Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1844-1 (linux-2.6.24)
The remote host is missing an update to linux-2.6.24
announced via advisory DSA 1844-1.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following


Neil Horman discovered a missing fix from the e1000 network driver.
A remote user may cause a denial of service by way of a kernel panic
triggered by specially crafted frame sizes.


Michael Tokarev discovered an issue in the r8169 network driver.
Remote users on the same LAN may cause a denial of service by way
of a kernel panic triggered by receiving a large size frame.


Frank Filz discovered that local users may be able to execute
files without execute permission when accessed via an nfs4 mount.


Jeff Layton and Suresh Jayaraman fixed several buffer overflows in
the CIFS filesystem which allow remote servers to cause memory


Julien Tinnes and Tavis Ormandy reported and issue in the Linux
vulnerability code. Local users can take advantage of a setuid
binary that can either be made to dereference a NULL pointer or
drop privileges and return control to the user. This allows a
user to bypass mmap_min_addr restrictions which can be exploited
to execute arbitrary code.


Mikulas Patocka discovered an issue in sparc64 kernels that allows
local users to cause a denial of service (crash) by reading the
/proc/iomem file.


Miklos Szeredi reported an issue in the ocfs2 filesystem. Local
users can create a denial of service (filesystem deadlock) using
a particular sequence of splice system calls.


Ramon de Carvalho Valle discovered two issues with the eCryptfs
layered filesystem using the fsfuzzer utility. A local user with
permissions to perform an eCryptfs mount may modify the contents
of a eCryptfs file, overflowing the stack and potentially gaining
elevated privileges.

For the stable distribution (etch), these problems have been fixed in
version 2.6.24-6~

We recommend that you upgrade your linux-2.6.24 packages.


CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1385
BugTraq ID: 35185
Bugtraq: 20090724 rPSA-2009-0111-1 kernel (Google Search)
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
Debian Security Information: DSA-1844 (Google Search)
Debian Security Information: DSA-1865 (Google Search)
RedHat Security Advisories: RHSA-2009:1550
SuSE Security Announcement: SUSE-SA:2009:038 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1389
BugTraq ID: 35281
SuSE Security Announcement: SUSE-SA:2010:031 (Google Search)
XForce ISS Database: linux-kernel-rtl8169nic-dos(51051)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1630
BugTraq ID: 34934
Debian Security Information: DSA-1809 (Google Search)
SuSE Security Announcement: SUSE-SA:2009:031 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1633
BugTraq ID: 34612
SuSE Security Announcement: SUSE-SA:2009:054 (Google Search)
SuSE Security Announcement: SUSE-SA:2009:056 (Google Search)
SuSE Security Announcement: SUSE-SA:2010:012 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1895
BugTraq ID: 35647
Debian Security Information: DSA-1845 (Google Search)
RedHat Security Advisories: RHSA-2009:1540
Common Vulnerability Exposure (CVE) ID: CVE-2009-1914
BugTraq ID: 35415
XForce ISS Database: kernel-pciregister-dos(51196)
Common Vulnerability Exposure (CVE) ID: CVE-2009-1961
BugTraq ID: 35143
SuSE Security Announcement: SUSE-SA:2009:030 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-2406
BugTraq ID: 35851
Bugtraq: 20090728 [RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow Vulnerability (Google Search)
SuSE Security Announcement: SUSE-SR:2009:015 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-2407
BugTraq ID: 35850
Bugtraq: 20090728 [RISE-2009003] Linux eCryptfs parse_tag_3_packet Encrypted Key Buffer Overflow Vulnerability (Google Search)
CopyrightCopyright (c) 2009 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.