Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67364
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0394
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0394.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* RHSA-2009:1024 introduced a flaw in the ptrace implementation on Itanium
systems. ptrace_check_attach() was not called during certain ptrace()
requests. Under certain circumstances, a local, unprivileged user could use
this flaw to call ptrace() on a process they do not own, giving them
control over that process. (CVE-2010-0729, Important)

* a flaw was found in the kernel's Unidirectional Lightweight Encapsulation
(ULE) implementation. A remote attacker could send a specially-crafted ISO
MPEG-2 Transport Stream (TS) frame to a target system, resulting in a
denial of service. (CVE-2010-1086, Important)

* a use-after-free flaw was found in tcp_rcv_state_process() in the
kernel's TCP/IP protocol suite implementation. If a system using IPv6 had
the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker
could send an IPv6 packet to that system, causing a kernel panic.
(CVE-2010-1188, Important)

* a divide-by-zero flaw was found in azx_position_ok() in the Intel High
Definition Audio driver, snd-hda-intel. A local, unprivileged user could
trigger this flaw to cause a denial of service. (CVE-2010-1085, Moderate)

* an information leak flaw was found in the kernel's USB implementation.
Certain USB errors could result in an uninitialized kernel buffer being
sent to user-space. An attacker with physical access to a target system
could use this flaw to cause an information leak. (CVE-2010-1083, Low)

Red Hat would like to thank Ang Way Chuang for reporting CVE-2010-1086.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues and add these enhancements. The system must
be rebooted for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0394.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0729
BugTraq ID: 38702
http://www.securityfocus.com/bid/38702
http://www.openwall.com/lists/oss-security/2010/03/12/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8687
http://www.redhat.com/support/errata/RHSA-2010-0394.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-1083
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/520102/100/0/threaded
Debian Security Information: DSA-2053 (Google Search)
http://www.debian.org/security/2010/dsa-2053
http://lwn.net/Articles/375350/
http://lkml.org/lkml/2010/3/30/759
http://www.openwall.com/lists/oss-security/2010/02/17/1
http://www.openwall.com/lists/oss-security/2010/02/17/2
http://www.openwall.com/lists/oss-security/2010/02/18/7
http://www.openwall.com/lists/oss-security/2010/02/19/1
http://www.openwall.com/lists/oss-security/2010/02/18/4
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10831
http://www.redhat.com/support/errata/RHSA-2010-0723.html
http://secunia.com/advisories/39742
http://secunia.com/advisories/39830
http://secunia.com/advisories/46397
SuSE Security Announcement: SUSE-SA:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html
SuSE Security Announcement: SUSE-SA:2010:023 (Google Search)
http://www.novell.com/linux/security/advisories/2010_23_kernel.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-1085
BugTraq ID: 38348
http://www.securityfocus.com/bid/38348
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://nctritech.net/bugreport.txt
http://lkml.org/lkml/2010/2/5/322
http://www.openwall.com/lists/oss-security/2010/02/22/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10027
http://www.redhat.com/support/errata/RHSA-2010-0398.html
http://secunia.com/advisories/39649
http://secunia.com/advisories/43315
Common Vulnerability Exposure (CVE) ID: CVE-2010-1086
BugTraq ID: 38479
http://www.securityfocus.com/bid/38479
http://www.openwall.com/lists/oss-security/2010/03/01/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10569
Common Vulnerability Exposure (CVE) ID: CVE-2010-1188
BugTraq ID: 39016
http://www.securityfocus.com/bid/39016
http://www.openwall.com/lists/oss-security/2010/03/29/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9878
http://www.redhat.com/support/errata/RHSA-2010-0380.html
http://www.redhat.com/support/errata/RHSA-2010-0424.html
http://www.redhat.com/support/errata/RHSA-2010-0439.html
http://www.redhat.com/support/errata/RHSA-2010-0882.html
http://www.securitytracker.com/id?1023992
http://secunia.com/advisories/39652
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.