English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 72022 Descripciones CVE y
38680 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.70887
Categoría:Ubuntu Local Security Checks
Título:Ubuntu USN-1170-1 (linux-image-2.6.24-29-386)
Resumen:Ubuntu USN-1170-1 (linux-image-2.6.24-29-386)
Descripción:The remote host is missing an update to linux-image-2.6.24-29-386
announced via advisory USN-1170-1.

Details:

Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4076, CVE-2010-4077)

It was discovered that Xen did not correctly handle certain block requests.
A local attacker in a Xen guest could cause the Xen host to use all
available CPU resources, leading to a denial of service. (CVE-2010-4247)

It was discovered that the ICMP stack did not correctly handle certain
unreachable messages. If a remote attacker were able to acquire a socket
lock, they could send specially crafted traffic that would crash the
system, leading to a denial of service. (CVE-2010-4526)

Kees Cook reported that /proc/pid/stat did not correctly filter certain
memory locations. A local attacker could determine the memory layout of
processes in an attempt to increase the chances of a successful memory
corruption exploit. (CVE-2011-0726)

Timo Warns discovered that OSF partition parsing routines did not correctly
clear memory. A local attacker with physical access could plug in a
specially crafted block device to read kernel memory, leading to a loss of
privacy. (CVE-2011-1163)

Timo Warns discovered that the GUID partition parsing routines did not
correctly validate certain structures. A local attacker with physical
access could plug in a specially crafted block device to crash the system,
leading to a denial of service. (CVE-2011-1577)

Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl
values. A local attacker with access to the video subsystem could exploit
this to crash the system, leading to a denial of service, or possibly gain
root privileges. (CVE-2011-1745, CVE-2011-2022)

Vasiliy Kulikov discovered that the AGP driver did not check the size of
certain memory allocations. A local attacker with access to the video
subsystem could exploit this to run the system out of memory, leading to a
denial of service. (CVE-2011-1746, CVE-2011-1747)

Solution:
The problem can be corrected by updating your system to the following
package versions:

Ubuntu 8.04 LTS:
linux-image-2.6.24-29-386 2.6.24-29.91
linux-image-2.6.24-29-generic 2.6.24-29.91
linux-image-2.6.24-29-hppa32 2.6.24-29.91
linux-image-2.6.24-29-hppa64 2.6.24-29.91
linux-image-2.6.24-29-itanium 2.6.24-29.91
linux-image-2.6.24-29-lpia 2.6.24-29.91
linux-image-2.6.24-29-lpiacompat 2.6.24-29.91
linux-image-2.6.24-29-mckinley 2.6.24-29.91
linux-image-2.6.24-29-openvz 2.6.24-29.91
linux-image-2.6.24-29-powerpc 2.6.24-29.91
linux-image-2.6.24-29-powerpc-smp 2.6.24-29.91
linux-image-2.6.24-29-powerpc64-smp 2.6.24-29.91
linux-image-2.6.24-29-rt 2.6.24-29.91
linux-image-2.6.24-29-server 2.6.24-29.91
linux-image-2.6.24-29-sparc64 2.6.24-29.91
linux-image-2.6.24-29-sparc64-smp 2.6.24-29.91
linux-image-2.6.24-29-virtual 2.6.24-29.91
linux-image-2.6.24-29-xen 2.6.24-29.91

http://www.securityspace.com/smysecure/catid.html?in=USN-1170-1
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4076
http://lkml.org/lkml/2010/9/15/389
http://www.openwall.com/lists/oss-security/2010/09/25/2
http://www.openwall.com/lists/oss-security/2010/10/07/1
http://www.openwall.com/lists/oss-security/2010/10/06/6
http://www.openwall.com/lists/oss-security/2010/10/25/3
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862
Common Vulnerability Exposure (CVE) ID: CVE-2010-4077
http://lkml.indiana.edu/hypermail//linux/kernel/1009.1/03387.html
http://www.redhat.com/support/errata/RHSA-2010-0958.html
http://www.redhat.com/support/errata/RHSA-2011-0007.html
BugTraq ID: 45059
http://www.securityfocus.com/bid/45059
http://secunia.com/advisories/42890
http://securityreason.com/securityalert/8129
Common Vulnerability Exposure (CVE) ID: CVE-2010-4247
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/archive/1/520102/100/0/threaded
http://www.openwall.com/lists/oss-security/2010/11/23/1
http://www.openwall.com/lists/oss-security/2010/11/24/8
http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c
http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d
http://www.redhat.com/support/errata/RHSA-2011-0004.html
BugTraq ID: 45029
http://www.securityfocus.com/bid/45029
http://secunia.com/advisories/35093
http://secunia.com/advisories/42789
http://secunia.com/advisories/46397
http://www.vupen.com/english/advisories/2011/0024
Common Vulnerability Exposure (CVE) ID: CVE-2010-4526
http://www.openwall.com/lists/oss-security/2011/01/04/3
http://www.openwall.com/lists/oss-security/2011/01/04/13
http://www.redhat.com/support/errata/RHSA-2011-0163.html
BugTraq ID: 45661
http://www.securityfocus.com/bid/45661
http://secunia.com/advisories/42964
http://www.vupen.com/english/advisories/2011/0169
XForce ISS Database: kernel-icmp-message-dos(64616)
http://xforce.iss.net/xforce/xfdb/64616
Common Vulnerability Exposure (CVE) ID: CVE-2011-0726
https://lkml.org/lkml/2011/3/11/380
http://www.spinics.net/lists/mm-commits/msg82726.html
RedHat Security Advisories: RHSA-2011:0833
http://rhn.redhat.com/errata/RHSA-2011-0833.html
BugTraq ID: 47791
http://www.securityfocus.com/bid/47791
Common Vulnerability Exposure (CVE) ID: CVE-2011-1163
Bugtraq: 20110317 [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel (Google Search)
http://www.securityfocus.com/archive/1/517050
http://www.spinics.net/lists/mm-commits/msg82737.html
http://openwall.com/lists/oss-security/2011/03/15/9
http://openwall.com/lists/oss-security/2011/03/15/14
http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt
BugTraq ID: 46878
http://www.securityfocus.com/bid/46878
http://securitytracker.com/id?1025225
http://securityreason.com/securityalert/8189
Common Vulnerability Exposure (CVE) ID: CVE-2011-1577
Bugtraq: 20110413 [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/517477/100/0/threaded
http://www.spinics.net/lists/mm-commits/msg83274.html
http://openwall.com/lists/oss-security/2011/04/12/17
http://openwall.com/lists/oss-security/2011/04/13/1
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html
BugTraq ID: 47343
http://www.securityfocus.com/bid/47343
http://securitytracker.com/id?1025355
http://securityreason.com/securityalert/8238
XForce ISS Database: kernel-guid-dos(66773)
http://xforce.iss.net/xforce/xfdb/66773
Common Vulnerability Exposure (CVE) ID: CVE-2011-1745
https://lkml.org/lkml/2011/4/14/293
http://openwall.com/lists/oss-security/2011/04/21/4
http://openwall.com/lists/oss-security/2011/04/22/7
RedHat Security Advisories: RHSA-2011:0927
http://rhn.redhat.com/errata/RHSA-2011-0927.html
BugTraq ID: 47534
http://www.securityfocus.com/bid/47534
Common Vulnerability Exposure (CVE) ID: CVE-2011-2022
BugTraq ID: 47843
http://www.securityfocus.com/bid/47843
Common Vulnerability Exposure (CVE) ID: CVE-2011-1746
https://lkml.org/lkml/2011/4/14/294
https://lkml.org/lkml/2011/4/19/400
BugTraq ID: 47535
http://www.securityfocus.com/bid/47535
Common Vulnerability Exposure (CVE) ID: CVE-2011-1747
http://openwall.com/lists/oss-security/2011/04/22/8
http://openwall.com/lists/oss-security/2011/04/22/9
http://openwall.com/lists/oss-security/2011/04/22/11
http://openwall.com/lists/oss-security/2011/04/22/10
BugTraq ID: 47832
http://www.securityfocus.com/bid/47832
http://securitytracker.com/id?1025441
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 38680 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.