Test ID:	1.3.6.1.4.1.25623.1.1.13.2010.265.01
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2010-265-01)
Summary:	The remote host is missing an update for the '-bit' package(s) announced via the SSA:2010-265-01 advisory.
Description:	Summary: The remote host is missing an update for the '-bit' package(s) announced via the SSA:2010-265-01 advisory. Vulnerability Insight: New kernel packages are available for Slackware x86_64 13.1, and -current to fix security issues. Here are the details from the Slackware64 13.1 ChangeLog: +--------------------------+ patches/packages/linux-2.6.33.4-2/kernel-firmware-2.6.33.4-noarch-2.txz: Rebuilt. patches/packages/linux-2.6.33.4-2/kernel-generic-2.6.33.4-x86_64-2.txz: Rebuilt. This kernel has been patched to fix security problems on x86_64: 64-bit Compatibility Mode Stack Pointer Underflow (CVE-2010-3081). IA32 System Call Entry Point Vulnerability (CVE-2010-3301). These vulnerabilities allow local users to gain root privileges. For more information, see: [links moved to references] (* Security fix *) patches/packages/linux-2.6.33.4-2/kernel-headers-2.6.33.4-x86-2.txz: Rebuilt. patches/packages/linux-2.6.33.4-2/kernel-huge-2.6.33.4-x86_64-2.txz: Rebuilt. Patched for CVE-2010-3081 and CVE-2010-3301. (* Security fix *) patches/packages/linux-2.6.33.4-2/kernel-modules-2.6.33.4-x86_64-2.txz: Rebuilt. patches/packages/linux-2.6.33.4-2/kernel-source-2.6.33.4-noarch-2.txz: Rebuilt. Patched for CVE-2010-3081 and CVE-2010-3301. (* Security fix *) patches/packages/linux-2.6.33.4-2/kernels/*: Rebuilt. Patched for CVE-2010-3081 and CVE-2010-3301. (* Security fix *) +--------------------------+ Affected Software/OS: '-bit' package(s) on Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3081 20100916 Ac1db1tch3z vs x86_64 Linux Kernel http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0273.html 20100916 Workaround for Ac1db1tch3z exploit. http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0278.html 20101130 VMSA-2010-0017 VMware ESX third party update for Service Console kerne http://www.securityfocus.com/archive/1/514938/30/30/threaded 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 42384 http://secunia.com/advisories/42384 43315 http://secunia.com/advisories/43315 ADV-2010-3083 http://www.vupen.com/english/advisories/2010/3083 ADV-2010-3117 http://www.vupen.com/english/advisories/2010/3117 ADV-2011-0298 http://www.vupen.com/english/advisories/2011/0298 MDVSA-2010:198 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 MDVSA-2010:214 http://www.mandriva.com/security/advisories?name=MDVSA-2010:214 MDVSA-2010:247 http://www.mandriva.com/security/advisories?name=MDVSA-2010:247 RHSA-2010:0758 http://www.redhat.com/support/errata/RHSA-2010-0758.html RHSA-2010:0842 http://www.redhat.com/support/errata/RHSA-2010-0842.html RHSA-2010:0882 http://www.redhat.com/support/errata/RHSA-2010-0882.html SUSE-SA:2010:050 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html SUSE-SA:2011:007 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html SUSE-SR:2010:017 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html [oss-security] 20100916 CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow http://marc.info/?l=oss-security&m=128461522230211&w=2 http://blog.ksplice.com/2010/09/cve-2010-3081/ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c41d68a513c71e35a14f66d71782d27a79a81ea6 http://isc.sans.edu/diary.html?storyid=9574 http://sota.gen.nz/compat1/ http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.36-rc4-git2.log http://www.vmware.com/security/advisories/VMSA-2010-0017.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://access.redhat.com/kb/docs/DOC-40265 https://bugzilla.redhat.com/show_bug.cgi?id=634457 Common Vulnerability Exposure (CVE) ID: CVE-2010-3301 42758 http://secunia.com/advisories/42758 ADV-2011-0070 http://www.vupen.com/english/advisories/2011/0070 USN-1041-1 http://www.ubuntu.com/usn/USN-1041-1 [oss-security] 20100916 CVE-2010-3301 kernel: IA32 System Call Entry Point Vulnerability http://www.openwall.com/lists/oss-security/2010/09/16/1 [oss-security] 20100916 Re: CVE-2010-3301 kernel: IA32 System Call Entry Point Vulnerability http://www.openwall.com/lists/oss-security/2010/09/16/3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=36d001c70d8a0144ac1d038f6876c484849a74de http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eefdca043e8391dcd719711716492063030b55ac http://sota.gen.nz/compat2/ https://bugzilla.redhat.com/show_bug.cgi?id=634449
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.