Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67546
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0474
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0474.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* a NULL pointer dereference flaw was found in the Linux kernel NFSv4
implementation. Several of the NFSv4 file locking functions failed to check
whether a file had been opened on the server before performing locking
operations on it. A local, unprivileged user on a system with an NFSv4
share mounted could possibly use this flaw to cause a kernel panic (denial
of service) or escalate their privileges. (CVE-2009-3726, Important)

* a flaw was found in the sctp_process_unk_param() function in the Linux
kernel Stream Control Transmission Protocol (SCTP) implementation. A remote
attacker could send a specially-crafted SCTP packet to an SCTP listening
port on a target system, causing a kernel panic (denial of service).
(CVE-2010-1173, Important)

* a race condition between finding a keyring by name and destroying a freed
keyring was found in the Linux kernel key management facility. A local,
unprivileged user could use this flaw to cause a kernel panic (denial of
service) or escalate their privileges. (CVE-2010-1437, Important)

Red Hat would like to thank Simon Vallet for responsibly reporting
CVE-2009-3726
and Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia
Siemens Networks, and Wind River on behalf of their customer, for
responsibly reporting CVE-2010-1173.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0474.html
http://www.redhat.com/security/updates/classification/#important
http://kbase.redhat.com/faq/docs/DOC-31052

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-3726
BugTraq ID: 36936
http://www.securityfocus.com/bid/36936
Debian Security Information: DSA-2005 (Google Search)
http://www.debian.org/security/2010/dsa-2005
http://www.mandriva.com/security/advisories?name=MDVSA-2009:329
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://www.spinics.net/linux/lists/linux-nfs/msg03357.html
http://www.openwall.com/lists/oss-security/2009/11/05/1
http://www.openwall.com/lists/oss-security/2009/11/05/4
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6636
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9734
http://www.redhat.com/support/errata/RHSA-2009-1670.html
http://www.redhat.com/support/errata/RHSA-2010-0474.html
http://secunia.com/advisories/37909
http://secunia.com/advisories/38794
http://secunia.com/advisories/38834
http://secunia.com/advisories/40218
SuSE Security Announcement: SUSE-SA:2009:056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
SuSE Security Announcement: SUSE-SA:2009:061 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
SuSE Security Announcement: SUSE-SA:2009:064 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
SuSE Security Announcement: SUSE-SA:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://www.ubuntu.com/usn/usn-864-1
http://www.vupen.com/english/advisories/2010/0528
Common Vulnerability Exposure (CVE) ID: CVE-2010-1173
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/516397/100/0/threaded
Debian Security Information: DSA-2053 (Google Search)
http://www.debian.org/security/2010/dsa-2053
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
http://article.gmane.org/gmane.linux.network/159531
http://www.openwall.com/lists/oss-security/2010/04/29/1
http://marc.info/?l=oss-security&m=127251068407878&w=2
http://www.openwall.com/lists/oss-security/2010/04/29/6
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11416
http://secunia.com/advisories/39830
http://secunia.com/advisories/43315
Common Vulnerability Exposure (CVE) ID: CVE-2010-1437
BugTraq ID: 39719
http://www.securityfocus.com/bid/39719
http://marc.info/?l=linux-kernel&m=127192182917857&w=2
http://marc.info/?l=linux-kernel&m=127274294622730&w=2
http://marc.info/?l=linux-kernel&m=127292492727029&w=2
http://www.openwall.com/lists/oss-security/2010/04/27/2
http://www.openwall.com/lists/oss-security/2010/04/28/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9715
http://secunia.com/advisories/40645
SuSE Security Announcement: SUSE-SA:2010:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
http://www.vupen.com/english/advisories/2010/1857
XForce ISS Database: kernel-findkeyringbyname-dos(58254)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58254
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.