Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:0883
The remote host is missing updates announced in
advisory RHSA-2011:0883.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update includes backported fixes for security issues. These issues,
except for CVE-2011-1182, only affected users of Red Hat Enterprise Linux
6.0 Extended Update Support as they have already been addressed for users
of Red Hat Enterprise Linux 6 in the 6.1 update, RHSA-2011:0542.

Security fixes:

* Buffer overflow flaws were found in the Linux kernel's Management Module
Support for Message Passing Technology (MPT) based controllers. A local,
unprivileged user could use these flaws to cause a denial of service, an
information leak, or escalate their privileges. (CVE-2011-1494,
CVE-2011-1495, Important)

* A flaw was found in the Linux kernel's networking subsystem. If the
number of packets received exceeded the receiver's buffer limit, they were
queued in a backlog, consuming memory, instead of being discarded. A remote
attacker could abuse this flaw to cause a denial of service (out-of-memory
condition). (CVE-2010-4251, CVE-2010-4805, Moderate)

* A flaw was found in the Linux kernel's Transparent Huge Pages (THP)
implementation. A local, unprivileged user could abuse this flaw to allow
the user stack (when it is using huge pages) to grow and cause a denial of
service. (CVE-2011-0999, Moderate)

* A flaw in the Linux kernel's Event Poll (epoll) implementation could
allow a local, unprivileged user to cause a denial of service.
(CVE-2011-1082, Moderate)

* An inconsistency was found in the interaction between the Linux kernel's
method for allocating NFSv4 (Network File System version 4) ACL data and
the method by which it was freed. This inconsistency led to a kernel panic
which could be triggered by a local, unprivileged user with files owned by
said user on an NFSv4 share. (CVE-2011-1090, Moderate)

* It was found that some structure padding and reserved fields in certain
data structures in KVM (Kernel-based Virtual Machine) were not initialized
properly before being copied to user-space. A privileged host user with
access to /dev/kvm could use this flaw to leak kernel stack memory to
user-space. (CVE-2010-3881, Low)

* A missing validation check was found in the Linux kernel's
mac_partition() implementation, used for supporting file systems created on
Mac OS operating systems. A local attacker could use this flaw to cause a
denial of service by mounting a disk that contains specially-crafted
partitions. (CVE-2011-1010, Low)

* A buffer overflow flaw in the DEC Alpha OSF partition implementation in
the Linux kernel could allow a local attacker to cause an information leak
by mounting a disk that contains specially-crafted partition tables.
(CVE-2011-1163, Low)

* Missing validations of null-terminated string data structure elements in
the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),
and do_arpt_get_ctl() functions could allow a local user who has the
CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,
CVE-2011-1171, CVE-2011-1172, Low)

* A missing validation check was found in the Linux kernel's signals
implementation. A local, unprivileged user could use this flaw to send
signals via the sigqueueinfo system call, with the si_code set to SI_TKILL
and with spoofed process and user IDs, to other processes. Note: This flaw
does not allow existing permission checks to be bypassed
signals can only
be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)

Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and
Nelson Elhage for reporting CVE-2011-1082
Kulikov for reporting CVE-2010-3881, CVE-2011-1170, CVE-2011-1171, and
Timo Warns for reporting CVE-2011-1010 and CVE-2011-1163

and Julien Tinnes of the Google Security Team for reporting CVE-2011-1182.

This update also fixes three bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3881
BugTraq ID: 44666
RedHat Security Advisories: RHSA-2010:0998
SuSE Security Announcement: SUSE-SA:2011:004 (Google Search)
SuSE Security Announcement: SUSE-SA:2011:007 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-4251
BugTraq ID: 46637
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-4805
Common Vulnerability Exposure (CVE) ID: CVE-2011-0999
BugTraq ID: 46442
XForce ISS Database: kernel-hugepages-dos(65535)
Common Vulnerability Exposure (CVE) ID: CVE-2011-1010
BugTraq ID: 46492
Bugtraq: 20110223 [PRE-SA-2011-01] Multiple Linux kernel vulnerabilities in partition handling code of LDM and MAC partition tables (Google Search)
XForce ISS Database: kernel-map-dos(65643)
Common Vulnerability Exposure (CVE) ID: CVE-2011-1082
Common Vulnerability Exposure (CVE) ID: CVE-2011-1090
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-1163
BugTraq ID: 46878
Bugtraq: 20110317 [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel (Google Search)
RedHat Security Advisories: RHSA-2011:0833
Common Vulnerability Exposure (CVE) ID: CVE-2011-1170
Common Vulnerability Exposure (CVE) ID: CVE-2011-1171
Common Vulnerability Exposure (CVE) ID: CVE-2011-1172
Common Vulnerability Exposure (CVE) ID: CVE-2011-1182
RedHat Security Advisories: RHSA-2011:0927
Common Vulnerability Exposure (CVE) ID: CVE-2011-1494
BugTraq ID: 47185
Common Vulnerability Exposure (CVE) ID: CVE-2011-1495
CopyrightCopyright (c) 2012 E-Soft Inc.

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.