 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.71724 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu USN-1394-1 (linux-image-2.6.35-903-omap4) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to linux-image-2.6.35-903-omap4 announced via advisory USN-1394-1. Details: Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. (CVE-2011-1927) Vegard Nossum discovered a leak in the kernel's inotify_init() system call. A local, unprivileged user could exploit this to cause a denial of service. (CVE-2010-4250) An error was discovered in the kernel's handling of CUSE (Character device in Userspace). A local attacker might exploit this flaw to escalate privilege, if access to /dev/cuse has been modified to allow non-root users. (CVE-2010-4650) A flaw was found in the kernel's Integrity Measurement Architecture (IMA). Changes made by an attacker might not be discovered by IMA, if SELinux was disabled, and a new IMA rule was loaded. (CVE-2011-0006) A flaw was found in the Linux Ethernet bridge's handling of IGMP (Internet Group Management Protocol) packets. An unprivileged local user could exploit this flaw to crash the system. (CVE-2011-0716) Dan Rosenberg reported errors in the OSS (Open Sound System) MIDI interface. A local attacker on non-x86 systems might be able to cause a denial of service. (CVE-2011-1476) Dan Rosenberg reported errors in the kernel's OSS (Open Sound System) driver for Yamaha FM synthesizer chips. A local user can exploit this to cause memory corruption, causing a denial of service or privilege escalation. (CVE-2011-1477) Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could exploit this flaw to cause a denial of service or gain root privileges. (CVE-2011-1759) Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182) A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system. (CVE-2011-3619) It was discovered that some import kernel threads can be blocked by a user level process. An unprivileged local user could exploit this flaw to cause a denial of service. (CVE-2011-4621) A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038) Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. (CVE-2012-0044) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: linux-image-2.6.35-903-omap4 2.6.35-903.32 http://www.securityspace.com/smysecure/catid.html?in=USN-1394-1 CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:NR/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-1927 http://www.openwall.com/lists/oss-security/2011/05/18/2 Common Vulnerability Exposure (CVE) ID: CVE-2010-4250 http://www.openwall.com/lists/oss-security/2010/11/24/11 Common Vulnerability Exposure (CVE) ID: CVE-2010-4650 http://www.openwall.com/lists/oss-security/2011/01/06/18 Common Vulnerability Exposure (CVE) ID: CVE-2011-0006 Common Vulnerability Exposure (CVE) ID: CVE-2011-0716 http://www.openwall.com/lists/oss-security/2011/02/17/2 Common Vulnerability Exposure (CVE) ID: CVE-2011-1476 http://www.openwall.com/lists/oss-security/2011/03/25/1 SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2011-1477 Common Vulnerability Exposure (CVE) ID: CVE-2011-1759 http://www.openwall.com/lists/oss-security/2011/05/02/16 Common Vulnerability Exposure (CVE) ID: CVE-2011-2182 BugTraq ID: 52334 http://www.securityfocus.com/bid/52334 HPdes Security Advisory: HPSBGN02970 http://marc.info/?l=bugtraq&m=139447903326211&w=2 http://www.openwall.com/lists/oss-security/2011/06/05/1 Common Vulnerability Exposure (CVE) ID: CVE-2011-3619 http://www.openwall.com/lists/oss-security/2011/10/17/6 Common Vulnerability Exposure (CVE) ID: CVE-2011-4621 http://www.openwall.com/lists/oss-security/2011/12/21/6 Common Vulnerability Exposure (CVE) ID: CVE-2012-0038 http://www.openwall.com/lists/oss-security/2012/01/10/11 Common Vulnerability Exposure (CVE) ID: CVE-2012-0044 BugTraq ID: 51371 http://www.securityfocus.com/bid/51371 http://www.openwall.com/lists/oss-security/2012/01/12/1 RedHat Security Advisories: RHSA-2012:0743 http://rhn.redhat.com/errata/RHSA-2012-0743.html http://www.ubuntu.com/usn/USN-1555-1 http://www.ubuntu.com/usn/USN-1556-1 |
| Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
| This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |