Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title New Linux 2.6.26 packages fix several issues
Informations
Name DSA-2126 First vendor Publication 2010-11-26
Vendor Debian Last vendor Modification 2010-11-26
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 8.3 Attack Range Adjacent network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 6.5 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

CVE-2010-2963

Kees Cook discovered an issue in the v4l 32-bit compatibility layer for 64-bit systems that allows local users with /dev/video write permission to overwrite arbitrary kernel memory, potentially leading to a privilege escalation. On Debian systems, access to /dev/video devices is restricted to members of the 'video' group by default.

CVE-2010-3067

Tavis Ormandy discovered an issue in the io_submit system call. Local users can cause an integer overflow resulting in a denial of service.

CVE-2010-3296

Dan Rosenberg discovered an issue in the cxgb network driver that allows unprivileged users to obtain the contents of sensitive kernel memory.

CVE-2010-3297

Dan Rosenberg discovered an issue in the eql network driver that allows local users to obtain the contents of sensitive kernel memory.

CVE-2010-3310

Dan Rosenberg discovered an issue in the ROSE socket implementation. On systems with a rose device, local users can cause a denial of service (kernel memory corruption).

CVE-2010-3432

Thomas Dreibholz discovered an issue in the SCTP protocol that permits a remote user to cause a denial of service (kernel panic).

CVE-2010-3437

Dan Rosenberg discovered an issue in the pktcdvd driver. Local users with permission to open /dev/pktcdvd/control can obtain the contents of sensitive kernel memory or cause a denial of service. By default on Debian systems, this access is restricted to members of the group 'cdrom'.

CVE-2010-3442

Dan Rosenberg discovered an issue in the ALSA sound system. Local users with permission to open /dev/snd/controlC0 can create an integer overflow condition that causes a denial of service. By default on Debian systems, this access is restricted to members of the group 'audio'.

CVE-2010-3448

Dan Jacobson reported an issue in the thinkpad-acpi driver. On certain Thinkpad systems, local users can cause a denial of service (X.org crash) by reading /proc/acpi/ibm/video.

CVE-2010-3477

Jeff Mahoney discovered an issue in the Traffic Policing (act_police) module that allows local users to obtain the contents of sensitive kernel memory.

CVE-2010-3705

Dan Rosenberg reported an issue in the HMAC processing code in the SCTP protocol that allows remote users to create a denial of service (memory corruption).

CVE-2010-3848

Nelson Elhage discovered an issue in the Econet protocol. Local users can cause a stack overflow condition with large msg->msgiovlen values that can result in a denial of service or privilege escalation.

CVE-2010-3849

Nelson Elhage discovered an issue in the Econet protocol. Local users can cause a denial of service (oops) if a NULL remote addr value is passed as a parameter to sendmsg().

CVE-2010-3850

Nelson Elhage discovered an issue in the Econet protocol. Local users can assign econet addresses to arbitrary interfaces due to a missing capabilities check.

CVE-2010-3858

Brad Spengler reported an issue in the setup_arg_pages() function. Due to a bounds-checking failure, local users can create a denial of service (kernel oops).

CVE-2010-3859

Dan Rosenberg reported an issue in the TIPC protocol. When the tipc module is loaded, local users can gain elevated privileges via the sendmsg() system call.

CVE-2010-3873

Dan Rosenberg reported an issue in the X.25 network protocol. Local users can cause heap corruption, resulting in a denial of service (kernel panic).

CVE-2010-3874

Dan Rosenberg discovered an issue in the Control Area Network (CAN) subsystem on 64-bit systems. Local users may be able to cause a denial of service (heap corruption).

CVE-2010-3875

Vasiliy Kulikov discovered an issue in the AX.25 protocol. Local users can obtain the contents of sensitive kernel memory.

CVE-2010-3876

Vasiliy Kulikov discovered an issue in the Packet protocol. Local users can obtain the contents of sensitive kernel memory.

CVE-2010-3877

Vasiliy Kulikov discovered an issue in the TIPC protocol. Local users can obtain the contents of sensitive kernel memory.

CVE-2010-3880

Nelson Elhage discovered an issue in the INET_DIAG subsystem. Local users can cause the kernel to execute unaudited INET_DIAG bytecode, resulting in a denial of service.

CVE-2010-4072

Kees Cook discovered an issue in the System V shared memory subsystem. Local users can obtain the contents of sensitive kernel memory.

CVE-2010-4073

Dan Rosenberg discovered an issue in the System V shared memory subsystem. Local users on 64-bit system can obtain the contents of sensitive kernel memory via the 32-bit compatible semctl() system call.

CVE-2010-4074

Dan Rosenberg reported issues in the mos7720 and mos7840 drivers for USB serial converter devices. Local users with access to these devices can obtain the contents of sensitive kernel memory.

CVE-2010-4078

Dan Rosenberg reported an issue in the framebuffer driver for SiS graphics chipesets (sisfb). Local users with access to the framebuffer device can obtain the contents of sensitive kernel memory via the FBIOGET_VBLANK ioctl.

CVE-2010-4079

Dan Rosenberg reported an issue in the ivtvfb driver used for the Hauppauge PVR-350 card. Local users with access to the framebuffer device can obtain the contents of sensitive kernel memory via the FBIOGET_VBLANK ioctl. CVE-2010-4080

Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall DSP audio devices. Local users with access to the audio device can obtain the contents of sensitive kernel memory via the SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl.

CVE-2010-4081

Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall DSP MADI audio devices. Local users with access to the audio device can obtain the contents of sensitive kernel memory via the SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl.

CVE-2010-4083

Dan Rosenberg discovered an issue in the semctl system call. Local users can obtain the contents of sensitive kernel memory through usage of the semid_ds structure.

CVE-2010-4164

Dan Rosenberg discovered an issue in the X.25 network protocol. Remote users can achieve a denial of service (infinite loop) by taking advantage of an integer underflow in the facility parsing code.

For the stable distribution (lenny), this problem has been fixed in version 2.6.26-26lenny1.

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update:

Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+26lenny1

Original Source

Url : http://www.debian.org/security/2010/dsa-2126

CWE : Common Weakness Enumeration

% Id Name
30 % CWE-200 Information Exposure
13 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
9 % CWE-476 NULL Pointer Dereference
9 % CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
9 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)
9 % CWE-20 Improper Input Validation
4 % CWE-399 Resource Management Errors
4 % CWE-264 Permissions, Privileges, and Access Controls
4 % CWE-191 Integer Underflow (Wrap or Wraparound)
4 % CWE-189 Numeric Errors (CWE/SANS Top 25)
4 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12710
 
Oval ID: oval:org.mitre.oval:def:12710
Title: DSA-2126-1 linux-2.6 -- privilege escalation/denial of service/information leak
Description: CVE-2010-2963 Kees Cook discovered an issue in the v4l 32-bit compatibility layer for 64-bit systems that allows local users with /dev/video write permission to overwrite arbitrary kernel memory, potentially leading to a privilege escalation. On Debian systems, access to /dev/video devices is restricted to members of the "video" group by default. CVE-2010-3067 Tavis Ormandy discovered an issue in the io_submit system call. Local users can cause an integer overflow resulting in a denial of service. CVE-2010-3296 Dan Rosenberg discovered an issue in the cxgb network driver that allows unprivileged users to obtain the contents of sensitive kernel memory. CVE-2010-3297 Dan Rosenberg discovered an issue in the eql network driver that allows local users to obtain the contents of sensitive kernel memory. CVE-2010-3310 Dan Rosenberg discovered an issue in the ROSE socket implementation. On systems with a rose device, local users can cause a denial of service. CVE-2010-3432 Thomas Dreibholz discovered an issue in the SCTP protocol that permits a remote user to cause a denial of service. CVE-2010-3437 Dan Rosenberg discovered an issue in the pktcdvd driver. Local users with permission to open /dev/pktcdvd/control can obtain the contents of sensitive kernel memory or cause a denial of service. By default on Debian systems, this access is restricted to members of the group "cdrom". CVE-2010-3442 Dan Rosenberg discovered an issue in the ALSA sound system. Local users with permission to open /dev/snd/controlC0 can create an integer overflow condition that causes a denial of service. By default on Debian systems, this access is restricted to members of the group "audio". CVE-2010-3448 Dan Jacobson reported an issue in the thinkpad-acpi driver. On certain Thinkpad systems, local users can cause a denial of service by reading /proc/acpi/ibm/video. CVE-2010-3477 Jeff Mahoney discovered an issue in the Traffic Policing module that allows local users to obtain the contents of sensitive kernel memory. CVE-2010-3705 Dan Rosenberg reported an issue in the HMAC processing code in the SCTP protocol that allows remote users to create a denial of service. CVE-2010-3848 Nelson Elhage discovered an issue in the Econet protocol. Local users can cause a stack overflow condition with large msg->msgiovlen values that can result in a denial of service or privilege escalation. CVE-2010-3849 Nelson Elhage discovered an issue in the Econet protocol. Local users can cause a denial of service if a NULL remote addr value is passed as a parameter to sendmsg. CVE-2010-3850 Nelson Elhage discovered an issue in the Econet protocol. Local users can assign econet addresses to arbitrary interfaces due to a missing capabilities check. CVE-2010-3858 Brad Spengler reported an issue in the setup_arg_pages function. Due to a bounds-checking failure, local users can create a denial of service. CVE-2010-3859 Dan Rosenberg reported an issue in the TIPC protocol. When the tipc module is loaded, local users can gain elevated privileges via the sendmsg system call. CVE-2010-3873 Dan Rosenberg reported an issue in the X.25 network protocol. Local users can cause heap corruption, resulting in a denial of service. CVE-2010-3874 Dan Rosenberg discovered an issue in the Control Area Network subsystem on 64-bit systems. Local users may be able to cause a denial of service. CVE-2010-3875 Vasiliy Kulikov discovered an issue in the AX.25 protocol. Local users can obtain the contents of sensitive kernel memory. CVE-2010-3876 Vasiliy Kulikov discovered an issue in the Packet protocol. Local users can obtain the contents of sensitive kernel memory. CVE-2010-3877 Vasiliy Kulikov discovered an issue in the TIPC protocol. Local users can obtain the contents of sensitive kernel memory. CVE-2010-3880 Nelson Elhage discovered an issue in the INET_DIAG subsystem. Local users can cause the kernel to execute unaudited INET_DIAG bytecode, resulting in a denial of service. CVE-2010-4072 Kees Cook discovered an issue in the System V shared memory subsystem. Local users can obtain the contents of sensitive kernel memory. CVE-2010-4073 Dan Rosenberg discovered an issue in the System V shared memory subsystem. Local users on 64-bit system can obtain the contents of sensitive kernel memory via the 32-bit compatible semctl system call. CVE-2010-4074 Dan Rosenberg reported issues in the mos7720 and mos7840 drivers for USB serial converter devices. Local users with access to these devices can obtain the contents of sensitive kernel memory. CVE-2010-4078 Dan Rosenberg reported an issue in the framebuffer driver for SiS graphics chipesets. Local users with access to the framebuffer device can obtain the contents of sensitive kernel memory via the FBIOGET_VBLANK ioctl. CVE-2010-4079 Dan Rosenberg reported an issue in the ivtvfb driver used for the Hauppauge PVR-350 card. Local users with access to the framebuffer device can obtain the contents of sensitive kernel memory via the FBIOGET_VBLANK ioctl. CVE-2010-4080 Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall DSP audio devices. Local users with access to the audio device can obtain the contents of sensitive kernel memory via the SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl. CVE-2010-4081 Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall DSP MADI audio devices. Local users with access to the audio device can obtain the contents of sensitive kernel memory via the SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl. CVE-2010-4083 Dan Rosenberg discovered an issue in the semctl system call. Local users can obtain the contents of sensitive kernel memory through usage of the semid_ds structure. CVE-2010-4164 Dan Rosenberg discovered an issue in the X.25 network protocol. Remote users can achieve a denial of service by taking advantage of an integer underflow in the facility parsing code. For the stable distribution, this problem has been fixed in version 2.6.26-26lenny1. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 user-mode-linux 2.6.26-1um-2+26lenny1
Family: unix Class: patch
Reference(s): DSA-2126-1
CVE-2010-2963
CVE-2010-3067
CVE-2010-3296
CVE-2010-3297
CVE-2010-3310
CVE-2010-3432
CVE-2010-3437
CVE-2010-3442
CVE-2010-3448
CVE-2010-3477
CVE-2010-3705
CVE-2010-3848
CVE-2010-3849
CVE-2010-3850
CVE-2010-3858
CVE-2010-3859
CVE-2010-3873
CVE-2010-3874
CVE-2010-3875
CVE-2010-3876
CVE-2010-3877
CVE-2010-3880
CVE-2010-4072
CVE-2010-4073
CVE-2010-4074
CVE-2010-4078
CVE-2010-4079
CVE-2010-4080
CVE-2010-4081
CVE-2010-4083
CVE-2010-4164
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13031
 
Oval ID: oval:org.mitre.oval:def:13031
Title: USN-1057-1 -- linux-source-2.6.15 vulnerabilities
Description: Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. A remote attacker could exploit this to read or write disk blocks that had changed file assignment or had become unlinked, leading to a loss of privacy. Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. Kees Cook and Vasiliy Kulikov discovered that the shm interface did not clear kernel memory correctly. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy
Family: unix Class: patch
Reference(s): USN-1057-1
CVE-2010-2943
CVE-2010-3297
CVE-2010-4072
Version: 5
Platform(s): Ubuntu 6.06
Product(s): linux-source-2.6.15
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19636
 
Oval ID: oval:org.mitre.oval:def:19636
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3858
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19982
 
Oval ID: oval:org.mitre.oval:def:19982
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4073
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20057
 
Oval ID: oval:org.mitre.oval:def:20057
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3442
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20098
 
Oval ID: oval:org.mitre.oval:def:20098
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3067
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20379
 
Oval ID: oval:org.mitre.oval:def:20379
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3876
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20436
 
Oval ID: oval:org.mitre.oval:def:20436
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
Family: unix Class: vulnerability
Reference(s): CVE-2010-4072
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20452
 
Oval ID: oval:org.mitre.oval:def:20452
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3477
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20464
 
Oval ID: oval:org.mitre.oval:def:20464
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3432
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20509
 
Oval ID: oval:org.mitre.oval:def:20509
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3296
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20553
 
Oval ID: oval:org.mitre.oval:def:20553
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3880
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20569
 
Oval ID: oval:org.mitre.oval:def:20569
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4080
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20584
 
Oval ID: oval:org.mitre.oval:def:20584
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3859
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20592
 
Oval ID: oval:org.mitre.oval:def:20592
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3877
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20621
 
Oval ID: oval:org.mitre.oval:def:20621
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4081
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22159
 
Oval ID: oval:org.mitre.oval:def:22159
Title: RHSA-2010:0839: kernel security and bug fix update (Moderate)
Description: The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.
Family: unix Class: patch
Reference(s): RHSA-2010:0839-01
CESA-2010:0839
CVE-2010-3066
CVE-2010-3067
CVE-2010-3078
CVE-2010-3086
CVE-2010-3448
CVE-2010-3477
Version: 81
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22976
 
Oval ID: oval:org.mitre.oval:def:22976
Title: ELSA-2010:0839: kernel security and bug fix update (Moderate)
Description: The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.
Family: unix Class: patch
Reference(s): ELSA-2010:0839-01
CVE-2010-3066
CVE-2010-3067
CVE-2010-3078
CVE-2010-3086
CVE-2010-3448
CVE-2010-3477
Version: 29
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27240
 
Oval ID: oval:org.mitre.oval:def:27240
Title: ELSA-2010-2009 -- Oracle Linux 5 Unbreakable Enterprise kernel security fix update (important)
Description: Following security bugs are fixed in this errata CVE-2010-3904 When copying data to userspace, the RDS protocol failed to verify that the user-provided address was a valid userspace address. A local unprivileged user could issue specially crafted socket calls to write arbitrary values into kernel memory and potentially escalate privileges to root. CVE-2010-3067 Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. CVE-2010-3477 The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942. kernel: [2.6.32-100.21.1.el5] - [rds] fix access issue with rds (Chris Mason) {CVE-2010-3904} - [fuse] linux-2.6.32-fuse-return-EGAIN-if-not-connected-bug-10154489.patch - [net] linux-2.6.32-net-sched-fix-kernel-leak-in-act_police.patch - [aio] linux-2.6.32-aio-check-for-multiplication-overflow-in-do_io_subm.patch ofa: [1.5.1-4.0.23] - Fix rds permissions checks during copies [1.5.1-4.0.21] - Update to BXOFED 1.5.1-1.3.6-5
Family: unix Class: patch
Reference(s): ELSA-2010-2009
CVE-2010-3477
CVE-2010-3904
CVE-2010-3067
Version: 5
Platform(s): Oracle Linux 5
Product(s): kernel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-firmware
kernel-headers
ofa
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27737
 
Oval ID: oval:org.mitre.oval:def:27737
Title: DEPRECATED: ELSA-2010-0839 -- kernel security and bug fix update (moderate)
Description: [2.6.18-194.26.1.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb (John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314] - [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702] - [net] bonding: fix xen+bonding+netconsole panic issue (Joe Jin) [orabug 9504524] - [rds] Patch rds to 1.4.2-14 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki, Chris Mason, Herbert van den Bergh) [orabug 9245919] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346]
Family: unix Class: patch
Reference(s): ELSA-2010-0839
CVE-2010-3477
CVE-2010-3066
CVE-2010-3067
CVE-2010-3078
CVE-2010-3086
CVE-2010-3448
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 9
Os 1
Os 1
Os 1352
Os 4
Os 3
Os 1
Os 4
Os 1

ExploitDB Exploits

id Description
2011-09-05 Linux Kernel < 2.6.36.2 Econet Privilege Escalation Exploit
2010-12-07 Linux Kernel <= 2.6.37 - Local Privilege Escalation
2010-10-28 Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
2010-09-29 Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure

OpenVAS Exploits

Date Description
2012-08-02 Name : SuSE Update for kernel openSUSE-SU-2012:0236-1 (kernel)
File : nvt/gb_suse_2012_0236_1.nasl
2012-08-02 Name : SuSE Update for kernel openSUSE-SU-2012:0206-1 (kernel)
File : nvt/gb_suse_2012_0206_1.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2010:0936 centos4 x86_64
File : nvt/gb_CESA-2010_0936_kernel_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2011:0004 centos5 x86_64
File : nvt/gb_CESA-2011_0004_kernel_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2011:0162 centos4 x86_64
File : nvt/gb_CESA-2011_0162_kernel_centos4_x86_64.nasl
2012-06-06 Name : RedHat Update for kernel RHSA-2011:0836-01
File : nvt/gb_RHSA-2011_0836-01_kernel.nasl
2012-06-06 Name : RedHat Update for kernel RHSA-2011:0421-01
File : nvt/gb_RHSA-2011_0421-01_kernel.nasl
2012-06-05 Name : RedHat Update for kernel RHSA-2011:0007-01
File : nvt/gb_RHSA-2011_0007-01_kernel.nasl
2012-03-16 Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX...
File : nvt/gb_VMSA-2011-0012.nasl
2011-12-02 Name : Fedora Update for kernel FEDORA-2011-16346
File : nvt/gb_fedora_2011_16346_kernel_fc14.nasl
2011-11-08 Name : Fedora Update for kernel FEDORA-2011-15241
File : nvt/gb_fedora_2011_15241_kernel_fc14.nasl
2011-10-31 Name : Ubuntu Update for linux-ti-omap4 USN-1244-1
File : nvt/gb_ubuntu_USN_1244_1.nasl
2011-10-31 Name : Fedora Update for kernel FEDORA-2011-14747
File : nvt/gb_fedora_2011_14747_kernel_fc14.nasl
2011-10-10 Name : Fedora Update for kernel FEDORA-2011-12874
File : nvt/gb_fedora_2011_12874_kernel_fc14.nasl
2011-09-23 Name : RedHat Update for kernel RHSA-2011:1321-01
File : nvt/gb_RHSA-2011_1321-01_kernel.nasl
2011-09-16 Name : Ubuntu Update for linux-ti-omap4 USN-1202-1
File : nvt/gb_ubuntu_USN_1202_1.nasl
2011-09-16 Name : Ubuntu Update for linux-fsl-imx51 USN-1204-1
File : nvt/gb_ubuntu_USN_1204_1.nasl
2011-08-27 Name : Fedora Update for kernel FEDORA-2011-11103
File : nvt/gb_fedora_2011_11103_kernel_fc14.nasl
2011-08-12 Name : Ubuntu Update for linux USN-1186-1
File : nvt/gb_ubuntu_USN_1186_1.nasl
2011-08-12 Name : Ubuntu Update for linux-lts-backport-maverick USN-1187-1
File : nvt/gb_ubuntu_USN_1187_1.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2011:0004 centos5 i386
File : nvt/gb_CESA-2011_0004_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2010:0839 centos5 i386
File : nvt/gb_CESA-2010_0839_kernel_centos5_i386.nasl
2011-08-03 Name : Debian Security Advisory DSA 2264-1 (linux-2.6)
File : nvt/deb_2264_1.nasl
2011-07-18 Name : Ubuntu Update for linux USN-1167-1
File : nvt/gb_ubuntu_USN_1167_1.nasl
2011-07-08 Name : Ubuntu Update for linux-fsl-imx51 USN-1164-1
File : nvt/gb_ubuntu_USN_1164_1.nasl
2011-06-24 Name : Fedora Update for kernel FEDORA-2011-6447
File : nvt/gb_fedora_2011_6447_kernel_fc13.nasl
2011-06-20 Name : Fedora Update for kernel FEDORA-2011-7551
File : nvt/gb_fedora_2011_7551_kernel_fc14.nasl
2011-05-17 Name : Fedora Update for kernel FEDORA-2011-6541
File : nvt/gb_fedora_2011_6541_kernel_fc14.nasl
2011-05-10 Name : Ubuntu Update for linux-ti-omap4 USN-1119-1
File : nvt/gb_ubuntu_USN_1119_1.nasl
2011-05-10 Name : Ubuntu Update for linux-source-2.6.15 USN-1111-1
File : nvt/gb_ubuntu_USN_1111_1.nasl
2011-05-06 Name : SuSE Update for kernel SUSE-SA:2011:020
File : nvt/gb_suse_2011_020.nasl
2011-04-22 Name : SuSE Update for kernel SUSE-SA:2011:017
File : nvt/gb_suse_2011_017.nasl
2011-04-11 Name : Ubuntu Update for linux vulnerabilities USN-1105-1
File : nvt/gb_ubuntu_USN_1105_1.nasl
2011-03-15 Name : Fedora Update for kernel FEDORA-2011-2134
File : nvt/gb_fedora_2011_2134_kernel_fc13.nasl
2011-03-07 Name : Ubuntu Update for linux vulnerabilities USN-1081-1
File : nvt/gb_ubuntu_USN_1081_1.nasl
2011-03-07 Name : Ubuntu Update for linux vulnerabilities USN-1080-1
File : nvt/gb_ubuntu_USN_1080_1.nasl
2011-03-07 Name : Ubuntu Update for linux-ec2 vulnerabilities USN-1080-2
File : nvt/gb_ubuntu_USN_1080_2.nasl
2011-03-07 Name : Ubuntu Update for linux-lts-backport-maverick vulnerabilities USN-1083-1
File : nvt/gb_ubuntu_USN_1083_1.nasl
2011-02-28 Name : Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-1071-1
File : nvt/gb_ubuntu_USN_1071_1.nasl
2011-02-28 Name : Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1073-1
File : nvt/gb_ubuntu_USN_1073_1.nasl
2011-02-28 Name : Ubuntu Update for linux vulnerabilities USN-1072-1
File : nvt/gb_ubuntu_USN_1072_1.nasl
2011-02-18 Name : Mandriva Update for kernel MDVSA-2011:029 (kernel)
File : nvt/gb_mandriva_MDVSA_2011_029.nasl
2011-02-16 Name : SuSE Update for kernel SUSE-SA:2011:008
File : nvt/gb_suse_2011_008.nasl
2011-02-11 Name : Fedora Update for kernel FEDORA-2011-1138
File : nvt/gb_fedora_2011_1138_kernel_fc14.nasl
2011-02-04 Name : Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-1057-1
File : nvt/gb_ubuntu_USN_1057_1.nasl
2011-01-31 Name : CentOS Update for kernel CESA-2011:0162 centos4 i386
File : nvt/gb_CESA-2011_0162_kernel_centos4_i386.nasl
2011-01-31 Name : CentOS Update for kernel CESA-2010:0936 centos4 i386
File : nvt/gb_CESA-2010_0936_kernel_centos4_i386.nasl
2011-01-24 Name : Debian Security Advisory DSA 2126-1 (linux-2.6)
File : nvt/deb_2126_1.nasl
2011-01-21 Name : RedHat Update for kernel RHSA-2011:0162-01
File : nvt/gb_RHSA-2011_0162-01_kernel.nasl
2011-01-14 Name : RedHat Update for Red Hat Enterprise Linux 5.6 kernel RHSA-2011:0017-01
File : nvt/gb_RHSA-2011_0017-01_Red_Hat_Enterprise_Linux_5.6_kernel.nasl
2011-01-14 Name : Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1041-1
File : nvt/gb_ubuntu_USN_1041_1.nasl
2011-01-11 Name : SuSE Update for kernel SUSE-SA:2011:001
File : nvt/gb_suse_2011_001.nasl
2011-01-11 Name : RedHat Update for kernel RHSA-2011:0004-01
File : nvt/gb_RHSA-2011_0004-01_kernel.nasl
2011-01-11 Name : SuSE Update for kernel SUSE-SA:2010:047
File : nvt/gb_suse_2010_047.nasl
2011-01-11 Name : SuSE Update for kernel SUSE-SA:2010:051
File : nvt/gb_suse_2010_051.nasl
2011-01-11 Name : SuSE Update for kernel SUSE-SA:2011:002
File : nvt/gb_suse_2011_002.nasl
2011-01-04 Name : Mandriva Update for kernel MDVSA-2010:257 (kernel)
File : nvt/gb_mandriva_MDVSA_2010_257.nasl
2010-12-28 Name : Fedora Update for kernel FEDORA-2010-18983
File : nvt/gb_fedora_2010_18983_kernel_fc13.nasl
2010-12-23 Name : Fedora Update for kernel FEDORA-2010-18506
File : nvt/gb_fedora_2010_18506_kernel_fc13.nasl
2010-12-09 Name : Ubuntu Update for Linux kernel vulnerabilities USN-1023-1
File : nvt/gb_ubuntu_USN_1023_1.nasl
2010-12-09 Name : Fedora Update for kernel FEDORA-2010-18432
File : nvt/gb_fedora_2010_18432_kernel_fc12.nasl
2010-12-09 Name : Fedora Update for kernel FEDORA-2010-18493
File : nvt/gb_fedora_2010_18493_kernel_fc14.nasl
2010-12-09 Name : RedHat Update for kernel RHSA-2010:0936-01
File : nvt/gb_RHSA-2010_0936-01_kernel.nasl
2010-12-02 Name : Fedora Update for kernel FEDORA-2010-14832
File : nvt/gb_fedora_2010_14832_kernel_fc14.nasl
2010-12-02 Name : Fedora Update for kernel FEDORA-2010-16826
File : nvt/gb_fedora_2010_16826_kernel_fc14.nasl
2010-11-16 Name : SuSE Update for kernel SUSE-SA:2010:053
File : nvt/gb_suse_2010_053.nasl
2010-11-16 Name : RedHat Update for kernel RHSA-2010:0839-01
File : nvt/gb_RHSA-2010_0839-01_kernel.nasl
2010-11-04 Name : CentOS Update for kernel CESA-2010:0779 centos4 i386
File : nvt/gb_CESA-2010_0779_kernel_centos4_i386.nasl
2010-10-22 Name : RedHat Update for kernel RHSA-2010:0779-01
File : nvt/gb_RHSA-2010_0779-01_kernel.nasl
2010-10-22 Name : Ubuntu Update for Linux kernel vulnerabilities USN-1000-1
File : nvt/gb_ubuntu_USN_1000_1.nasl
2010-10-01 Name : SuSE Update for kernel SUSE-SA:2010:046
File : nvt/gb_suse_2010_046.nasl
2010-09-22 Name : Fedora Update for kernel FEDORA-2010-14890
File : nvt/gb_fedora_2010_14890_kernel_fc13.nasl
2010-09-22 Name : Fedora Update for kernel FEDORA-2010-14878
File : nvt/gb_fedora_2010_14878_kernel_fc12.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70291 Linux Kernel net/x25/x25_facilities.c x25_parse_facilities Function Facility ...

Linux Kernel contains a flaw that may allow a remote denial of service. The issue is triggered when multiple integer underflows in the 'x25_parse_facilities' function in 'net/x25/x25_facilities.c' allows remote attackers to use malformed X25_FAC_CLASS_A, X25_FAC_CLASS_B, X25_FAC_CLASS_C or X25_FAC_CLASS_D facility data to cause a denial of service.
70290 Linux Kernel net/tipc/socket.c get_name Function Local Stack Memory Disclosure

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the 'get_name' function in 'net/tipc/socket.c' fails to initialize a certain structure, which will disclose potentially sensitive kernel stack memory information to a local attacker.
70288 Linux Kernel on ThinkPad drivers/platform/x86/thinkpad_acpi.c Video Output Co...

Linux Kernel on ThinkPad contains a flaw that may allow a local denial of service. The issue is triggered when 'drivers/platform/x86/thinkpad_acpi.c' fails to properly restrict access to the video output control state, allowing a local attacker to use a read or write operation to cause a denial of service.
70262 Linux Kernel net/econet/af_econet.c ec_dev_ioctl Function SIOCSIFADDR IOCTL e...

Linux Kernel contains a flaw related to the the 'ec_dev_ioctl' function in 'net/econet/af_econet.c'. The issue is triggered when a local attacker uses a SIOCSIFADDR iotcl call to bypass access restrictions and configure econet addresses.
70261 Linux Kernel net/econet/af_econet.c econet_sendmsg Function sendmsg Call Loca...

Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when the 'econet_sendmsg' function in 'net/econet/af_econet.c' alows local users to use a sendmsg call which specifies a NULL value for the remote address field to cause a denial of service via a NULL pointer dereference.
70260 Linux Kernel net/econet/af_econet.c econet_sendmsg Function iovec Structure L...

Linux Kernel is prone to an overflow condition. The 'econet_sendmsg' function in 'net/econet/af_econet.c' fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. By providing a large number of iovec structures, a local attacker can gain elevated privileges.
70227 Linux Kernel on 64-bit Controller Area Network net/can/bcm.c bcm_connect Func...

Linux Kernel on 64-bit is prone to an overflow condition. The 'bcm_connect' function in 'net/can/bcm.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted connect operation, a local attacker can potentially cause a denial of service via memory corruption.
70226 Linux Kernel TIPC Implementation Crafted sendmsg Call Integer Signedness Loca...

Linux Kernel is prone to an integer signedness error that will allow an overflow condition. The TIPC implementation in the 'tipc_msg_build()' function in 'net/tipc/msg.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted sendmsg call, a local attacker can potentially gain elevated privileges.
69788 Linux Kernel net/ipv4/inet_diag.c Netlink Message Crafted INET_DIAG_REQ_BYTEC...

Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when 'net/ipv4/inet_diag.c' fails to properly audit 'INET_DIAG' bytecode, allowing a local attacker to use a crafted 'INET_DIAG_REQ_BYTECODE' instruction in a netlink message containing multiple attribute elements to cause a denial of service via a kernel infinite loop.
69577 Linux Kernel ipc/sem.c copy_semid_to_user Function semctl Call Local Memory D...

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the 'copy_semid_to_user' function in 'ipc/sem.c' fails to initialize a certain structure, which will disclose potentially sensitive kernel stack memory via a 'IPC_INFO', 'SEM_INFO', 'IPC_STAT' or 'SEM_STAT' semctl system call to a local attacker.
69553 Linux Kernel sound/pci/rme9652/hdspm.c snd_hdspm_hwdep_ioctl Function SNDRV_H...

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the 'snd_hdspm_hwdep_ioctl' function in 'sound/pci/rme9652/hdspm.c' fails to properly initialize a certain structure occurs, which will disclose potentially sensitive kernel stack memory information via an 'SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO IOCTL' call to a local attacker.
69552 Linux Kernel sound/pci/rme9652/hdsp.c snd_hdsp_hwdep_ioctl Function SNDRV_HDS...

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the 'snd_hdsp_hwdep_ioctl' function in 'sound/pci/rme9652/hdsp.c' fails to initialize a certain structure, disclosing information from kernel stack memory via an 'SNDRV_HDSP_IOCTL_GET_CONFIG_INFO IOCTL' call to a local attacker.
69551 Linux Kernel fs/exec.c setup_arg_pages CONFIG_STACK_GROWSDOWN Crafted Exec Sy...

Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when the 'setup_arg_pages' function in 'fs/exec.c' doesn't properly restrict the stack memory consumption of the 'arguments' or 'environment' when 'CONFIG_STACK_GROWSDOWN' is used, allowing a local attacker to cause a denial of service via a crafted exec system call.
69531 Linux Kernel ipc Subsystem ipc/compat_mq.c Multiple Function Local Memory Dis...

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the ipc Subsystem fails to properly initialize a certain structure member, allowing a local attacker to obtain sensitive information from kernel stack memory via vectors related to the 'compat_sys_mq_open' and 'compat_sys_mq_getsetattr' functions in 'ipc/compat_mq.c'.
69530 Linux Kernel ipc Subsystem ipc/compat.c Multiple Function Local Memory Disclo...

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the ipc Subsystem fails to properly initialize a certain structure member, allowing a local attacker to obtain sensitive information from kernel stack memory via vectors related to the 'compat_sys_semctl', 'compat_sys_msgctl', and 'compat_sys_shmctl' functions in 'ipc/compat.c'.
69529 Linux Kernel USB Subsystem drivers/usb/serial/mos7840.c mos7840_ioctl Functio...

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the USB Subsystem fails to properly initialize certain structure members, allowing a local attacker to obtain sensitive information from kernel stack memory via a TIOCGICOUNT IOTCL call, and the 'mos7720_ioctl' function in 'drivers/usb/serial/mos7720.c' and 'mos7840_ioctl' function in 'drivers/usb/serial/mos7840.c'.
69528 Linux Kernel USB Subsystem drivers/usb/serial/mos7720.c mos7720_ioctl Functio...

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the USB Subsystem fails to properly initialize a certain structure member, allowing a local attacker to obtain sensitive information from kernel stack memory via a TIOCGICOUNT IOTCL call and the 'mos7720_ioctl' function in 'drivers/usb/serial/mos7720.c' and the 'mos7840_ioctl' function in 'drivers/usb/serial/mos7840.c'.
69526 Linux Kernel drivers/media/video/ivtv/ivtvfb.c ivtvfb_ioctl Function FBIOGET_...

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the 'ivtvfb_ioctl' function in 'drivers/media/video/ivtv/ivtvfb.c' fails to properly initialize a certain structure member, which will disclose potentially sensitive kernal stack memory information via an FBIOGET_VBLANK IOTCL call to a local attacker.
69525 Linux Kernel drivers/video/sis/sis_main.c sisfb_ioctl Function FBIOGET_VBLANK...

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the 'sisfb_ioctl' function in 'drivers/video/sis/sis_main.c' fails to properly initialize a certain structure member, allowing a local attacker to obtain sensitive information from kernel stack memory via a FBIOGET_VBLANK IOTCL call.
69521 Linux Kernel ipc/shm.c copy_shmid_to_user Function shmctl System Call Local M...

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the 'copy_shmid_to_user' function in 'ipc/shm.c' fails to properly initialize an unspecified structure, which can be exploited via the shmctl system call to disclose kernel stack memory to a local attacker.
69515 Linux Kernel net/sctp/auth.c sctp_auth_asoc_get_hmac Function SCTP Peer hmac_...

Linux Kernel contains a flaw that may allow a remote denial of service. The issue is triggered when the 'sctp_auth_asoc_get_hmac()' function in 'net/sctp/auth.c' fails to properly reset the last id element of an SCTP peer's hmac_ids array if it is out of range, allowing a remote attacker to use a crafted value for the last element of the array to cause a denial of service.
69424 Linux Kernel net/sctp/output.c sctp_packet_config Function SCTP Traffic Seque...

69162 Linux Kernel net/packet/af_packet.c Multiple Function Stack Memory Disclosure

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the 'packet_getname_spkt()' and 'packet_getname()' functions in 'net/packet/af_packet.c' fail to properly initialize a member of a certain structure before copying it to userspace, which will disclose kernel stack memory to a local attacker.
69161 Linux Kernel net/ax25/af_ax25.c ax25_getname() Function Stack Memory Disclosure

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the 'ax25_getname()' function in 'net/ax25/af_ax25.c' fails to properly initialize a member of a certain structure before copying it to userspace, which will disclose kernel stack memory to a local attacker.
69017 Linux Kernel net/x25/x25_facilities.c x25_parse_facilities() Function Memory ...

A memory corruption flaw exists in Linux Kernel. The 'x25_parse_facilities()' function in 'net/x25/x25_facilities.c' suffers from a boundary error, resulting in kernel heap memory corruption. With specially crafted X.25 traffic, a local attacker can cause a loss of availability.
68871 Linux Kernel i915 drivers/media/video/v4l2-compat-ioctl32.c get_microcode32()...

68370 Linux Kernel drivers/block/pktcdvd.c pkt_find_dev_from_minor Function PKT_CTR...

68306 Linux Kernel drivers/net/eql.c eql_g_master_cfg Function EQL_GETMASTRCFG IOCT...

68305 Linux Kernel drivers/net/cxgb3/cxgb3_main.c cxgb_extension_ioctl Function CHE...

68266 Linux Kernel sound/core/control.c snd_ctl_new() Function Local Overflow

68177 Linux Kernel net/sched/act_police.c tcf_act_police_dump Function Network Queu...

68174 Linux Kernel fs/aio.c do_io_submit Function Crafted io_submit System Call Loc...

68163 Linux Kernel net/rose/af_rose.c Multiple Function Signedness Error Local DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-10-27 IAVM : 2011-A-0147 - Multiple Vulnerabilities in VMware ESX and ESXi
Severity : Category I - VMSKEY : V0030545

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0012_remote.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2013-1832-1.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-342.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-756.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_kernel-100921.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_kernel-101008.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_kernel-101026.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_kernel-101215.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_kernel-110414.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_kernel-120104.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_kernel-120104.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0779.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0839.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0936.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-2009.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-2011.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0004.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0007.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0162.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0421.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0836.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1083-1.nasl - Type : ACT_GATHER_INFO
2013-03-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1093-1.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1321.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101019_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101109_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101110_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101201_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110104_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110118_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110407_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7164.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7261.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7304.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7384.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7915.nasl - Type : ACT_GATHER_INFO
2012-04-23 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12677.nasl - Type : ACT_GATHER_INFO
2012-02-07 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-120129.nasl - Type : ACT_GATHER_INFO
2012-02-07 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-120130.nasl - Type : ACT_GATHER_INFO
2012-01-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7918.nasl - Type : ACT_GATHER_INFO
2011-10-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1244-1.nasl - Type : ACT_GATHER_INFO
2011-10-14 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0012.nasl - Type : ACT_GATHER_INFO
2011-09-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1202-1.nasl - Type : ACT_GATHER_INFO
2011-09-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1204-1.nasl - Type : ACT_GATHER_INFO
2011-08-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1186-1.nasl - Type : ACT_GATHER_INFO
2011-08-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1187-1.nasl - Type : ACT_GATHER_INFO
2011-07-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1167-1.nasl - Type : ACT_GATHER_INFO
2011-07-07 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1164-1.nasl - Type : ACT_GATHER_INFO
2011-06-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2264.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1111-1.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1119-1.nasl - Type : ACT_GATHER_INFO
2011-06-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2240.nasl - Type : ACT_GATHER_INFO
2011-06-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0836.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kernel-101020.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kernel-101202.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-110413.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-debug-101215.nasl - Type : ACT_GATHER_INFO
2011-04-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-110414.nasl - Type : ACT_GATHER_INFO
2011-04-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-110415.nasl - Type : ACT_GATHER_INFO
2011-04-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0421.nasl - Type : ACT_GATHER_INFO
2011-04-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1105-1.nasl - Type : ACT_GATHER_INFO
2011-03-25 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7381.nasl - Type : ACT_GATHER_INFO
2011-03-09 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-110228.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1080-2.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1080-1.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1081-1.nasl - Type : ACT_GATHER_INFO
2011-03-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1071-1.nasl - Type : ACT_GATHER_INFO
2011-03-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1072-1.nasl - Type : ACT_GATHER_INFO
2011-03-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1073-1.nasl - Type : ACT_GATHER_INFO
2011-02-11 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12672.nasl - Type : ACT_GATHER_INFO
2011-02-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1057-1.nasl - Type : ACT_GATHER_INFO
2011-02-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1054-1.nasl - Type : ACT_GATHER_INFO
2011-01-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0936.nasl - Type : ACT_GATHER_INFO
2011-01-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0162.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7303.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-101007.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-101102.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-110104.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-ec2-101103.nasl - Type : ACT_GATHER_INFO
2011-01-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0162.nasl - Type : ACT_GATHER_INFO
2011-01-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0017.nasl - Type : ACT_GATHER_INFO
2011-01-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0007.nasl - Type : ACT_GATHER_INFO
2011-01-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1041-1.nasl - Type : ACT_GATHER_INFO
2011-01-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0004.nasl - Type : ACT_GATHER_INFO
2011-01-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0004.nasl - Type : ACT_GATHER_INFO
2010-12-26 Name : The remote Fedora host is missing a security update.
File : fedora_2010-18983.nasl - Type : ACT_GATHER_INFO
2010-12-17 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-257.nasl - Type : ACT_GATHER_INFO
2010-12-14 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7257.nasl - Type : ACT_GATHER_INFO
2010-12-08 Name : The remote Fedora host is missing a security update.
File : fedora_2010-18506.nasl - Type : ACT_GATHER_INFO
2010-12-06 Name : The remote Fedora host is missing a security update.
File : fedora_2010-18493.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote Fedora host is missing a security update.
File : fedora_2010-18432.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0936.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-101020.nasl - Type : ACT_GATHER_INFO
2010-11-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1023-1.nasl - Type : ACT_GATHER_INFO
2010-11-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2126.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0779.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0839.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0842.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0839.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16826.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-101026.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0779.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1000-1.nasl - Type : ACT_GATHER_INFO
2010-10-18 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-101008.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7160.nasl - Type : ACT_GATHER_INFO
2010-09-24 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-100921.nasl - Type : ACT_GATHER_INFO
2010-09-23 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12646.nasl - Type : ACT_GATHER_INFO
2010-09-22 Name : The remote Fedora host is missing a security update.
File : fedora_2010-14832.nasl - Type : ACT_GATHER_INFO
2010-09-21 Name : The remote Fedora host is missing a security update.
File : fedora_2010-14878.nasl - Type : ACT_GATHER_INFO
2010-09-21 Name : The remote Fedora host is missing a security update.
File : fedora_2010-14890.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:29:44
  • Multiple Updates