English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68297
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0771
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0771.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* On AMD64 systems, it was discovered that the kernel did not ensure the
ELF interpreter was available before making a call to the SET_PERSONALITY
macro. A local attacker could use this flaw to cause a denial of service by
running a 32-bit application that attempts to execute a 64-bit application.
(CVE-2010-0307, Moderate)

* Information leak flaws were found in the Linux kernel Traffic Control
Unit implementation. A local attacker could use these flaws to cause the
kernel to leak kernel memory to user-space, possibly leading to the
disclosure of sensitive information. (CVE-2010-2942, Moderate)

* It was found that wireless drivers might not always clear allocated
buffers when handling a driver-specific IOCTL information request. A local
user could trigger this flaw to cause kernel memory to leak from the heap
to user-space, leading to an information leak. (CVE-2010-2955, Moderate)

* A flaw was found in the eql_g_master_cfg() function in the Linux kernel
equalizer load-balancer for serial network interfaces implementation. A
data structure in eql_g_master_cfg() was not initialized properly before
being copied to user-space. A local, unprivileged user could use this flaw
to cause an information leak. (CVE-2010-3297, Moderate)

Red Hat would like to thank Mathias Krause for reporting CVE-2010-0307, and
Dan Rosenberg for reporting CVE-2010-3297.

Users should upgrade to these updated packages, which upgrade the kernel-rt
kernel to version 2.6.33.7-rt29 to correct these issues. The system must be
rebooted for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0771.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
4.7

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0307
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.securityfocus.com/archive/1/516397/100/0/threaded
38027
http://www.securityfocus.com/bid/38027
38492
http://secunia.com/advisories/38492
38779
http://secunia.com/advisories/38779
38922
http://secunia.com/advisories/38922
39649
http://secunia.com/advisories/39649
43315
http://secunia.com/advisories/43315
ADV-2010-0638
http://www.vupen.com/english/advisories/2010/0638
DSA-1996
http://www.debian.org/security/2010/dsa-1996
FEDORA-2010-1787
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html
MDVSA-2010:066
http://www.mandriva.com/security/advisories?name=MDVSA-2010:066
RHSA-2010:0146
https://rhn.redhat.com/errata/RHSA-2010-0146.html
RHSA-2010:0398
http://www.redhat.com/support/errata/RHSA-2010-0398.html
RHSA-2010:0771
http://www.redhat.com/support/errata/RHSA-2010-0771.html
SUSE-SA:2010:014
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html
USN-914-1
http://www.ubuntu.com/usn/USN-914-1
[linux-mm] 20100128 DoS on x86_64
http://marc.info/?l=linux-mm&m=126466407724382&w=2
[oss-security] 20100201 CVE request - kernel: DoS on x86_64
http://www.openwall.com/lists/oss-security/2010/02/01/1
[oss-security] 20100201 Re: CVE request - kernel: DoS on x86_64
http://www.openwall.com/lists/oss-security/2010/02/01/5
[oss-security] 20100203 Re: CVE request - kernel: DoS on x86_64
http://www.openwall.com/lists/oss-security/2010/02/04/1
[oss-security] 20100204 Re: CVE request - kernel: DoS on x86_64
http://www.openwall.com/lists/oss-security/2010/02/04/9
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=221af7f87b97431e3ee21ce4b0e77d5411cf1549
http://marc.info/?t=126466700200002&r=1&w=2
http://support.avaya.com/css/P8/documents/100088287
http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of%2C20100202%2C15754.html
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://bugzilla.redhat.com/show_bug.cgi?id=560547
oval:org.mitre.oval:def:10870
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10870
Common Vulnerability Exposure (CVE) ID: CVE-2010-2942
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
http://www.securityfocus.com/archive/1/520102/100/0/threaded
41512
http://secunia.com/advisories/41512
42529
http://www.securityfocus.com/bid/42529
46397
http://secunia.com/advisories/46397
ADV-2010-2430
http://www.vupen.com/english/advisories/2010/2430
ADV-2011-0298
http://www.vupen.com/english/advisories/2011/0298
RHSA-2010:0723
http://www.redhat.com/support/errata/RHSA-2010-0723.html
RHSA-2010:0779
http://www.redhat.com/support/errata/RHSA-2010-0779.html
SUSE-SA:2010:040
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
SUSE-SA:2010:041
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html
SUSE-SA:2010:054
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
SUSE-SA:2010:060
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
SUSE-SA:2011:007
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
USN-1000-1
http://www.ubuntu.com/usn/USN-1000-1
[oss-security] 20100818 CVE request - kernel: net sched memleak
http://www.openwall.com/lists/oss-security/2010/08/18/1
[oss-security] 20100819 Re: CVE request - kernel: net sched memleak
http://www.openwall.com/lists/oss-security/2010/08/19/4
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8
http://patchwork.ozlabs.org/patch/61857/
http://support.avaya.com/css/P8/documents/100113326
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=624903
Common Vulnerability Exposure (CVE) ID: CVE-2010-2955
41245
http://secunia.com/advisories/41245
42885
http://www.securityfocus.com/bid/42885
RHSA-2010:0842
http://www.redhat.com/support/errata/RHSA-2010-0842.html
[linux-kernel] 20100827 [PATCH] wireless: fix 64K kernel heap content leak via ioctl
http://lkml.org/lkml/2010/8/27/413
[linux-kernel] 20100830 Re: [PATCH] wireless extensions: fix kernel heap content leak
http://lkml.org/lkml/2010/8/30/351
[linux-kernel] 20100830 Re: [PATCH] wireless: fix 64K kernel heap content leak via ioctl
http://lkml.org/lkml/2010/8/30/127
[linux-kernel] 20100830 [PATCH] wireless extensions: fix kernel heap content leak
http://lkml.org/lkml/2010/8/30/146
[oss-security] 20100831 CVE-2010-2955 kernel: wireless: fix 64K kernel heap content leak via ioctl
http://www.openwall.com/lists/oss-security/2010/08/31/1
http://forums.grsecurity.net/viewtopic.php?f=3&t=2290
http://git.kernel.org/?p=linux/kernel/git/linville/wireless-2.6.git%3Ba=commit%3Bh=42da2f948d949efd0111309f5827bf0298bcc9a4
http://grsecurity.net/~spender/wireless-infoleak-fix2.patch
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100831.bz2
https://bugzilla.redhat.com/show_bug.cgi?id=628434
Common Vulnerability Exposure (CVE) ID: CVE-2010-3297
41440
http://secunia.com/advisories/41440
42758
http://secunia.com/advisories/42758
43161
http://secunia.com/advisories/43161
43229
http://www.securityfocus.com/bid/43229
ADV-2011-0070
http://www.vupen.com/english/advisories/2011/0070
ADV-2011-0280
http://www.vupen.com/english/advisories/2011/0280
DSA-2126
http://www.debian.org/security/2010/dsa-2126
MDVSA-2011:051
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
SUSE-SA:2010:050
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html
USN-1041-1
http://www.ubuntu.com/usn/USN-1041-1
USN-1057-1
http://www.ubuntu.com/usn/USN-1057-1
[linux-kernel] 20100911 [PATCH] drivers/net/eql.c: prevent reading uninitialized stack memory
http://lkml.org/lkml/2010/9/11/168
[oss-security] 20100914 CVE request: kernel: numerous infoleaks
http://www.openwall.com/lists/oss-security/2010/09/14/2
[oss-security] 20100914 Re: CVE request: kernel: numerous infoleaks
http://www.openwall.com/lists/oss-security/2010/09/14/7
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=44467187dc22fdd33a1a06ea0ba86ce20be3fe3c
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc5
https://bugzilla.redhat.com/show_bug.cgi?id=633145
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.