English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870695
Category:Red Hat Local Security Checks
Title:RedHat Update for Red Hat Enterprise Linux 6 kernel RHSA-2011:1530-03
Summary:The remote host is missing an update for the 'Red Hat Enterprise Linux 6 kernel'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'Red Hat Enterprise Linux 6 kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* The proc file system could allow a local, unprivileged user to obtain
sensitive information or possibly cause integrity issues. (CVE-2011-1020,
Moderate)

* Non-member VLAN (virtual LAN) packet handling for interfaces in
promiscuous mode and also using the be2net driver could allow an attacker
on the local network to cause a denial of service. (CVE-2011-3347,
Moderate)

* A flaw was found in the Linux kernel in the way splitting two extents in
ext4_ext_convert_to_initialized() worked. A local, unprivileged user with
access to mount and unmount ext4 file systems could use this flaw to cause
a denial of service. (CVE-2011-3638, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's
key management facility handled user-defined key types. A local,
unprivileged user could use the keyctl utility to cause a denial of
service. (CVE-2011-4110, Moderate)

Red Hat would like to thank Kees Cook for reporting CVE-2011-1020, Somnath
Kotur for reporting CVE-2011-3347, and Zheng Liu for reporting
CVE-2011-3638.

This update also fixes several hundred bugs and adds enhancements. Refer to
the Red Hat Enterprise Linux 6.2 Release Notes for information on the most
significant of these changes, and the Technical Notes for further
information, both linked to in the References.

All Red Hat Enterprise Linux 6 users are advised to install these updated
packages, which correct these issues, and fix the bugs and add the
enhancements noted in the Red Hat Enterprise Linux 6.2 Release Notes and
Technical Notes. The system must be rebooted for this update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at the linked references.

To install kernel packages manually, use 'rpm -ivh [package]'. Do not
use 'rpm -Uvh' as that will remove the running kernel binaries from
your system. You may use 'rpm -e' to remove old kernels after
determining that the new kernel ..

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
Red Hat Enterprise Linux 6 kernel on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.6

CVSS Vector:
AV:A/AC:H/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1020
20110122 Proc filesystem and SUID-Binaries
http://seclists.org/fulldisclosure/2011/Jan/421
43496
http://secunia.com/advisories/43496
46567
http://www.securityfocus.com/bid/46567
8107
http://securityreason.com/securityalert/8107
[linux-kernel] 20110207 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec
https://lkml.org/lkml/2011/2/7/414
https://lkml.org/lkml/2011/2/7/474
[linux-kernel] 20110207 [SECURITY] /proc/$pid/ leaks contents across setuid exec
https://lkml.org/lkml/2011/2/7/368
[linux-kernel] 20110208 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec
https://lkml.org/lkml/2011/2/7/404
https://lkml.org/lkml/2011/2/7/466
[linux-kernel] 20110209 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec
https://lkml.org/lkml/2011/2/10/21
https://lkml.org/lkml/2011/2/9/417
[oss-security] 20110224 CVE request: kernel: /proc/$pid/ leaks contents across setuid exec
http://openwall.com/lists/oss-security/2011/02/24/18
[oss-security] 20110225 Re: CVE request: kernel: /proc/$pid/ leaks contents across setuid exec
http://openwall.com/lists/oss-security/2011/02/25/2
http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/
kernel-procpid-security-bypass(65693)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65693
Common Vulnerability Exposure (CVE) ID: CVE-2011-3347
https://bugzilla.redhat.com/show_bug.cgi?id=736425
https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=fadca7bdc43b02f518585d9547019966415cadfd
Common Vulnerability Exposure (CVE) ID: CVE-2011-3638
[oss-security] 20111024 Re: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops
http://www.openwall.com/lists/oss-security/2011/10/24/2
http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3
https://bugzilla.redhat.com/show_bug.cgi?id=747942
https://github.com/torvalds/linux/commit/667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3
Common Vulnerability Exposure (CVE) ID: CVE-2011-4110
47754
http://secunia.com/advisories/47754
50755
http://www.securityfocus.com/bid/50755
HPSBGN02970
http://marc.info/?l=bugtraq&m=139447903326211&w=2
USN-1324-1
http://www.ubuntu.com/usn/USN-1324-1
USN-1328-1
http://www.ubuntu.com/usn/USN-1328-1
USN-1344-1
http://www.ubuntu.com/usn/USN-1344-1
[linux-kernel] 20111115 [PATCH] KEYS: Fix a NULL pointer deref in the user-defined key type
https://lkml.org/lkml/2011/11/15/363
[oss-security] 20111121 CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
http://www.openwall.com/lists/oss-security/2011/11/21/19
[oss-security] 20111121 Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
http://www.openwall.com/lists/oss-security/2011/11/22/6
[oss-security] 20111122 Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
http://www.openwall.com/lists/oss-security/2011/11/22/5
https://bugzilla.redhat.com/show_bug.cgi?id=751297
CopyrightCopyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.