English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72151 CVE descriptions
and 38907 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67753
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0631
Summary:Redhat Security Advisory RHSA-2010:0631
Description:The remote host is missing updates announced in
advisory RHSA-2010:0631.

These packages contain the Linux kernel, the core of any Linux operating
system.

Security fixes:

* unsafe sprintf() use in the Bluetooth implementation. Creating a large
number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary
memory pages being overwritten, allowing a local, unprivileged user to
cause a denial of service or escalate their privileges. (CVE-2010-1084,
Important)

* a flaw in the Unidirectional Lightweight Encapsulation implementation,
allowing a remote attacker to send a specially-crafted ISO MPEG-2 Transport
Stream frame to a target system, resulting in a denial of service.
(CVE-2010-1086, Important)

* NULL pointer dereference in nfs_wb_page_cancel(), allowing a local user
on a system that has an NFS-mounted file system to cause a denial of
service or escalate their privileges on that system. (CVE-2010-1087,
Important)

* flaw in sctp_process_unk_param(), allowing a remote attacker to send a
specially-crafted SCTP packet to an SCTP listening port on a target system,
causing a denial of service. (CVE-2010-1173, Important)

* race condition between finding a keyring by name and destroying a freed
keyring in the key management facility, allowing a local, unprivileged
user to cause a denial of service or escalate their privileges.
(CVE-2010-1437, Important)

* systems using the kernel NFS server to export a shared memory file system
and that have the sysctl overcommit_memory variable set to never overcommit
(a value of 2
by default, it is set to 0), may experience a NULL pointer
dereference, allowing a local, unprivileged user to cause a denial of
service or escalate their privileges. (CVE-2008-7256, CVE-2010-1643,
Important)

* when an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could lead to local privilege escalation on 64-bit
systems. This issue is fixed with an implementation of a stack guard
feature. (CVE-2010-2240, Important)

* flaw in CIFSSMBWrite() could allow a remote attacker to send a
specially-crafted SMB response packet to a target CIFS client, resulting in
a denial of service. (CVE-2010-2248, Important)

* buffer overflow flaws in the kernel's implementation of the server-side
XDR for NFSv4 could allow an attacker on the local network to send a
specially-crafted large compound request to the NFSv4 server, possibly
resulting in a denial of service or code execution. (CVE-2010-2521,
Important)

* NULL pointer dereference in the firewire-ohci driver used for OHCI
compliant IEEE 1394 controllers could allow a local, unprivileged user with
access to /dev/fw* files to issue certain IOCTL calls, causing a denial of
service or privilege escalation. The FireWire modules are blacklisted by
default. If enabled, only root has access to the files noted above by
default. (CVE-2009-4138, Moderate)

* flaw in the link_path_walk() function. Using the file descriptor
returned by open() with the O_NOFOLLOW flag on a subordinate NFS-mounted
file system, could result in a NULL pointer dereference, causing a denial
of service or privilege escalation. (CVE-2010-1088, Moderate)

* memory leak in release_one_tty() could allow a local, unprivileged user
to cause a denial of service. (CVE-2010-1162, Moderate)

* information leak in the USB implementation. Certain USB errors could
result in an uninitialized kernel buffer being sent to user-space. An
attacker with physical access to a target system could use this flaw to
cause an information leak. (CVE-2010-1083, Low)

Red Hat would like to thank Neil Brown for reporting CVE-2010-1084
Ang Way
Chuang for reporting CVE-2010-1086
Jukka Taimisto and Olli Jarva of
Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their
customer, for responsibly reporting CVE-2010-1173
the X.Org security team
for reporting CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as
the original reporter
and Marcus Meissner for reporting CVE-2010-1083.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0631.html
http://www.redhat.com/security/updates/classification/#important
http://www.redhat.com/docs/en-US/errata/RHSA-2010-0631/Kernel_Security_Update/index.html

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-7256
http://www.openwall.com/lists/oss-security/2010/05/27/1
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
XForce ISS Database: kernel-shmem-dos(59224)
http://xforce.iss.net/xforce/xfdb/59224
Common Vulnerability Exposure (CVE) ID: CVE-2009-4138
http://www.openwall.com/lists/oss-security/2009/12/15/1
Debian Security Information: DSA-2005 (Google Search)
http://www.debian.org/security/2010/dsa-2005
RedHat Security Advisories: RHSA-2010:0046
https://rhn.redhat.com/errata/RHSA-2010-0046.html
RedHat Security Advisories: RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
SuSE Security Announcement: SUSE-SA:2010:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
SuSE Security Announcement: SUSE-SA:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
SuSE Security Announcement: SUSE-SA:2010:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
BugTraq ID: 37339
http://www.securityfocus.com/bid/37339
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7376
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9527
http://secunia.com/advisories/38017
http://secunia.com/advisories/38276
Common Vulnerability Exposure (CVE) ID: CVE-2010-1083
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/archive/1/520102/100/0/threaded
http://lwn.net/Articles/375350/
http://lkml.org/lkml/2010/3/30/759
http://www.openwall.com/lists/oss-security/2010/02/17/1
http://www.openwall.com/lists/oss-security/2010/02/17/2
http://www.openwall.com/lists/oss-security/2010/02/18/7
http://www.openwall.com/lists/oss-security/2010/02/19/1
http://www.openwall.com/lists/oss-security/2010/02/18/4
Debian Security Information: DSA-2053 (Google Search)
http://www.debian.org/security/2010/dsa-2053
http://www.redhat.com/support/errata/RHSA-2010-0394.html
http://www.redhat.com/support/errata/RHSA-2010-0723.html
SuSE Security Announcement: SUSE-SA:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.html
SuSE Security Announcement: SUSE-SA:2010:023 (Google Search)
http://www.novell.com/linux/security/advisories/2010_23_kernel.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10831
http://secunia.com/advisories/39742
http://secunia.com/advisories/39830
http://secunia.com/advisories/46397
Common Vulnerability Exposure (CVE) ID: CVE-2010-1084
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
http://www.openwall.com/lists/oss-security/2010/03/23/1
http://security-tracker.debian.org/tracker/CVE-2010-1084
http://www.redhat.com/support/errata/RHSA-2010-0610.html
BugTraq ID: 38898
http://www.securityfocus.com/bid/38898
http://secunia.com/advisories/43315
Common Vulnerability Exposure (CVE) ID: CVE-2010-1086
http://www.openwall.com/lists/oss-security/2010/03/01/1
http://www.redhat.com/support/errata/RHSA-2010-0398.html
BugTraq ID: 38479
http://www.securityfocus.com/bid/38479
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10569
http://secunia.com/advisories/39649
Common Vulnerability Exposure (CVE) ID: CVE-2010-1087
http://www.openwall.com/lists/oss-security/2010/03/03/1
SuSE Security Announcement: SUSE-SA:2010:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
BugTraq ID: 39569
http://www.securityfocus.com/bid/39569
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10442
http://secunia.com/advisories/40645
http://www.vupen.com/english/advisories/2010/1857
Common Vulnerability Exposure (CVE) ID: CVE-2010-1088
http://www.openwall.com/lists/oss-security/2010/02/24/3
http://www.mandriva.com/security/advisories?name=MDVSA-2010:088
BugTraq ID: 39044
http://www.securityfocus.com/bid/39044
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10093
Common Vulnerability Exposure (CVE) ID: CVE-2010-1162
http://www.openwall.com/lists/oss-security/2010/04/14/1
http://www.openwall.com/lists/oss-security/2010/04/15/1
http://www.openwall.com/lists/oss-security/2010/04/15/2
http://www.openwall.com/lists/oss-security/2010/04/16/1
Common Vulnerability Exposure (CVE) ID: CVE-2010-1173
http://article.gmane.org/gmane.linux.network/159531
http://www.openwall.com/lists/oss-security/2010/04/29/1
http://www.openwall.com/lists/oss-security/2010/04/29/6
http://marc.info/?l=oss-security&m=127251068407878&w=2
http://www.redhat.com/support/errata/RHSA-2010-0474.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11416
http://secunia.com/advisories/40218
Common Vulnerability Exposure (CVE) ID: CVE-2010-1437
http://marc.info/?l=linux-kernel&m=127192182917857&w=2
http://marc.info/?l=linux-kernel&m=127274294622730&w=2
http://marc.info/?l=linux-kernel&m=127292492727029&w=2
http://www.openwall.com/lists/oss-security/2010/04/27/2
http://www.openwall.com/lists/oss-security/2010/04/28/2
BugTraq ID: 39719
http://www.securityfocus.com/bid/39719
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9715
XForce ISS Database: kernel-findkeyringbyname-dos(58254)
http://xforce.iss.net/xforce/xfdb/58254
Common Vulnerability Exposure (CVE) ID: CVE-2010-1643
http://www.openwall.com/lists/oss-security/2010/05/26/2
http://www.openwall.com/lists/oss-security/2010/05/26/6
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666
BugTraq ID: 40377
http://www.securityfocus.com/bid/40377
XForce ISS Database: linux-kernel-knfsd-dos(58957)
http://xforce.iss.net/xforce/xfdb/58957
Common Vulnerability Exposure (CVE) ID: CVE-2010-2240
Bugtraq: 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/archive/1/517739/100/0/threaded
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf
Debian Security Information: DSA-2094 (Google Search)
http://www.debian.org/security/2010/dsa-2094
http://www.mandriva.com/security/advisories?name=MDVSA-2010:172
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
RedHat Security Advisories: RHSA-2010:0661
https://rhn.redhat.com/errata/RHSA-2010-0661.html
http://www.redhat.com/support/errata/RHSA-2010-0660.html
http://www.redhat.com/support/errata/RHSA-2010-0670.html
http://www.redhat.com/support/errata/RHSA-2010-0882.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13247
http://securitytracker.com/id?1024344
Common Vulnerability Exposure (CVE) ID: CVE-2010-2248
http://www.openwall.com/lists/oss-security/2010/06/28/1
http://www.openwall.com/lists/oss-security/2010/06/28/6
RedHat Security Advisories: RHSA-2010:0606
https://rhn.redhat.com/errata/RHSA-2010-0606.html
SuSE Security Announcement: SUSE-SA:2010:060 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
http://www.ubuntu.com/usn/USN-1000-1
BugTraq ID: 42242
http://www.securityfocus.com/bid/42242
http://securitytracker.com/id?1024285
Common Vulnerability Exposure (CVE) ID: CVE-2010-2521
http://www.openwall.com/lists/oss-security/2010/07/07/1
http://www.openwall.com/lists/oss-security/2010/07/09/2
http://www.redhat.com/support/errata/RHSA-2010-0893.html
http://www.redhat.com/support/errata/RHSA-2010-0907.html
SuSE Security Announcement: SUSE-SA:2010:040 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
BugTraq ID: 42249
http://www.securityfocus.com/bid/42249
http://securitytracker.com/id?1024286
http://www.vupen.com/english/advisories/2010/3050
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.