Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.831331
Categoría:Mandrake Local Security Checks
Título:Mandriva Update for kernel MDVSA-2011:029 (kernel)
Resumen:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability was discovered and corrected in the Linux 2.6 kernel:
The X.25 implementation does not properly parse facilities, which
allows remote attackers to cause a denial of service (heap memory
corruption and panic) or possibly have
unspecified other impact via malformed data, a different vulnerability
than CVE-2010-4164. (CVE-2010-3873)

The bcm_connect function Broadcast Manager in the Controller Area
Network (CAN) implementation in the Linux creates a publicly accessible
file with a filename containing a kernel memory address, which allows
local users to obtain potentially sensitive information about kernel
memory use by listing this filename. (CVE-2010-4565)

The install_special_mapping function in mm/mmap.c does not make an
expected security_file_mmap function call, which allows local users
to bypass intended mmap_min_addr restrictions and possibly conduct
NULL pointer dereference attacks via a crafted assembly-language
application. (CVE-2010-4346)

The sk_run_filter function does not check whether a certain memory
location has been initialized before executing a BPF_S_LD_MEM
or BPF_S_LDX_MEM instruction, which allows local users to obtain
potentially sensitive information from kernel stack memory via a
crafted socket filter. (CVE-2010-4158)

Heap-based buffer overflow in the bcm_connect function the Broadcast
Manager in the Controller Area Network (CAN)on 64-bit platforms might
allow local users to cause a denial of service (memory corruption)
via a connect operation. (CVE-2010-3874)

The blk_rq_map_user_iov function in block/blk-map.c allows local
users to cause a denial of service (panic) via a zero-length I/O
request in a device ioctl to a SCSI device. (CVE-2010-4163)

Multiple integer underflows in the x25_parse_facilities function in
allow remote attackers to cause a denial of service (system crash)
via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3)
X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data. (CVE-2010-4164)

Race condition in the do_setlk function allows local users to cause a
denial of service (crash) via vectors resulting in an interrupted RPC
call that leads to a stray FL_POSIX lock, related to improper handling
of a race between fcntl and close in the EINTR case. (CVE-2009-4307)

Multiple integer overflows in fs/bio.c allow local users to cause
a denial of service (system crash) via a crafted device ioctl to a
SCSI device. (CVE-2010-4162)

Integer overflow in the ext4_ext_get_blocks function in
...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
kernel on Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
8.3

CVSS Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4164
BugTraq ID: 45055
http://www.securityfocus.com/bid/45055
Debian Security Information: DSA-2126 (Google Search)
http://www.debian.org/security/2010/dsa-2126
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
http://marc.info/?l=linux-netdev&m=128951543005554&w=2
http://openwall.com/lists/oss-security/2010/11/11/2
http://openwall.com/lists/oss-security/2010/11/12/3
http://secunia.com/advisories/42778
http://secunia.com/advisories/42801
http://secunia.com/advisories/42932
http://secunia.com/advisories/43291
SuSE Security Announcement: SUSE-SA:2010:060 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
SuSE Security Announcement: SUSE-SA:2011:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html
SuSE Security Announcement: SUSE-SA:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html
SuSE Security Announcement: SUSE-SA:2011:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html
SuSE Security Announcement: SUSE-SA:2011:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
SuSE Security Announcement: SUSE-SA:2011:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
http://www.vupen.com/english/advisories/2011/0012
http://www.vupen.com/english/advisories/2011/0124
http://www.vupen.com/english/advisories/2011/0298
http://www.vupen.com/english/advisories/2011/0375
Common Vulnerability Exposure (CVE) ID: CVE-2010-3873
http://www.spinics.net/lists/netdev/msg145786.html
http://www.spinics.net/lists/netdev/msg145873.html
http://openwall.com/lists/oss-security/2010/11/03/2
http://openwall.com/lists/oss-security/2010/11/04/3
SuSE Security Announcement: openSUSE-SU-2013:0925 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-4565
BugTraq ID: 44661
http://www.securityfocus.com/bid/44661
https://bugzilla.redhat.com/show_bug.cgi?id=664544
http://www.spinics.net/lists/netdev/msg145796.html
http://www.spinics.net/lists/netdev/msg145791.html
http://www.spinics.net/lists/netdev/msg146270.html
http://www.spinics.net/lists/netdev/msg146468.html
http://openwall.com/lists/oss-security/2010/11/03/3
http://openwall.com/lists/oss-security/2010/11/04/4
http://openwall.com/lists/oss-security/2010/12/20/2
http://openwall.com/lists/oss-security/2010/12/21/1
Common Vulnerability Exposure (CVE) ID: CVE-2010-4346
BugTraq ID: 45323
http://www.securityfocus.com/bid/45323
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/520102/100/0/threaded
https://lkml.org/lkml/2010/12/9/222
http://openwall.com/lists/oss-security/2010/12/09/13
http://openwall.com/lists/oss-security/2010/12/09/12
http://openwall.com/lists/oss-security/2010/12/10/3
http://openwall.com/lists/oss-security/2010/12/10/2
http://secunia.com/advisories/42570
http://secunia.com/advisories/46397
Common Vulnerability Exposure (CVE) ID: CVE-2010-4158
BugTraq ID: 44758
http://www.securityfocus.com/bid/44758
Bugtraq: 20101109 Kernel 0-day (Google Search)
http://www.securityfocus.com/archive/1/514705
Bugtraq: 20101118 Re: Kernel 0-day (Google Search)
http://www.securityfocus.com/archive/1/514845
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html
http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077321.html
http://www.spinics.net/lists/netdev/msg146361.html
http://www.redhat.com/support/errata/RHSA-2010-0958.html
http://www.redhat.com/support/errata/RHSA-2011-0007.html
http://www.redhat.com/support/errata/RHSA-2011-0017.html
http://www.redhat.com/support/errata/RHSA-2011-0162.html
http://secunia.com/advisories/42745
http://secunia.com/advisories/42884
http://secunia.com/advisories/42890
http://secunia.com/advisories/42963
http://www.vupen.com/english/advisories/2010/3321
http://www.vupen.com/english/advisories/2011/0168
Common Vulnerability Exposure (CVE) ID: CVE-2010-3874
http://www.spinics.net/lists/netdev/msg146469.html
http://openwall.com/lists/oss-security/2010/12/20/3
http://openwall.com/lists/oss-security/2010/12/20/4
http://openwall.com/lists/oss-security/2010/12/20/5
Common Vulnerability Exposure (CVE) ID: CVE-2010-4163
BugTraq ID: 44793
http://www.securityfocus.com/bid/44793
http://openwall.com/lists/oss-security/2010/11/10/18
http://openwall.com/lists/oss-security/2010/11/12/2
http://openwall.com/lists/oss-security/2010/11/29/1
Common Vulnerability Exposure (CVE) ID: CVE-2009-4307
http://lkml.org/lkml/2009/12/9/255
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9874
http://www.redhat.com/support/errata/RHSA-2010-0380.html
http://secunia.com/advisories/37658
http://secunia.com/advisories/38017
http://secunia.com/advisories/38276
SuSE Security Announcement: SUSE-SA:2010:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
SuSE Security Announcement: SUSE-SA:2010:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-4162
Common Vulnerability Exposure (CVE) ID: CVE-2010-3015
BugTraq ID: 42477
http://www.securityfocus.com/bid/42477
Debian Security Information: DSA-2094 (Google Search)
http://www.debian.org/security/2010/dsa-2094
http://www.mandriva.com/security/advisories?name=MDVSA-2010:172
http://www.mandriva.com/security/advisories?name=MDVSA-2010:247
http://marc.info/?l=oss-security&m=128192548904503&w=2
http://marc.info/?l=oss-security&m=128197862004376&w=2
http://marc.info/?l=oss-security&m=128201627016896&w=2
http://www.redhat.com/support/errata/RHSA-2010-0723.html
SuSE Security Announcement: SUSE-SA:2010:040 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
SuSE Security Announcement: SUSE-SA:2010:054 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
http://www.ubuntu.com/usn/USN-1000-1
http://www.vupen.com/english/advisories/2010/3117
XForce ISS Database: kernel-stacksize-dos(61156)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61156
Common Vulnerability Exposure (CVE) ID: CVE-2010-4258
http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html
http://blog.nelhage.com/2010/12/cve-2010-4258-from-dos-to-privesc/
https://lkml.org/lkml/2010/12/1/543
http://marc.info/?l=linux-kernel&m=129117048916957&w=2
http://openwall.com/lists/oss-security/2010/12/02/2
http://openwall.com/lists/oss-security/2010/12/02/7
http://openwall.com/lists/oss-security/2010/12/02/4
http://openwall.com/lists/oss-security/2010/12/02/3
http://openwall.com/lists/oss-security/2010/12/08/4
http://openwall.com/lists/oss-security/2010/12/08/5
http://openwall.com/lists/oss-security/2010/12/08/9
http://openwall.com/lists/oss-security/2010/12/09/14
http://openwall.com/lists/oss-security/2010/12/09/4
http://secunia.com/advisories/43056
SuSE Security Announcement: SUSE-SA:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html
http://www.vupen.com/english/advisories/2011/0213
Common Vulnerability Exposure (CVE) ID: CVE-2010-3875
BugTraq ID: 44630
http://www.securityfocus.com/bid/44630
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://marc.info/?l=linux-netdev&m=128854507120898&w=2
http://openwall.com/lists/oss-security/2010/11/02/7
http://openwall.com/lists/oss-security/2010/11/04/5
Common Vulnerability Exposure (CVE) ID: CVE-2010-3067
http://www.mandriva.com/security/advisories?name=MDVSA-2010:257
http://www.redhat.com/support/errata/RHSA-2010-0758.html
http://www.redhat.com/support/errata/RHSA-2010-0779.html
http://www.redhat.com/support/errata/RHSA-2010-0839.html
XForce ISS Database: kernel-doiosubmit-dos(61884)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61884
Common Vulnerability Exposure (CVE) ID: CVE-2010-4248
BugTraq ID: 45028
http://www.securityfocus.com/bid/45028
http://www.openwall.com/lists/oss-security/2010/11/23/2
http://www.openwall.com/lists/oss-security/2010/11/24/9
http://www.redhat.com/support/errata/RHSA-2011-0004.html
http://secunia.com/advisories/42789
http://www.vupen.com/english/advisories/2011/0024
Common Vulnerability Exposure (CVE) ID: CVE-2010-3437
BugTraq ID: 43551
http://www.securityfocus.com/bid/43551
http://www.exploit-db.com/exploits/15150/
http://jon.oberheide.org/files/cve-2010-3437.c
http://www.openwall.com/lists/oss-security/2010/09/28/2
http://www.openwall.com/lists/oss-security/2010/09/28/6
http://www.redhat.com/support/errata/RHSA-2010-0842.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-3877
http://marc.info/?l=linux-netdev&m=128854507420917&w=2
XForce ISS Database: kernel-getname-info-disc(64578)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64578
Common Vulnerability Exposure (CVE) ID: CVE-2009-2406
BugTraq ID: 35851
http://www.securityfocus.com/bid/35851
Bugtraq: 20090728 [RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/505334/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Debian Security Information: DSA-1844 (Google Search)
http://www.debian.org/security/2009/dsa-1844
Debian Security Information: DSA-1845 (Google Search)
http://www.debian.org/security/2009/dsa-1845
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00223.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00166.html
http://risesecurity.org/advisories/RISE-2009002.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8246
http://www.redhat.com/support/errata/RHSA-2009-1193.html
http://www.securitytracker.com/id?1022663
http://secunia.com/advisories/35985
http://secunia.com/advisories/36045
http://secunia.com/advisories/36051
http://secunia.com/advisories/36054
http://secunia.com/advisories/36116
http://secunia.com/advisories/36131
http://secunia.com/advisories/37471
SuSE Security Announcement: SUSE-SR:2009:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://www.ubuntu.com/usn/usn-807-1
http://www.vupen.com/english/advisories/2009/2041
http://www.vupen.com/english/advisories/2009/3316
Common Vulnerability Exposure (CVE) ID: CVE-2010-3859
BugTraq ID: 44354
http://www.securityfocus.com/bid/44354
http://marc.info/?l=linux-netdev&m=128770476511716&w=2
http://www.spinics.net/lists/netdev/msg145248.html
http://www.spinics.net/lists/netdev/msg145247.html
http://www.spinics.net/lists/netdev/msg145263.html
http://www.spinics.net/lists/netdev/msg145265.html
http://www.spinics.net/lists/netdev/msg145262.html
http://www.spinics.net/lists/netdev/msg145264.html
http://www.spinics.net/lists/netdev/msg145352.html
http://www.openwall.com/lists/oss-security/2010/10/22/2
http://www.openwall.com/lists/oss-security/2010/10/22/5
Common Vulnerability Exposure (CVE) ID: CVE-2010-4073
BugTraq ID: 45073
http://www.securityfocus.com/bid/45073
http://lkml.org/lkml/2010/10/6/492
http://www.openwall.com/lists/oss-security/2010/10/07/1
http://www.openwall.com/lists/oss-security/2010/10/25/3
http://securityreason.com/securityalert/8366
Common Vulnerability Exposure (CVE) ID: CVE-2010-4072
BugTraq ID: 45054
http://www.securityfocus.com/bid/45054
http://lkml.org/lkml/2010/10/6/454
http://secunia.com/advisories/42758
http://secunia.com/advisories/43161
http://www.ubuntu.com/usn/USN-1041-1
http://www.ubuntu.com/usn/USN-1057-1
http://www.vupen.com/english/advisories/2011/0070
http://www.vupen.com/english/advisories/2011/0280
Common Vulnerability Exposure (CVE) ID: CVE-2010-3705
http://marc.info/?l=linux-kernel&m=128596992418814&w=2
http://www.openwall.com/lists/oss-security/2010/10/04/2
http://www.openwall.com/lists/oss-security/2010/10/04/7
Common Vulnerability Exposure (CVE) ID: CVE-2010-4165
BugTraq ID: 44830
http://www.securityfocus.com/bid/44830
http://www.spinics.net/lists/netdev/msg146495.html
http://www.spinics.net/lists/netdev/msg146405.html
http://www.openwall.com/lists/oss-security/2010/11/12/1
http://www.openwall.com/lists/oss-security/2010/11/12/4
http://www.osvdb.org/69241
http://securityreason.com/securityalert/8111
http://securityreason.com/securityalert/8123
Common Vulnerability Exposure (CVE) ID: CVE-2010-3310
BugTraq ID: 43368
http://www.securityfocus.com/bid/43368
http://marc.info/?l=linux-netdev&m=128502238927086&w=2
http://www.openwall.com/lists/oss-security/2010/09/21/1
http://www.openwall.com/lists/oss-security/2010/09/21/2
http://www.osvdb.org/68163
http://secunia.com/advisories/41493
SuSE Security Announcement: SUSE-SA:2010:050 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html
SuSE Security Announcement: SUSE-SA:2010:051 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.html
XForce ISS Database: kernel-rose-bind-dos(61953)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61953
Common Vulnerability Exposure (CVE) ID: CVE-2010-3698
BugTraq ID: 44500
http://www.securityfocus.com/bid/44500
http://www.redhat.com/support/errata/RHSA-2010-0898.html
http://www.vupen.com/english/advisories/2010/3123
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.