English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.840544
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-1023-1)
Summary:The remote host is missing an update for the 'linux, linux-ec2, linux-source-2.6.15' package(s) announced via the USN-1023-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux, linux-ec2, linux-source-2.6.15' package(s) announced via the USN-1023-1 advisory.

Vulnerability Insight:
Nelson Elhage discovered several problems with the Acorn Econet protocol
driver. A local user could cause a denial of service via a NULL pointer
dereference, escalate privileges by overflowing the kernel stack, and
assign Econet addresses to arbitrary interfaces. (CVE-2010-3848,
CVE-2010-3849, CVE-2010-3850)

Brad Spengler discovered that the wireless extensions did not correctly
validate certain request sizes. A local attacker could exploit this to read
portions of kernel memory, leading to a loss of privacy. (CVE-2010-2955)

Dan Rosenberg discovered that the VIA video driver did not correctly clear
kernel memory. A local attacker could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-4082)

A flaw was discovered in the Linux kernel's splice system call. A local
user could use this flaw to cause a denial of service (system crash).
(CVE-2013-2128)

Affected Software/OS:
'linux, linux-ec2, linux-source-2.6.15' package(s) on Ubuntu 6.06, Ubuntu 8.04, Ubuntu 9.10, Ubuntu 10.04, Ubuntu 10.10.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2955
41245
http://secunia.com/advisories/41245
42885
http://www.securityfocus.com/bid/42885
ADV-2011-0298
http://www.vupen.com/english/advisories/2011/0298
RHSA-2010:0771
http://www.redhat.com/support/errata/RHSA-2010-0771.html
RHSA-2010:0842
http://www.redhat.com/support/errata/RHSA-2010-0842.html
SUSE-SA:2010:054
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
SUSE-SA:2011:007
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
USN-1000-1
http://www.ubuntu.com/usn/USN-1000-1
[linux-kernel] 20100827 [PATCH] wireless: fix 64K kernel heap content leak via ioctl
http://lkml.org/lkml/2010/8/27/413
[linux-kernel] 20100830 Re: [PATCH] wireless extensions: fix kernel heap content leak
http://lkml.org/lkml/2010/8/30/351
[linux-kernel] 20100830 Re: [PATCH] wireless: fix 64K kernel heap content leak via ioctl
http://lkml.org/lkml/2010/8/30/127
[linux-kernel] 20100830 [PATCH] wireless extensions: fix kernel heap content leak
http://lkml.org/lkml/2010/8/30/146
[oss-security] 20100831 CVE-2010-2955 kernel: wireless: fix 64K kernel heap content leak via ioctl
http://www.openwall.com/lists/oss-security/2010/08/31/1
http://forums.grsecurity.net/viewtopic.php?f=3&t=2290
http://git.kernel.org/?p=linux/kernel/git/linville/wireless-2.6.git%3Ba=commit%3Bh=42da2f948d949efd0111309f5827bf0298bcc9a4
http://grsecurity.net/~spender/wireless-infoleak-fix2.patch
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100831.bz2
https://bugzilla.redhat.com/show_bug.cgi?id=628434
Common Vulnerability Exposure (CVE) ID: CVE-2010-3848
43056
http://secunia.com/advisories/43056
43291
http://secunia.com/advisories/43291
ADV-2011-0213
http://www.vupen.com/english/advisories/2011/0213
ADV-2011-0375
http://www.vupen.com/english/advisories/2011/0375
DSA-2126
http://www.debian.org/security/2010/dsa-2126
MDVSA-2010:257
http://www.mandriva.com/security/advisories?name=MDVSA-2010:257
SUSE-SA:2011:005
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html
SUSE-SA:2011:008
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
USN-1023-1
http://www.ubuntu.com/usn/USN-1023-1
[oss-security] 20101129 kernel: Multiple vulnerabilities in AF_ECONET
http://openwall.com/lists/oss-security/2010/11/30/1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a27e13d370415add3487949c60810e36069a23a6
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2
https://bugzilla.redhat.com/show_bug.cgi?id=644156
Common Vulnerability Exposure (CVE) ID: CVE-2010-3849
20101207 Linux kernel exploit
http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa0e846494792e722d817b9d3d625a4ef4896c96
Common Vulnerability Exposure (CVE) ID: CVE-2010-3850
MDVSA-2011:051
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16c41745c7b92a243d0874f534c1655196c64b74
Common Vulnerability Exposure (CVE) ID: CVE-2010-4082
BugTraq ID: 43817
http://www.securityfocus.com/bid/43817
http://lkml.indiana.edu/hypermail//linux/kernel/1009.1/03392.html
http://www.openwall.com/lists/oss-security/2010/09/25/2
http://www.openwall.com/lists/oss-security/2010/10/06/6
http://www.openwall.com/lists/oss-security/2010/10/07/1
http://www.openwall.com/lists/oss-security/2010/10/25/3
http://www.redhat.com/support/errata/RHSA-2010-0958.html
http://www.redhat.com/support/errata/RHSA-2011-0007.html
http://secunia.com/advisories/42778
http://secunia.com/advisories/42801
http://secunia.com/advisories/42890
http://secunia.com/advisories/42932
SuSE Security Announcement: SUSE-SA:2011:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html
SuSE Security Announcement: SUSE-SA:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html
SuSE Security Announcement: SUSE-SA:2011:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html
SuSE Security Announcement: SUSE-SA:2011:007 (Google Search)
http://www.vupen.com/english/advisories/2011/0012
http://www.vupen.com/english/advisories/2011/0124
Common Vulnerability Exposure (CVE) ID: CVE-2013-2128
RHSA-2013:1051
http://rhn.redhat.com/errata/RHSA-2013-1051.html
[oss-security] 20130529 Re: CVE request: Linux kernel: net: oops from tcp_collapse() when using splice(2)
http://www.openwall.com/lists/oss-security/2013/05/29/11
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=baff42ab1494528907bf4d5870359e31711746ae
https://bugzilla.redhat.com/show_bug.cgi?id=968484
https://github.com/torvalds/linux/commit/baff42ab1494528907bf4d5870359e31711746ae
CopyrightCopyright (C) 2010 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.