ID de Prueba:	1.3.6.1.4.1.25623.1.1.13.2010.265.01
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2010-265-01)
Resumen:	The remote host is missing an update for the '-bit' package(s) announced via the SSA:2010-265-01 advisory.
Descripción:	Summary: The remote host is missing an update for the '-bit' package(s) announced via the SSA:2010-265-01 advisory. Vulnerability Insight: New kernel packages are available for Slackware x86_64 13.1, and -current to fix security issues. Here are the details from the Slackware64 13.1 ChangeLog: +--------------------------+ patches/packages/linux-2.6.33.4-2/kernel-firmware-2.6.33.4-noarch-2.txz: Rebuilt. patches/packages/linux-2.6.33.4-2/kernel-generic-2.6.33.4-x86_64-2.txz: Rebuilt. This kernel has been patched to fix security problems on x86_64: 64-bit Compatibility Mode Stack Pointer Underflow (CVE-2010-3081). IA32 System Call Entry Point Vulnerability (CVE-2010-3301). These vulnerabilities allow local users to gain root privileges. For more information, see: [links moved to references] (* Security fix *) patches/packages/linux-2.6.33.4-2/kernel-headers-2.6.33.4-x86-2.txz: Rebuilt. patches/packages/linux-2.6.33.4-2/kernel-huge-2.6.33.4-x86_64-2.txz: Rebuilt. Patched for CVE-2010-3081 and CVE-2010-3301. (* Security fix *) patches/packages/linux-2.6.33.4-2/kernel-modules-2.6.33.4-x86_64-2.txz: Rebuilt. patches/packages/linux-2.6.33.4-2/kernel-source-2.6.33.4-noarch-2.txz: Rebuilt. Patched for CVE-2010-3081 and CVE-2010-3301. (* Security fix *) patches/packages/linux-2.6.33.4-2/kernels/*: Rebuilt. Patched for CVE-2010-3081 and CVE-2010-3301. (* Security fix *) +--------------------------+ Affected Software/OS: '-bit' package(s) on Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3081 20100916 Ac1db1tch3z vs x86_64 Linux Kernel http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0273.html 20100916 Workaround for Ac1db1tch3z exploit. http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0278.html 20101130 VMSA-2010-0017 VMware ESX third party update for Service Console kerne http://www.securityfocus.com/archive/1/514938/30/30/threaded 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 42384 http://secunia.com/advisories/42384 43315 http://secunia.com/advisories/43315 ADV-2010-3083 http://www.vupen.com/english/advisories/2010/3083 ADV-2010-3117 http://www.vupen.com/english/advisories/2010/3117 ADV-2011-0298 http://www.vupen.com/english/advisories/2011/0298 MDVSA-2010:198 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 MDVSA-2010:214 http://www.mandriva.com/security/advisories?name=MDVSA-2010:214 MDVSA-2010:247 http://www.mandriva.com/security/advisories?name=MDVSA-2010:247 RHSA-2010:0758 http://www.redhat.com/support/errata/RHSA-2010-0758.html RHSA-2010:0842 http://www.redhat.com/support/errata/RHSA-2010-0842.html RHSA-2010:0882 http://www.redhat.com/support/errata/RHSA-2010-0882.html SUSE-SA:2010:050 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html SUSE-SA:2011:007 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html SUSE-SR:2010:017 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html [oss-security] 20100916 CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow http://marc.info/?l=oss-security&m=128461522230211&w=2 http://blog.ksplice.com/2010/09/cve-2010-3081/ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c41d68a513c71e35a14f66d71782d27a79a81ea6 http://isc.sans.edu/diary.html?storyid=9574 http://sota.gen.nz/compat1/ http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log http://www.vmware.com/security/advisories/VMSA-2010-0017.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://access.redhat.com/kb/docs/DOC-40265 https://bugzilla.redhat.com/show_bug.cgi?id=634457 Common Vulnerability Exposure (CVE) ID: CVE-2010-3301 42758 http://secunia.com/advisories/42758 ADV-2011-0070 http://www.vupen.com/english/advisories/2011/0070 USN-1041-1 http://www.ubuntu.com/usn/USN-1041-1 [oss-security] 20100916 CVE-2010-3301 kernel: IA32 System Call Entry Point Vulnerability http://www.openwall.com/lists/oss-security/2010/09/16/1 [oss-security] 20100916 Re: CVE-2010-3301 kernel: IA32 System Call Entry Point Vulnerability http://www.openwall.com/lists/oss-security/2010/09/16/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=36d001c70d8a0144ac1d038f6876c484849a74de http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eefdca043e8391dcd719711716492063030b55ac http://sota.gen.nz/compat2/ https://bugzilla.redhat.com/show_bug.cgi?id=634449
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.