English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75096 CVE descriptions
and 39644 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67066
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0147
Summary:Redhat Security Advisory RHSA-2010:0147
Description:The remote host is missing updates announced in
advisory RHSA-2010:0147.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function
in the Linux kernel Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could send a specially-crafted SCTP
packet to a target system, resulting in a denial of service.
(CVE-2010-0008, Important)

* a missing boundary check was found in the do_move_pages() function in
the memory migration functionality in the Linux kernel. A local user could
use this flaw to cause a local denial of service or an information leak.
(CVE-2010-0415, Important)

* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
function in the Linux kernel. An attacker on the local network could
trigger this flaw by sending IPv6 traffic to a target system, leading to a
system crash (kernel OOPS) if dst->neighbour is NULL on the target system
when receiving an IPv6 packet. (CVE-2010-0437, Important)

* a NULL pointer dereference flaw was found in the ext4 file system code in
the Linux kernel. A local attacker could use this flaw to trigger a local
denial of service by mounting a specially-crafted, journal-less ext4 file
system, if that file system forced an EROFS error. (CVE-2009-4308,
Moderate)

* an information leak was found in the print_fatal_signal() implementation
in the Linux kernel. When /proc/sys/kernel/print-fatal-signals is set to
1 (the default value is 0), memory that is reachable by the kernel could be
leaked to user-space. This issue could also result in a system crash. Note
that this flaw only affected the i386 architecture. (CVE-2010-0003,
Moderate)

* missing capability checks were found in the ebtables implementation, used
for creating an Ethernet bridge firewall. This could allow a local,
unprivileged user to bypass intended capability restrictions and modify
ebtables rules. (CVE-2010-0007, Low)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0147.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-4308
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
Debian Security Information: DSA-2005 (Google Search)
http://www.debian.org/security/2010/dsa-2005
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
http://www.redhat.com/support/errata/RHSA-2010-0147.html
SuSE Security Announcement: SUSE-SA:2010:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
SuSE Security Announcement: SUSE-SA:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
SuSE Security Announcement: SUSE-SA:2010:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11103
http://secunia.com/advisories/37658
http://secunia.com/advisories/38017
http://secunia.com/advisories/38276
http://secunia.com/advisories/43315
Common Vulnerability Exposure (CVE) ID: CVE-2010-0003
http://www.openwall.com/lists/oss-security/2010/01/12/1
http://www.openwall.com/lists/oss-security/2010/01/13/4
Debian Security Information: DSA-1996 (Google Search)
http://www.debian.org/security/2010/dsa-1996
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034250.html
RedHat Security Advisories: RHSA-2010:0146
https://rhn.redhat.com/errata/RHSA-2010-0146.html
http://www.redhat.com/support/errata/RHSA-2010-0161.html
SuSE Security Announcement: SUSE-SA:2010:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html
SuSE Security Announcement: SUSE-SA:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html
BugTraq ID: 37724
http://www.securityfocus.com/bid/37724
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10550
http://secunia.com/advisories/38333
http://secunia.com/advisories/38492
http://secunia.com/advisories/38779
http://secunia.com/advisories/39033
Common Vulnerability Exposure (CVE) ID: CVE-2010-0007
http://www.openwall.com/lists/oss-security/2010/01/14/1
http://www.openwall.com/lists/oss-security/2010/01/14/3
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
SuSE Security Announcement: SUSE-SA:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
SuSE Security Announcement: SUSE-SA:2010:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html
BugTraq ID: 37762
http://www.securityfocus.com/bid/37762
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9630
http://secunia.com/advisories/38133
http://secunia.com/advisories/38296
http://www.vupen.com/english/advisories/2010/0109
XForce ISS Database: kernel-ebtables-security-bypass(55602)
http://xforce.iss.net/xforce/xfdb/55602
Common Vulnerability Exposure (CVE) ID: CVE-2010-0008
http://www.openwall.com/lists/oss-security/2010/03/17/2
http://www.redhat.com/support/errata/RHSA-2010-0342.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11160
http://secunia.com/advisories/39295
Common Vulnerability Exposure (CVE) ID: CVE-2010-0415
http://www.openwall.com/lists/oss-security/2010/02/07/1
http://www.openwall.com/lists/oss-security/2010/02/07/2
http://www.openwall.com/lists/oss-security/2010/02/08/2
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035070.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:066
SuSE Security Announcement: SUSE-SA:2010:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html
http://www.ubuntu.com/usn/USN-914-1
BugTraq ID: 38144
http://www.securityfocus.com/bid/38144
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9399
http://secunia.com/advisories/38557
http://secunia.com/advisories/38922
http://www.vupen.com/english/advisories/2010/0638
Common Vulnerability Exposure (CVE) ID: CVE-2010-0437
http://www.openwall.com/lists/oss-security/2010/02/11/1
http://www.openwall.com/lists/oss-security/2010/03/04/4
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10061
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 39644 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.