English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75516 CVE descriptions
and 39786 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67849
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2010:031 (kernel)
Summary:SuSE Security Advisory SUSE-SA:2010:031 (kernel)
Description:The remote host is missing updates announced in
advisory SUSE-SA:2010:031.

The SUSE Linux Enterprise 11 GA Kernel was updated to 2.6.27.48 fixing
various bugs and security issues.

CVE-2010-1641: The do_gfs2_set_flags function in fs/gfs2/file.c in the
Linux kernel does not verify the ownership of a file, which allows
local users to bypass intended access restrictions via a SETFLAGS
ioctl request.

CVE-2010-1087: The nfs_wait_on_request function in fs/nfs/pagelist.c in
the Linux kernel allows attackers to cause a denial of service (Oops)
via unknown vectors related to truncating a file and an operation
that is not interruptible.

CVE-2010-1643: mm/shmem.c in the Linux kernel, when strict overcommit
is enabled, does not properly handle the export of shmemfs objects
by knfsd, which allows attackers to cause a denial of service (NULL
pointer dereference and knfsd crash) or possibly have unspecified
other impact via unknown vectors.

CVE-2010-1437: Race condition in the find_keyring_by_name function
in security/keys/keyring.c in the Linux kernel allows local users
to cause a denial of service (memory corruption and system crash)
or possibly have unspecified other impact via keyctl session commands
that trigger access to a dead keyring that is undergoing deletion by
the key_cleanup function.

CVE-2010-1446: arch/1/mm/fsl_booke_mmu.c in KGDB in the Linux kernel,
when running on PowerPC, does not properly perform a security check
for access to a kernel page, which allows local users to overwrite
arbitrary kernel memory, related to Fsl booke.

CVE-2010-1162: The release_one_tty function in drivers/char/tty_io.c in
the Linux kernel omits certain required calls to the put_pid function,
which has unspecified impact and local attack vectors.

CVE-2009-4537: drivers/net/r8169.c in the r8169 driver in the Linux
kernel does not properly check the size of an Ethernet frame that
exceeds the MTU, which allows remote attackers to (1) cause a denial
of service (temporary network outage) via a packet with a crafted size,
in conjunction with certain packets containing A characters and certain
packets containing E characters
or (2) cause a denial of service
(system crash) via a packet with a crafted size, in conjunction with
certain packets containing '0' characters, related to the value of the
status register and erroneous behavior associated with the RxMaxSize
register. NOTE: this vulnerability exists because of an incorrect
fix for CVE-2009-1389. Code execution might be possible.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2010:031

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1389
Bugtraq: 20090724 rPSA-2009-0111-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/505254/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
http://lkml.org/lkml/2009/6/8/194
http://marc.info/?l=linux-netdev&m=123462461713724&w=2
http://www.openwall.com/lists/oss-security/2009/06/10/1
Debian Security Information: DSA-1844 (Google Search)
http://www.debian.org/security/2009/dsa-1844
Debian Security Information: DSA-1865 (Google Search)
http://www.debian.org/security/2009/dsa-1865
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01094.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01193.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01048.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148
http://www.redhat.com/support/errata/RHSA-2009-1157.html
http://www.redhat.com/support/errata/RHSA-2009-1193.html
SuSE Security Announcement: SUSE-SA:2009:038 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html
SuSE Security Announcement: SUSE-SA:2010:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
http://www.ubuntu.com/usn/usn-807-1
BugTraq ID: 35281
http://www.securityfocus.com/bid/35281
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10415
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8108
http://www.securitytracker.com/id?1023507
http://secunia.com/advisories/35265
http://secunia.com/advisories/35566
http://secunia.com/advisories/36045
http://secunia.com/advisories/36051
http://secunia.com/advisories/35847
http://secunia.com/advisories/36131
http://secunia.com/advisories/36327
http://secunia.com/advisories/37298
http://secunia.com/advisories/37471
http://secunia.com/advisories/40645
http://www.vupen.com/english/advisories/2009/3316
http://www.vupen.com/english/advisories/2010/0219
http://www.vupen.com/english/advisories/2010/1857
XForce ISS Database: linux-kernel-rtl8169nic-dos(51051)
http://xforce.iss.net/xforce/xfdb/51051
Common Vulnerability Exposure (CVE) ID: CVE-2009-4537
http://marc.info/?l=linux-netdev&m=126202972828626&w=2
http://www.openwall.com/lists/oss-security/2009/12/28/1
http://www.openwall.com/lists/oss-security/2009/12/29/2
http://www.openwall.com/lists/oss-security/2009/12/31/1
http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
http://twitter.com/dakami/statuses/7104238406
Debian Security Information: DSA-2053 (Google Search)
http://www.debian.org/security/2010/dsa-2053
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html
http://www.redhat.com/support/errata/RHSA-2010-0019.html
http://www.redhat.com/support/errata/RHSA-2010-0020.html
http://www.redhat.com/support/errata/RHSA-2010-0041.html
RedHat Security Advisories: RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://www.redhat.com/support/errata/RHSA-2010-0111.html
http://www.redhat.com/support/errata/RHSA-2010-0053.html
SuSE Security Announcement: SUSE-SA:2010:023 (Google Search)
http://www.novell.com/linux/security/advisories/2010_23_kernel.html
BugTraq ID: 37521
http://www.securityfocus.com/bid/37521
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7443
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9439
http://securitytracker.com/id?1023419
http://secunia.com/advisories/38031
http://secunia.com/advisories/38610
http://secunia.com/advisories/39742
http://secunia.com/advisories/39830
XForce ISS Database: kernel-r8169-dos(55647)
http://xforce.iss.net/xforce/xfdb/55647
Common Vulnerability Exposure (CVE) ID: CVE-2010-1087
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
http://www.openwall.com/lists/oss-security/2010/03/03/1
BugTraq ID: 39569
http://www.securityfocus.com/bid/39569
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10442
http://secunia.com/advisories/43315
Common Vulnerability Exposure (CVE) ID: CVE-2010-1162
http://www.openwall.com/lists/oss-security/2010/04/14/1
http://www.openwall.com/lists/oss-security/2010/04/15/1
http://www.openwall.com/lists/oss-security/2010/04/15/2
http://www.openwall.com/lists/oss-security/2010/04/16/1
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
Common Vulnerability Exposure (CVE) ID: CVE-2010-1437
http://marc.info/?l=linux-kernel&m=127192182917857&w=2
http://marc.info/?l=linux-kernel&m=127274294622730&w=2
http://marc.info/?l=linux-kernel&m=127292492727029&w=2
http://www.openwall.com/lists/oss-security/2010/04/27/2
http://www.openwall.com/lists/oss-security/2010/04/28/2
http://www.redhat.com/support/errata/RHSA-2010-0474.html
BugTraq ID: 39719
http://www.securityfocus.com/bid/39719
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9715
http://secunia.com/advisories/40218
XForce ISS Database: kernel-findkeyringbyname-dos(58254)
http://xforce.iss.net/xforce/xfdb/58254
Common Vulnerability Exposure (CVE) ID: CVE-2010-1446
http://lkml.org/lkml/2010/5/10/458
http://www.openwall.com/lists/oss-security/2010/04/29/3
http://www.openwall.com/lists/oss-security/2010/04/29/9
http://www.openwall.com/lists/oss-security/2010/04/30/1
XForce ISS Database: kernel-kgdb-memory-overwrite(58840)
http://xforce.iss.net/xforce/xfdb/58840
Common Vulnerability Exposure (CVE) ID: CVE-2010-1641
https://www.redhat.com/archives/cluster-devel/2010-May/msg00049.html
http://www.openwall.com/lists/oss-security/2010/05/25/1
http://www.openwall.com/lists/oss-security/2010/05/25/12
http://www.openwall.com/lists/oss-security/2010/05/26/1
SuSE Security Announcement: SUSE-SA:2010:033 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html
BugTraq ID: 40356
http://www.securityfocus.com/bid/40356
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9916
XForce ISS Database: kernel-gfs2-security-bypass(58926)
http://xforce.iss.net/xforce/xfdb/58926
Common Vulnerability Exposure (CVE) ID: CVE-2010-1643
http://www.openwall.com/lists/oss-security/2010/05/26/2
http://www.openwall.com/lists/oss-security/2010/05/26/6
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-knfsd-9666
BugTraq ID: 40377
http://www.securityfocus.com/bid/40377
XForce ISS Database: linux-kernel-knfsd-dos(58957)
http://xforce.iss.net/xforce/xfdb/58957
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 39786 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.