://secunia.com/advisories/39742
http://secunia.com/advisories/40645
SuSE Security Announcement: SUSE-SA:2010:023 (Google Search)
http://www.novell.com/linux/security/advisories/2010_23_kernel.html
SuSE Security Announcement: SUSE-SA:2010:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
http://www.vupen.com/english/advisories/2010/1857
XForce ISS Database: kernel-r8169-dos(55647)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55647
Common Vulnerability Exposure (CVE) ID: CVE-2009-4538
BugTraq ID: 37523
http://www.securityfocus.com/bid/37523
Debian Security Information: DSA-1996 (Google Search)
Debian Security Information: DSA-2005 (Google Search)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7016
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9702
http://securitytracker.com/id?1023420
http://secunia.com/advisories/38276
http://secunia.com/advisories/38296
SuSE Security Announcement: SUSE-SA:2010:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
SuSE Security Announcement: SUSE-SA:2010:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html
SuSE Security Announcement: SUSE-SA:2010:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html
SuSE Security Announcement: SUSE-SA:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
SuSE Security Announcement: SUSE-SA:2010:014 (Google Search)
XForce ISS Database: kernel-edriver-unspecified(55645)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55645
Common Vulnerability Exposure (CVE) ID: CVE-2010-0307
38027
http://www.securityfocus.com/bid/38027
39649
http://secunia.com/advisories/39649
RHSA-2010:0146
https://rhn.redhat.com/errata/RHSA-2010-0146.html
RHSA-2010:0398
http://www.redhat.com/support/errata/RHSA-2010-0398.html
RHSA-2010:0771
http://www.redhat.com/support/errata/RHSA-2010-0771.html
[linux-mm] 20100128 DoS on x86_64
http://marc.info/?l=linux-mm&m=126466407724382&w=2
[oss-security] 20100201 CVE request - kernel: DoS on x86_64
http://www.openwall.com/lists/oss-security/2010/02/01/1
[oss-security] 20100201 Re: CVE request - kernel: DoS on x86_64
http://www.openwall.com/lists/oss-security/2010/02/01/5
[oss-security] 20100203 Re: CVE request - kernel: DoS on x86_64
http://www.openwall.com/lists/oss-security/2010/02/04/1
[oss-security] 20100204 Re: CVE request - kernel: DoS on x86_64
http://www.openwall.com/lists/oss-security/2010/02/04/9
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=221af7f87b97431e3ee21ce4b0e77d5411cf1549
http://marc.info/?t=126466700200002&r=1&w=2
http://support.avaya.com/css/P8/documents/100088287
http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of%2C20100202%2C15754.html
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8
https://bugzilla.redhat.com/show_bug.cgi?id=560547
oval:org.mitre.oval:def:10870
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10870
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.