Test ID:	1.3.6.1.4.1.25623.1.0.67364
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2010:0394
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2010:0394. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * RHSA-2009:1024 introduced a flaw in the ptrace implementation on Itanium systems. ptrace_check_attach() was not called during certain ptrace() requests. Under certain circumstances, a local, unprivileged user could use this flaw to call ptrace() on a process they do not own, giving them control over that process. (CVE-2010-0729, Important) * a flaw was found in the kernel's Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially-crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in a denial of service. (CVE-2010-1086, Important) * a use-after-free flaw was found in tcp_rcv_state_process() in the kernel's TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic. (CVE-2010-1188, Important) * a divide-by-zero flaw was found in azx_position_ok() in the Intel High Definition Audio driver, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a denial of service. (CVE-2010-1085, Moderate) * an information leak flaw was found in the kernel's USB implementation. Certain USB errors could result in an uninitialized kernel buffer being sent to user-space. An attacker with physical access to a target system could use this flaw to cause an information leak. (CVE-2010-1083, Low) Red Hat would like to thank Ang Way Chuang for reporting CVE-2010-1086. Users should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0394.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0729 38702 http://www.securityfocus.com/bid/38702 RHSA-2010:0394 http://www.redhat.com/support/errata/RHSA-2010-0394.html [oss-security] 20100312 CVE-2010-0729 kernel: ia64: ptrace: peek_or_poke requests miss ptrace_check_attach() http://www.openwall.com/lists/oss-security/2010/03/12/2 http://support.avaya.com/css/P8/documents/100090459 https://bugzilla.redhat.com/show_bug.cgi?id=572007 oval:org.mitre.oval:def:8687 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8687 Common Vulnerability Exposure (CVE) ID: CVE-2010-1083 Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search) http://www.securityfocus.com/archive/1/520102/100/0/threaded Debian Security Information: DSA-2053 (Google Search) http://www.debian.org/security/2010/dsa-2053 http://lwn.net/Articles/375350/ http://lkml.org/lkml/2010/3/30/759 http://www.openwall.com/lists/oss-security/2010/02/17/1 http://www.openwall.com/lists/oss-security/2010/02/17/2 http://www.openwall.com/lists/oss-security/2010/02/18/7 http://www.openwall.com/lists/oss-security/2010/02/19/1 http://www.openwall.com/lists/oss-security/2010/02/18/4 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10831 http://www.redhat.com/support/errata/RHSA-2010-0723.html http://secunia.com/advisories/39742 http://secunia.com/advisories/39830 http://secunia.com/advisories/46397 SuSE Security Announcement: SUSE-SA:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html SuSE Security Announcement: SUSE-SA:2010:023 (Google Search) http://www.novell.com/linux/security/advisories/2010_23_kernel.html Common Vulnerability Exposure (CVE) ID: CVE-2010-1085 BugTraq ID: 38348 http://www.securityfocus.com/bid/38348 Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search) http://www.securityfocus.com/archive/1/516397/100/0/threaded http://nctritech.net/bugreport.txt http://lkml.org/lkml/2010/2/5/322 http://www.openwall.com/lists/oss-security/2010/02/22/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10027 http://www.redhat.com/support/errata/RHSA-2010-0398.html http://secunia.com/advisories/39649 http://secunia.com/advisories/43315 Common Vulnerability Exposure (CVE) ID: CVE-2010-1086 BugTraq ID: 38479 http://www.securityfocus.com/bid/38479 http://www.openwall.com/lists/oss-security/2010/03/01/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10569 Common Vulnerability Exposure (CVE) ID: CVE-2010-1188 BugTraq ID: 39016 http://www.securityfocus.com/bid/39016 http://www.openwall.com/lists/oss-security/2010/03/29/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9878 http://www.redhat.com/support/errata/RHSA-2010-0380.html http://www.redhat.com/support/errata/RHSA-2010-0424.html http://www.redhat.com/support/errata/RHSA-2010-0439.html http://www.redhat.com/support/errata/RHSA-2010-0882.html http://www.securitytracker.com/id?1023992 http://secunia.com/advisories/39652
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.