Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67981
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2094-1 (linux-2.6)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to linux-2.6
announced via advisory DSA 2094-1.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-4895

Kyle Bader reported an issue in the tty subsystem that allows local
users to create a denial of service (NULL pointer dereference).

CVE-2010-2226

Dan Rosenberg reported an issue in the xfs filesystem that allows local
users to copy and read a file owned by another user, for which they
only have write permissions, due to a lack of permission checking in the
XFS_SWAPEXT ioctl.

CVE-2010-2240

Rafal Wojtczuk reported an issue that allows users to obtain escalated
privileges. Users must already have sufficient privileges to execute or
connect clients to an Xorg server.

CVE-2010-2248

Suresh Jayaraman discovered an issue in the CIFS filesystem. A malicious
file server can set an incorrect CountHigh value, resulting in a
denial of service (BUG_ON() assertion).

CVE-2010-2521

Neil Brown reported an issue in the NFSv4 server code. A malicious client
could trigger a denial of service (Oops) on a server due to a bug in
the read_buf() routine.

CVE-2010-2798

Bob Peterson reported an issue in the GFS2 file system. A file system
user could cause a denial of service (Oops) via certain rename
operations.

CVE-2010-2803

Kees Cook reported an issue in the DRM (Direct Rendering Manager)
subsystem. Local users with sufficient privileges (local X users
or members of the 'video' group on a default Debian install) could
acquire access to sensitive kernel memory.

CVE-2010-2959

Ben Hawkes discovered an issue in the AF_CAN socket family. An integer
overflow condition may allow local users to obtain elevated privileges.

CVE-2010-3015

Toshiyuki Okajima reported an issue in the ext4 filesystem. Local users
could trigger a denial of service (BUG assertion) by generating a specific
set of filesystem operations.

This update also includes fixes a regression introduced by a previous
update. See the referenced Debian bug page for details.

For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-24lenny1.

We recommend that you upgrade your linux-2.6 and user-mode-linux

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%202094-1

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-4895
Debian Security Information: DSA-2094 (Google Search)
http://www.debian.org/security/2010/dsa-2094
http://www.openwall.com/lists/oss-security/2010/06/15/2
http://www.openwall.com/lists/oss-security/2010/06/15/3
http://www.openwall.com/lists/oss-security/2010/06/15/4
http://www.openwall.com/lists/oss-security/2010/06/15/5
http://www.ubuntu.com/usn/USN-1000-1
Common Vulnerability Exposure (CVE) ID: CVE-2010-2226
BugTraq ID: 40920
http://www.securityfocus.com/bid/40920
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
http://marc.info/?l=oss-security&m=127677135609357&w=2
http://marc.info/?l=oss-security&m=127687486331790&w=2
http://archives.free.net.ph/message/20100616.130710.301704aa.en.html
http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html
http://www.redhat.com/support/errata/RHSA-2010-0610.html
http://secunia.com/advisories/43315
SuSE Security Announcement: SUSE-SA:2010:060 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
SuSE Security Announcement: SUSE-SA:2011:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://www.vupen.com/english/advisories/2011/0298
Common Vulnerability Exposure (CVE) ID: CVE-2010-2240
Bugtraq: 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/517739/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2010:172
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://www.invisiblethingslab.com/resources/misc-2010/xorg-large-memory-attacks.pdf
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13247
http://www.redhat.com/support/errata/RHSA-2010-0660.html
RedHat Security Advisories: RHSA-2010:0661
https://rhn.redhat.com/errata/RHSA-2010-0661.html
http://www.redhat.com/support/errata/RHSA-2010-0670.html
http://www.redhat.com/support/errata/RHSA-2010-0882.html
http://securitytracker.com/id?1024344
Common Vulnerability Exposure (CVE) ID: CVE-2010-2248
BugTraq ID: 42242
http://www.securityfocus.com/bid/42242
http://www.openwall.com/lists/oss-security/2010/06/28/1
http://www.openwall.com/lists/oss-security/2010/06/28/6
RedHat Security Advisories: RHSA-2010:0606
https://rhn.redhat.com/errata/RHSA-2010-0606.html
http://securitytracker.com/id?1024285
Common Vulnerability Exposure (CVE) ID: CVE-2010-2521
BugTraq ID: 42249
http://www.securityfocus.com/bid/42249
http://www.openwall.com/lists/oss-security/2010/07/07/1
http://www.openwall.com/lists/oss-security/2010/07/09/2
http://www.redhat.com/support/errata/RHSA-2010-0893.html
http://www.redhat.com/support/errata/RHSA-2010-0907.html
http://securitytracker.com/id?1024286
SuSE Security Announcement: SUSE-SA:2010:040 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
http://www.vupen.com/english/advisories/2010/3050
Common Vulnerability Exposure (CVE) ID: CVE-2010-2798
BugTraq ID: 42124
http://www.securityfocus.com/bid/42124
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.openwall.com/lists/oss-security/2010/08/02/1
http://www.openwall.com/lists/oss-security/2010/08/02/10
http://www.redhat.com/support/errata/RHSA-2010-0723.html
http://securitytracker.com/id?1024386
http://secunia.com/advisories/46397
SuSE Security Announcement: SUSE-SA:2010:054 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-2803
http://www.redhat.com/support/errata/RHSA-2010-0842.html
http://secunia.com/advisories/41512
SuSE Security Announcement: SUSE-SA:2010:041 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html
http://www.vupen.com/english/advisories/2010/2430
Common Vulnerability Exposure (CVE) ID: CVE-2010-2959
BugTraq ID: 42585
http://www.securityfocus.com/bid/42585
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046947.html
http://jon.oberheide.org/files/i-can-haz-modharden.c
http://www.openwall.com/lists/oss-security/2010/08/20/2
Common Vulnerability Exposure (CVE) ID: CVE-2010-3015
BugTraq ID: 42477
http://www.securityfocus.com/bid/42477
http://www.mandriva.com/security/advisories?name=MDVSA-2010:247
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
http://marc.info/?l=oss-security&m=128192548904503&w=2
http://marc.info/?l=oss-security&m=128197862004376&w=2
http://marc.info/?l=oss-security&m=128201627016896&w=2
http://www.vupen.com/english/advisories/2010/3117
XForce ISS Database: kernel-stacksize-dos(61156)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61156
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.