Test ID:	1.3.6.1.4.1.25623.1.0.840703
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1170-1)
Summary:	The remote host is missing an update for the 'linux' package(s) announced via the USN-1170-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux' package(s) announced via the USN-1170-1 advisory. Vulnerability Insight: Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4076, CVE-2010-4077) It was discovered that Xen did not correctly handle certain block requests. A local attacker in a Xen guest could cause the Xen host to use all available CPU resources, leading to a denial of service. (CVE-2010-4247) It was discovered that the ICMP stack did not correctly handle certain unreachable messages. If a remote attacker were able to acquire a socket lock, they could send specially crafted traffic that would crash the system, leading to a denial of service. (CVE-2010-4526) Kees Cook reported that /proc/pid/stat did not correctly filter certain memory locations. A local attacker could determine the memory layout of processes in an attempt to increase the chances of a successful memory corruption exploit. (CVE-2011-0726) Timo Warns discovered that OSF partition parsing routines did not correctly clear memory. A local attacker with physical access could plug in a specially crafted block device to read kernel memory, leading to a loss of privacy. (CVE-2011-1163) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-1745, CVE-2011-2022) Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service. (CVE-2011-1746) Affected Software/OS: 'linux' package(s) on Ubuntu 8.04. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4076 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862 http://lkml.org/lkml/2010/9/15/389 http://www.openwall.com/lists/oss-security/2010/09/25/2 http://www.openwall.com/lists/oss-security/2010/10/06/6 http://www.openwall.com/lists/oss-security/2010/10/07/1 http://www.openwall.com/lists/oss-security/2010/10/25/3 Common Vulnerability Exposure (CVE) ID: CVE-2010-4077 BugTraq ID: 45059 http://www.securityfocus.com/bid/45059 http://lkml.indiana.edu/hypermail//linux/kernel/1009.1/03387.html http://www.redhat.com/support/errata/RHSA-2010-0958.html http://www.redhat.com/support/errata/RHSA-2011-0007.html http://secunia.com/advisories/42890 http://securityreason.com/securityalert/8129 Common Vulnerability Exposure (CVE) ID: CVE-2010-4247 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console http://www.securityfocus.com/archive/1/520102/100/0/threaded 35093 http://secunia.com/advisories/35093 42789 http://secunia.com/advisories/42789 45029 http://www.securityfocus.com/bid/45029 46397 http://secunia.com/advisories/46397 ADV-2011-0024 http://www.vupen.com/english/advisories/2011/0024 RHSA-2011:0004 http://www.redhat.com/support/errata/RHSA-2011-0004.html [oss-security] 20101123 CVE request: xen: request-processing loop is unbounded in blkback http://www.openwall.com/lists/oss-security/2010/11/23/1 [oss-security] 20101124 Re: CVE request: xen: request-processing loop is unbounded in blkback http://www.openwall.com/lists/oss-security/2010/11/24/8 http://www.vmware.com/security/advisories/VMSA-2011-0012.html http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d https://bugzilla.redhat.com/show_bug.cgi?id=656206 Common Vulnerability Exposure (CVE) ID: CVE-2010-4526 42964 http://secunia.com/advisories/42964 45661 http://www.securityfocus.com/bid/45661 ADV-2011-0169 http://www.vupen.com/english/advisories/2011/0169 RHSA-2011:0163 http://www.redhat.com/support/errata/RHSA-2011-0163.html [oss-security] 20110104 CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() http://www.openwall.com/lists/oss-security/2011/01/04/3 [oss-security] 20110104 Re: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() http://www.openwall.com/lists/oss-security/2011/01/04/13 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526 kernel-icmp-message-dos(64616) https://exchange.xforce.ibmcloud.com/vulnerabilities/64616 Common Vulnerability Exposure (CVE) ID: CVE-2011-0726 BugTraq ID: 47791 http://www.securityfocus.com/bid/47791 https://lkml.org/lkml/2011/3/11/380 http://www.spinics.net/lists/mm-commits/msg82726.html RedHat Security Advisories: RHSA-2011:0833 http://rhn.redhat.com/errata/RHSA-2011-0833.html Common Vulnerability Exposure (CVE) ID: CVE-2011-1163 1025225 http://securitytracker.com/id?1025225 20110317 [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel http://www.securityfocus.com/archive/1/517050 46878 http://www.securityfocus.com/bid/46878 8189 http://securityreason.com/securityalert/8189 RHSA-2011:0833 SUSE-SU-2015:0812 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html [mm-commits] 20110314 + fs-partitions-osfc-corrupted-osf-partition-table-can-cause-information-disclosure.patch added to -mm tree http://www.spinics.net/lists/mm-commits/msg82737.html [oss-security] 20110315 CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure http://openwall.com/lists/oss-security/2011/03/15/9 [oss-security] 20110315 Re: CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure http://openwall.com/lists/oss-security/2011/03/15/14 http://downloads.avaya.com/css/P8/documents/100145416 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 http://www.pre-cert.de/advisories/PRE-SA-2011-02.txt https://bugzilla.redhat.com/show_bug.cgi?id=688021 Common Vulnerability Exposure (CVE) ID: CVE-2011-1577 1025355 http://securitytracker.com/id?1025355 20110413 [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel http://www.securityfocus.com/archive/1/517477/100/0/threaded 47343 http://www.securityfocus.com/bid/47343 8238 http://securityreason.com/securityalert/8238 FEDORA-2011-7823 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html [mm-commits] 20110412 + fs-partitions-efic-corrupted-guid-partition-tables-can-cause-kernel-oops.patch added to -mm tree http://www.spinics.net/lists/mm-commits/msg83274.html [oss-security] 20110412 CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops http://openwall.com/lists/oss-security/2011/04/12/17 [oss-security] 20110413 Re: CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops http://openwall.com/lists/oss-security/2011/04/13/1 https://bugzilla.redhat.com/show_bug.cgi?id=695976 kernel-guid-dos(66773) https://exchange.xforce.ibmcloud.com/vulnerabilities/66773 Common Vulnerability Exposure (CVE) ID: CVE-2011-1745 47534 http://www.securityfocus.com/bid/47534 RHSA-2011:0927 http://rhn.redhat.com/errata/RHSA-2011-0927.html [linux-kernel] 20110414 [PATCH] char: agp: fix arbitrary kernel memory writes https://lkml.org/lkml/2011/4/14/293 [oss-security] 20110421 CVE request: kernel: buffer overflow and DoS issues in agp http://openwall.com/lists/oss-security/2011/04/21/4 [oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp http://openwall.com/lists/oss-security/2011/04/22/7 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=194b3da873fd334ef183806db751473512af29ce http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5 https://bugzilla.redhat.com/show_bug.cgi?id=698996 Common Vulnerability Exposure (CVE) ID: CVE-2011-1746 47535 http://www.securityfocus.com/bid/47535 [linux-kernel] 20110414 [PATCH] char: agp: fix OOM and buffer overflow https://lkml.org/lkml/2011/4/14/294 [linux-kernel] 20110419 Re: [PATCH] char: agp: fix OOM and buffer overflow https://lkml.org/lkml/2011/4/19/400 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b522f02184b413955f3bc952e3776ce41edc6355 https://bugzilla.redhat.com/show_bug.cgi?id=698998 Common Vulnerability Exposure (CVE) ID: CVE-2011-2022 BugTraq ID: 47843 http://www.securityfocus.com/bid/47843 RedHat Security Advisories: RHSA-2011:0927
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.