DSA-2110Executive Summary
| Summary | |
|---|---|
| Title | New Linux 2.6.26 packages fix several issues |
| Informations | |||
|---|---|---|---|
| Name | DSA-2110 | First vendor Publication | 2010-09-17 |
| Vendor | Debian | Last vendor Modification | 2010-09-17 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
CVE-2010-2492 Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer overflow condition may allow local users to cause a denial of service or gain elevated privileges. CVE-2010-2954 Tavis Ormandy reported an issue in the irda subsystem which may allow local users to cause a denial of service via a NULL pointer dereference. CVE-2010-3078 Dan Rosenberg discovered an issue in the XFS file system that allows local users to read potentially sensitive kernel memory. CVE-2010-3080 Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation layer. Local users with sufficient privileges to open /dev/sequencer (by default on Debian, this is members of the 'audio' group) can cause a denial of service via a NULL pointer dereference. CVE-2010-3081 Ben Hawkes discovered an issue in the 32-bit compatibility code for 64-bit systems. Local users can gain elevated privileges due to insufficient checks in compat_alloc_user_space allocations. For the stable distribution (lenny), this problem has been fixed in version 2.6.26-25lenny1. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+25lenny1 |
Original Source
| Url : http://www.debian.org/security/2010/dsa-2110 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-399 | Resource Management Errors |
| CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 68213 | Linux Kernel on 64-bit include/asm/compat.h compat_alloc_user_space Function ... |
| 68176 | Linux Kernel sound/core/seq/oss/seq_oss_init.c snd_seq_oss_open Function Doub... |
| 67893 | Linux Kernel eCryptfs Subsystem fs/ecryptfs/messaging.c ecryptfs_uid_hash Mac... |
| 67881 | Linux Kernel fs/xfs/linux-2.6/xfs_ioctl.c xfs_ioc_fsgetxattr() Function Stack... |
| 67773 | Linux Kernel net/irda/af_irda.c irda_bind() Function Object Cleanup NULL Der... |
(High)
(Medium)
(Low)
