Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702443
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2443-1 (linux-2.6 - privilege escalation/denial of service)
Summary:Several vulnerabilities have been discovered in the Linux kernel that may lead;to a denial of service or privilege escalation. The Common Vulnerabilities and;Exposures project identifies the following problems:;;CVE-2009-4307Nageswara R Sastry reported an issue in the ext4 filesystem. Local users;with the privileges to mount a filesystem can cause a denial of service;(BUG) by providing a s_log_groups_per_flex value greater than 31.;;CVE-2011-1833Vasiliy Kulikov of Openwall and Dan Rosenberg discovered an information;leak in the eCryptfs filesystem. Local users were able to mount arbitrary;directories.;;CVE-2011-4347Sasha Levin reported an issue in the device assignment functionality in;KVM. Local users with permission to access /dev/kvm could assign unused pci;devices to a guest and cause a denial of service (crash).;;CVE-2012-0045Stephan Barwolf reported an issue in KVM. Local users in a 32-bit guest;running on a 64-bit system can crash the guest with a syscall instruction.;;CVE-2012-1090CAI Qian reported an issue in the CIFS filesystem. A reference count leak;can occur during the lookup of special files, resulting in a denial of;service (oops) on umount.;;CVE-2012-1097H. Peter Anvin reported an issue in the regset infrastructure. Local users;can cause a denial of service (NULL pointer dereference) by triggering the;write methods of readonly regsets.
Description:Summary:
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2009-4307Nageswara R Sastry reported an issue in the ext4 filesystem. Local users
with the privileges to mount a filesystem can cause a denial of service
(BUG) by providing a s_log_groups_per_flex value greater than 31.

CVE-2011-1833Vasiliy Kulikov of Openwall and Dan Rosenberg discovered an information
leak in the eCryptfs filesystem. Local users were able to mount arbitrary
directories.

CVE-2011-4347Sasha Levin reported an issue in the device assignment functionality in
KVM. Local users with permission to access /dev/kvm could assign unused pci
devices to a guest and cause a denial of service (crash).

CVE-2012-0045Stephan Barwolf reported an issue in KVM. Local users in a 32-bit guest
running on a 64-bit system can crash the guest with a syscall instruction.

CVE-2012-1090CAI Qian reported an issue in the CIFS filesystem. A reference count leak
can occur during the lookup of special files, resulting in a denial of
service (oops) on umount.

CVE-2012-1097H. Peter Anvin reported an issue in the regset infrastructure. Local users
can cause a denial of service (NULL pointer dereference) by triggering the
write methods of readonly regsets.

Affected Software/OS:
linux-2.6 on Debian Linux

Solution:
For the stable distribution (squeeze), this problem has been fixed in version
2.6.32-41squeeze2.

The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:

 Debian 6.0 (squeeze)user-mode-linux2.6.32-1um-4+41squeeze2We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

Thanks to Micah Anderson for proof reading this text.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1097
http://www.openwall.com/lists/oss-security/2012/03/05/1
RedHat Security Advisories: RHSA-2012:0481
http://rhn.redhat.com/errata/RHSA-2012-0481.html
RedHat Security Advisories: RHSA-2012:0531
http://rhn.redhat.com/errata/RHSA-2012-0531.html
http://secunia.com/advisories/48842
http://secunia.com/advisories/48898
http://secunia.com/advisories/48964
SuSE Security Announcement: SUSE-SU-2012:0554 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
SuSE Security Announcement: SUSE-SU-2012:0616 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-4347
http://www.openwall.com/lists/oss-security/2011/11/24/7
Common Vulnerability Exposure (CVE) ID: CVE-2009-4307
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
http://lkml.org/lkml/2009/12/9/255
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9874
http://www.redhat.com/support/errata/RHSA-2010-0380.html
http://secunia.com/advisories/37658
http://secunia.com/advisories/38017
http://secunia.com/advisories/38276
SuSE Security Announcement: SUSE-SA:2010:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
SuSE Security Announcement: SUSE-SA:2010:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1833
SuSE Security Announcement: SUSE-SU-2011:0898 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html
http://www.ubuntu.com/usn/USN-1188-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-1090
http://www.openwall.com/lists/oss-security/2012/02/28/4
Common Vulnerability Exposure (CVE) ID: CVE-2012-0045
http://www.openwall.com/lists/oss-security/2012/01/12/2
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.