English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.71926
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2010:0670
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0670.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* When an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could cause an application to execute arbitrary code,
possibly leading to privilege escalation. It is known that the X Window
System server can be used to trigger this flaw. (CVE-2010-2240, Important)

* A miscalculation of the size of the free space of the initial directory
entry in a directory leaf block was found in the Linux kernel Global File
System 2 (GFS2) implementation. A local, unprivileged user with write
access to a GFS2-mounted file system could perform a rename operation on
that file system to trigger a NULL pointer dereference, possibly resulting
in a denial of service or privilege escalation. (CVE-2010-2798, Important)

Red Hat would like to thank the X.Org security team for reporting
CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as the original
reporter
and Grant Diffey of CenITex for reporting CVE-2010-2798.

This update also fixes the following bugs:

* Problems receiving network traffic correctly via a non-standard layer 3
protocol when using the ixgbe driver. This update corrects this issue.
(BZ#618275)

* A bug was found in the way the megaraid_sas driver (for SAS based RAID
controllers) handled physical disks and management IOCTLs. All physical
disks were exported to the disk layer, allowing an oops in
megasas_complete_cmd_dpc() when completing the IOCTL command if a timeout
occurred. One possible trigger for this bug was running mkfs. This update
resolves this issue by updating the megaraid_sas driver to version 4.31.
(BZ#619363)

* Previously, Message Signaled Interrupts (MSI) resulted in PCI bus writes
to mask and unmask the MSI IRQ for a PCI device. These unnecessary PCI bus
writes resulted in the serialization of MSIs, leading to poor performance
on systems with high MSI load. This update adds a new kernel boot
parameter, msi_nolock, which forgoes the PCI bus writes and allows for
better simultaneous processing of MSIs. (BZ#621939)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0670.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2240
1024344
http://securitytracker.com/id?1024344
20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
http://www.securityfocus.com/archive/1/517739/100/0/threaded
DSA-2094
http://www.debian.org/security/2010/dsa-2094
MDVSA-2010:172
http://www.mandriva.com/security/advisories?name=MDVSA-2010:172
MDVSA-2010:198
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
MDVSA-2011:051
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
RHSA-2010:0660
http://www.redhat.com/support/errata/RHSA-2010-0660.html
RHSA-2010:0661
https://rhn.redhat.com/errata/RHSA-2010-0661.html
RHSA-2010:0670
http://www.redhat.com/support/errata/RHSA-2010-0670.html
RHSA-2010:0882
http://www.redhat.com/support/errata/RHSA-2010-0882.html
[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=320b2b8de12698082609ebbc1a17165727f4c893
http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.52
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.19
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.4
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2
http://www.vmware.com/security/advisories/VMSA-2011-0007.html
http://www.vmware.com/security/advisories/VMSA-2011-0009.html
https://bugzilla.redhat.com/show_bug.cgi?id=606611
oval:org.mitre.oval:def:13247
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247
Common Vulnerability Exposure (CVE) ID: CVE-2010-2798
1024386
http://securitytracker.com/id?1024386
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
http://www.securityfocus.com/archive/1/520102/100/0/threaded
42124
http://www.securityfocus.com/bid/42124
46397
http://secunia.com/advisories/46397
RHSA-2010:0723
http://www.redhat.com/support/errata/RHSA-2010-0723.html
SUSE-SA:2010:040
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
SUSE-SA:2010:054
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
USN-1000-1
http://www.ubuntu.com/usn/USN-1000-1
[oss-security] 20100802 CVE request: kernel: gfs2: rename cases kernel panic
http://www.openwall.com/lists/oss-security/2010/08/02/1
[oss-security] 20100802 Re: CVE request: kernel: gfs2: rename cases kernel panic
http://www.openwall.com/lists/oss-security/2010/08/02/10
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=728a756b8fcd22d80e2dbba8117a8a3aafd3f203
http://support.avaya.com/css/P8/documents/100113326
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=620300
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.