Test ID:	1.3.6.1.4.1.25623.1.0.67546
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2010:0474
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2010:0474. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a NULL pointer dereference flaw was found in the Linux kernel NFSv4 implementation. Several of the NFSv4 file locking functions failed to check whether a file had been opened on the server before performing locking operations on it. A local, unprivileged user on a system with an NFSv4 share mounted could possibly use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2009-3726, Important) * a flaw was found in the sctp_process_unk_param() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to an SCTP listening port on a target system, causing a kernel panic (denial of service). (CVE-2010-1173, Important) * a race condition between finding a keyring by name and destroying a freed keyring was found in the Linux kernel key management facility. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1437, Important) Red Hat would like to thank Simon Vallet for responsibly reporting CVE-2009-3726 and Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer, for responsibly reporting CVE-2010-1173. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0474.html http://www.redhat.com/security/updates/classification/#important http://kbase.redhat.com/faq/docs/DOC-31052 Risk factor : High CVSS Score: 7.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3726 36936 http://www.securityfocus.com/bid/36936 37909 http://secunia.com/advisories/37909 38794 http://secunia.com/advisories/38794 38834 http://secunia.com/advisories/38834 40218 http://secunia.com/advisories/40218 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 DSA-2005 http://www.debian.org/security/2010/dsa-2005 MDVSA-2009:329 http://www.mandriva.com/security/advisories?name=MDVSA-2009:329 MDVSA-2011:051 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 RHSA-2009:1670 http://www.redhat.com/support/errata/RHSA-2009-1670.html RHSA-2010:0474 http://www.redhat.com/support/errata/RHSA-2010-0474.html SUSE-SA:2009:056 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html SUSE-SA:2009:061 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html SUSE-SA:2009:064 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html SUSE-SA:2010:012 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html USN-864-1 http://www.ubuntu.com/usn/usn-864-1 [linux-nfs] 20081022 kernel oops in nfs4_proc_lock http://www.spinics.net/linux/lists/linux-nfs/msg03357.html [oss-security] 20091105 CVE request: kernel: NULL pointer dereference in nfs4_proc_lock() http://www.openwall.com/lists/oss-security/2009/11/05/1 [oss-security] 20091105 Re: CVE request: kernel: NULL pointer dereference in nfs4_proc_lock() http://www.openwall.com/lists/oss-security/2009/11/05/4 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d953126a28f97ec965d23c69fd5795854c048f30 http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc4 https://bugzilla.redhat.com/show_bug.cgi?id=529227 oval:org.mitre.oval:def:6636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6636 oval:org.mitre.oval:def:9734 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9734 Common Vulnerability Exposure (CVE) ID: CVE-2010-1173 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 39830 http://secunia.com/advisories/39830 43315 http://secunia.com/advisories/43315 DSA-2053 http://www.debian.org/security/2010/dsa-2053 MDVSA-2010:198 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 [netdev] 20100428 Re: [PATCH]: sctp: Fix skb_over_panic resulting from multiple invalid parameter errors (CVE-2010-1173) (v4) http://article.gmane.org/gmane.linux.network/159531 [oss-security] 20100429 CVE-2010-1173 kernel: skb_over_panic resulting from multiple invalid parameter errors http://www.openwall.com/lists/oss-security/2010/04/29/1 [oss-security] 20100429 Re: CVE-2010-1173 kernel: skb_over_panic resulting from multiple invalid parameter errors http://marc.info/?l=oss-security&m=127251068407878&w=2 http://www.openwall.com/lists/oss-security/2010/04/29/6 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809 http://kbase.redhat.com/faq/docs/DOC-31052 http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=584645 oval:org.mitre.oval:def:11416 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11416 Common Vulnerability Exposure (CVE) ID: CVE-2010-1437 39719 http://www.securityfocus.com/bid/39719 40645 http://secunia.com/advisories/40645 ADV-2010-1857 http://www.vupen.com/english/advisories/2010/1857 SUSE-SA:2010:031 http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html [linux-kernel] 20100422 [PATCH 0/1][BUG][IMPORTANT] KEYRINGS: find_keyring_by_name() can gain the freed keyring http://marc.info/?l=linux-kernel&m=127192182917857&w=2 [linux-kernel] 20100430 [PATCH 2/7] KEYS: find_keyring_by_name() can gain access to a freed keyring http://marc.info/?l=linux-kernel&m=127274294622730&w=2 [linux-kernel] 20100503 Re: [PATCH 2/7] KEYS: find_keyring_by_name() can gain access to a freed keyring http://marc.info/?l=linux-kernel&m=127292492727029&w=2 [oss-security] 20100427 CVE request - kernel: find_keyring_by_name() can gain the freed keyring http://www.openwall.com/lists/oss-security/2010/04/27/2 [oss-security] 20100427 Re: CVE request - kernel: find_keyring_by_name() can gain the freed keyring http://www.openwall.com/lists/oss-security/2010/04/28/2 https://bugzilla.redhat.com/show_bug.cgi?id=585094 https://patchwork.kernel.org/patch/94038/ https://patchwork.kernel.org/patch/94664/ kernel-findkeyringbyname-dos(58254) https://exchange.xforce.ibmcloud.com/vulnerabilities/58254 oval:org.mitre.oval:def:9715 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9715
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.