Red Hat Local Security Checks : RedHat Security Advisory RHSA-2010:0998

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68714

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2010:0998

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2010:0998.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.

It was found that some structure padding and reserved fields in certain
data structures in QEMU-KVM were not initialized properly before being
copied to user-space. A privileged host user with access to /dev/kvm
could use this flaw to leak kernel stack memory to user-space.
(CVE-2010-3881)

Red Hat would like to thank Vasiliy Kulikov for reporting this issue.

All KVM users should upgrade to these updated packages, which contain
backported patches to correct these issues. Note: The procedure in the
Solution section must be performed before this update will take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0998.html

Risk factor : Low

CVSS Score:
1.9

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3881
1024912
http://securitytracker.com/id?1024912
42932
http://secunia.com/advisories/42932
44666
http://www.securityfocus.com/bid/44666
ADV-2010-3287
http://www.vupen.com/english/advisories/2010/3287
ADV-2011-0124
http://www.vupen.com/english/advisories/2011/0124
ADV-2011-0298
http://www.vupen.com/english/advisories/2011/0298
RHSA-2010:0998
http://rhn.redhat.com/errata/RHSA-2010-0998.html
SUSE-SA:2011:004
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html
SUSE-SA:2011:007
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
[kvm] 20101030 [patch v2] x86: kvm: x86: fix information leak to userland
http://www.spinics.net/lists/kvm/msg44130.html
[oss-security] 20101104 CVE request: kernel: kvm kernel stack leakage
http://openwall.com/lists/oss-security/2010/11/04/10
[oss-security] 20101105 Re: CVE request: kernel: kvm kernel stack leakage
http://openwall.com/lists/oss-security/2010/11/05/4
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97e69aa62f8b5d338d6cff49be09e37cc1262838
http://git.kernel.org/?p=virt/kvm/kvm.git%3Ba=commit%3Bh=831d9d02f9522e739825a51a11e3bc5aa531a905
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2
https://bugzilla.redhat.com/show_bug.cgi?id=649920

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68714
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0998
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0998. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that some structure padding and reserved fields in certain data structures in QEMU-KVM were not initialized properly before being copied to user-space. A privileged host user with access to /dev/kvm could use this flaw to leak kernel stack memory to user-space. (CVE-2010-3881) Red Hat would like to thank Vasiliy Kulikov for reporting this issue. All KVM users should upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0998.html Risk factor : Low CVSS Score: 1.9
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3881 1024912 http://securitytracker.com/id?1024912 42932 http://secunia.com/advisories/42932 44666 http://www.securityfocus.com/bid/44666 ADV-2010-3287 http://www.vupen.com/english/advisories/2010/3287 ADV-2011-0124 http://www.vupen.com/english/advisories/2011/0124 ADV-2011-0298 http://www.vupen.com/english/advisories/2011/0298 RHSA-2010:0998 http://rhn.redhat.com/errata/RHSA-2010-0998.html SUSE-SA:2011:004 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html SUSE-SA:2011:007 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html [kvm] 20101030 [patch v2] x86: kvm: x86: fix information leak to userland http://www.spinics.net/lists/kvm/msg44130.html [oss-security] 20101104 CVE request: kernel: kvm kernel stack leakage http://openwall.com/lists/oss-security/2010/11/04/10 [oss-security] 20101105 Re: CVE request: kernel: kvm kernel stack leakage http://openwall.com/lists/oss-security/2010/11/05/4 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97e69aa62f8b5d338d6cff49be09e37cc1262838 http://git.kernel.org/?p=virt/kvm/kvm.git%3Ba=commit%3Bh=831d9d02f9522e739825a51a11e3bc5aa531a905 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 https://bugzilla.redhat.com/show_bug.cgi?id=649920
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com