Executive Summary

Summary
Title kernel security and bug fix update
Informations
Name RHSA-2010:0147 First vendor Publication 2010-03-16
Vendor RedHat Last vendor Modification 2010-03-16
Severity (Vendor) Important Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security fixes:

* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important)

* a missing boundary check was found in the do_move_pages() function in the memory migration functionality in the Linux kernel. A local user could use this flaw to cause a local denial of service or an information leak. (CVE-2010-0415, Important)

* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important)

* a NULL pointer dereference flaw was found in the ext4 file system code in the Linux kernel. A local attacker could use this flaw to trigger a local denial of service by mounting a specially-crafted, journal-less ext4 file system, if that file system forced an EROFS error. (CVE-2009-4308, Moderate)

* an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When "/proc/sys/kernel/print-fatal-signals" is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate)

* missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low)

Bug fixes:

* a bug prevented Wake on LAN (WoL) being enabled on certain Intel hardware. (BZ#543449)

* a race issue in the Journaling Block Device. (BZ#553132)

* programs compiled on x86, and that also call sched_rr_get_interval(), were silently corrupted when run on 64-bit systems. (BZ#557684)

* the RHSA-2010:0019 update introduced a regression, preventing WoL from working for network devices using the e1000e driver. (BZ#559335)

* adding a bonding interface in mode balance-alb to a bridge was not functional. (BZ#560588)

* some KVM (Kernel-based Virtual Machine) guests experienced slow performance (and possibly a crash) after suspend/resume. (BZ#560640)

* on some systems, VF cannot be enabled in dom0. (BZ#560665)

* on systems with certain network cards, a system crash occurred after enabling GRO. (BZ#561417)

* for x86 KVM guests with pvclock enabled, the boot clocks were registered twice, possibly causing KVM to write data to a random memory area during the guest's life. (BZ#561454)

* serious performance degradation for 32-bit applications, that map (mmap) thousands of small files, when run on a 64-bit system. (BZ#562746)

* improved kexec/kdump handling. Previously, on some systems under heavy load, kexec/kdump was not functional. (BZ#562772)

* dom0 was unable to boot when using the Xen hypervisor on a system with a large number of logical CPUs. (BZ#562777)

* a fix for a bug that could potentially cause file system corruption. (BZ#564281)

* a bug caused infrequent cluster issues for users of GFS2. (BZ#564288)

* gfs2_delete_inode failed on read-only file systems. (BZ#564290)

Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

547255 - CVE-2009-4308 kernel: ext4: Avoid null pointer dereference when decoding EROFS w/o a journal 553132 - [Patch] jbd slab cache creation/deletion is racey [rhel-5.4.z] 554578 - CVE-2010-0003 kernel: infoleak if print-fatal-signals=1 555238 - CVE-2010-0007 kernel: netfilter: ebtables: enforce CAP_NET_ADMIN 555658 - CVE-2010-0008 kernel: sctp remote denial of service 557684 - [5.4] sched_rr_get_interval() destroys user data in 32-bit compat mode. [rhel-5.4.z] 559335 - e1000e: wol is broken on 2.6.18-185.el5 [rhel-5.4.z] 560588 - Adding bonding in balance-alb mode to bridge causes host network connectivity to be lost [rhel-5.4.z] 560640 - Call trace error display when resume from suspend to disk (ide block) - pvclock related [rhel-5.4.z] 560665 - [SR-IOV] VF can not be enabled in Dom0 [rhel-5.4.z] 561417 - Kernel panic when using GRO through ixgbe driver and xen bridge [rhel-5.4.z] 561454 - kvm pvclock on i386 suffers from double registering [rhel-5.4.z] 562582 - CVE-2010-0415 kernel: sys_move_pages infoleak 562746 - Strange vm performance degradation moving 32 bit app from RHEL 4.6 32bit to 5.4 64bit [rhel-5.4.z] 562772 - 5.5 - cciss backport some upstream bits to improve kexec/kdump [rhel-5.4.z] 562777 - [RHEL5 Xen] EXPERIMENTAL EX/MC: Dom0 soft lockups on >64-way system from hard-virt patches [rhel-5.4.z] 563781 - CVE-2010-0437 kernel: ipv6: fix ip6_dst_lookup_tail() NULL pointer dereference 564281 - Please implement upstream fix for potential filesystem corruption bug [rhel-5.4.z] 564288 - GFS2 Filesystem Withdrawal: fatal: invalid metadata block [rhel-5.4.z] 564290 - 1916556 - GFS2 gfs2_delete_inode failing on RO filesystem [rhel-5.4.z]

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0147.html

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-399 Resource Management Errors
25 % CWE-264 Permissions, Privileges, and Access Controls
25 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10061
 
Oval ID: oval:org.mitre.oval:def:10061
Title: The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.
Description: The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0437
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10550
 
Oval ID: oval:org.mitre.oval:def:10550
Title: The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.
Description: The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0003
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11103
 
Oval ID: oval:org.mitre.oval:def:11103
Title: The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.
Description: The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4308
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11160
 
Oval ID: oval:org.mitre.oval:def:11160
Title: The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.
Description: The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0008
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13397
 
Oval ID: oval:org.mitre.oval:def:13397
Title: DSA-1996-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Description: CVE-2009-3939 Joseph Malicki reported that the dbg_lvl sysfs attribute for the megaraid_sas device driver had world-writable permissions, permitting local users to modify logging settings. CVE-2009-4027 Lennert Buytenhek reported a race in the mac80211 subsystem that may allow remote users to cause a denial of service on a system connected to the same wireless network. CVE-2009-4536 & CVE-2009-4538 Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames. CVE-2010-0003 Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. CVE-2010-0291 Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service or obtain elevated privileges. CVE-2010-0298 & CVE-2010-0306 Gleb Natapov discovered issues in the KVM subsystem where missing permission checks permit a user in a guest system to denial of service a guest or gain escalated privileges with the guest. CVE-2010-0307 Mathias Krause reported an issue with the load_elf_binary code on the amd64 flavor kernels that allows local users to cause a denial of service. CVE-2010-0309 Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service of the host system. CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service. CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service or gain access to sensitive kernel memory. For the stable distribution, this problem has been fixed in version 2.6.26-21lenny3. For the oldstable distribution, these problems, where applicable, will be fixed in updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 user-mode-linux 2.6.26-1um-2+21lenny3
Family: unix Class: patch
Reference(s): DSA-1996-1
CVE-2009-3939
CVE-2009-4027
CVE-2009-4536
CVE-2009-4538
CVE-2010-0003
CVE-2010-0007
CVE-2010-0291
CVE-2010-0298
CVE-2010-0306
CVE-2010-0307
CVE-2010-0309
CVE-2010-0410
CVE-2010-0415
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19697
 
Oval ID: oval:org.mitre.oval:def:19697
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0007
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19968
 
Oval ID: oval:org.mitre.oval:def:19968
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0437
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20180
 
Oval ID: oval:org.mitre.oval:def:20180
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0003
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20261
 
Oval ID: oval:org.mitre.oval:def:20261
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4308
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20266
 
Oval ID: oval:org.mitre.oval:def:20266
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0415
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20571
 
Oval ID: oval:org.mitre.oval:def:20571
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0008
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21862
 
Oval ID: oval:org.mitre.oval:def:21862
Title: RHSA-2010:0147: kernel security and bug fix update (Important)
Description: The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2010:0147-01
CESA-2010:0147
CVE-2009-4308
CVE-2010-0003
CVE-2010-0007
CVE-2010-0008
CVE-2010-0415
CVE-2010-0437
Version: 81
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23070
 
Oval ID: oval:org.mitre.oval:def:23070
Title: ELSA-2010:0147: kernel security and bug fix update (Important)
Description: The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2010:0147-01
CVE-2009-4308
CVE-2010-0003
CVE-2010-0007
CVE-2010-0008
CVE-2010-0415
CVE-2010-0437
Version: 29
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27423
 
Oval ID: oval:org.mitre.oval:def:27423
Title: DEPRECATED: ELSA-2010-0147 -- kernel security and bug fix update (important)
Description: [2.6.18-164.15.1.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb ( John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support (Tina yang) [orabug 6993043] [bz 7258] - [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314] - FP register state is corrupted during the handling a SIGSEGV (Chuck Anderson) [orabug 7708133] - [x86_64] PCI space below 4GB forces mem remap above 1TB (Larry Woodman) [523522] - [cpufreq] P-state limit: limit can never be increased (Stanislaw Gruszka) [489566] - [rds] patch rds to 4.0-ora-1.4.2-10 (Andy Grover, Tina Yang) [orabug 9168046] [RHBZ 546374]
Family: unix Class: patch
Reference(s): ELSA-2010-0147
CVE-2009-4308
CVE-2010-0003
CVE-2010-0007
CVE-2010-0008
CVE-2010-0415
CVE-2010-0437
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7480
 
Oval ID: oval:org.mitre.oval:def:7480
Title: DSA-1996 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Joseph Malicki reported that the dbg_lvl sysfs attribute for the megaraid_sas device driver had world-writable permissions, permitting local users to modify logging settings. Lennert Buytenhek reported a race in the mac80211 subsystem that may allow remote users to cause a denial of service on a system connected to the same wireless network. Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames. Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service or obtain elevated privileges. Gleb Natapov discovered issues in the KVM subsystem where missing permission checks permit a user in a guest system to denial of service a guest or gain escalated privileges with the guest. Mathias Krause reported an issue with the load_elf_binary code on the amd64 flavor kernels that allows local users to cause a denial of service. Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service of the host system. Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service. Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service or gain access to sensitive kernel memory.
Family: unix Class: patch
Reference(s): DSA-1996
CVE-2009-3939
CVE-2009-4027
CVE-2009-4536
CVE-2009-4538
CVE-2010-0003
CVE-2010-0007
CVE-2010-0291
CVE-2010-0298
CVE-2010-0306
CVE-2010-0307
CVE-2010-0309
CVE-2010-0410
CVE-2010-0415
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9399
 
Oval ID: oval:org.mitre.oval:def:9399
Title: The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set.
Description: The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0415
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9630
 
Oval ID: oval:org.mitre.oval:def:9630
Title: net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application.
Description: net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0007
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 2
Os 1270

OpenVAS Exploits

Date Description
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-03-15 Name : VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console an...
File : nvt/gb_VMSA-2010-0016.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2010:0147 centos5 i386
File : nvt/gb_CESA-2010_0147_kernel_centos5_i386.nasl
2010-10-19 Name : Mandriva Update for kernel MDVSA-2010:198 (kernel)
File : nvt/gb_mandriva_MDVSA_2010_198.nasl
2010-09-27 Name : Mandriva Update for kernel MDVSA-2010:188 (kernel)
File : nvt/gb_mandriva_MDVSA_2010_188.nasl
2010-06-07 Name : Ubuntu Update for linux regression USN-947-2
File : nvt/gb_ubuntu_USN_947_2.nasl
2010-06-07 Name : Ubuntu Update for Linux kernel vulnerabilities USN-947-1
File : nvt/gb_ubuntu_USN_947_1.nasl
2010-03-31 Name : Mandriva Update for kernel MDVSA-2010:066 (kernel)
File : nvt/gb_mandriva_MDVSA_2010_066.nasl
2010-03-22 Name : RedHat Update for kernel RHSA-2010:0147-01
File : nvt/gb_RHSA-2010_0147-01_kernel.nasl
2010-03-22 Name : Ubuntu Update for Linux kernel vulnerabilities USN-914-1
File : nvt/gb_ubuntu_USN_914_1.nasl
2010-03-22 Name : SuSE Update for kernel SUSE-SA:2010:016
File : nvt/gb_suse_2010_016.nasl
2010-03-22 Name : RedHat Update for kernel RHSA-2010:0146-01
File : nvt/gb_RHSA-2010_0146-01_kernel.nasl
2010-03-05 Name : SuSE Update for kernel SUSE-SA:2010:014
File : nvt/gb_suse_2010_014.nasl
2010-03-02 Name : Fedora Update for kernel FEDORA-2010-0919
File : nvt/gb_fedora_2010_0919_kernel_fc11.nasl
2010-03-02 Name : Fedora Update for kernel FEDORA-2010-1804
File : nvt/gb_fedora_2010_1804_kernel_fc11.nasl
2010-03-02 Name : Fedora Update for kernel FEDORA-2010-1787
File : nvt/gb_fedora_2010_1787_kernel_fc12.nasl
2010-03-02 Name : Fedora Update for kernel FEDORA-2010-1500
File : nvt/gb_fedora_2010_1500_kernel_fc11.nasl
2010-02-25 Name : Debian Security Advisory DSA 2003-1 (linux-2.6)
File : nvt/deb_2003_1.nasl
2010-02-19 Name : SuSE Update for kernel SUSE-SA:2010:010
File : nvt/gb_suse_2010_010.nasl
2010-02-19 Name : SuSE Update for kernel SUSE-SA:2010:012
File : nvt/gb_suse_2010_012.nasl
2010-02-19 Name : Mandriva Update for drakxtools MDVA-2010:066 (drakxtools)
File : nvt/gb_mandriva_MDVA_2010_066.nasl
2010-02-08 Name : Ubuntu Update for Linux kernel vulnerabilities USN-894-1
File : nvt/gb_ubuntu_USN_894_1.nasl
2010-01-20 Name : SuSE Update for kernel SUSE-SA:2010:005
File : nvt/gb_suse_2010_005.nasl
2010-01-15 Name : SuSE Update for kernel SUSE-SA:2010:001
File : nvt/gb_suse_2010_001.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
63257 Linux Kernel SCTP Implementation Chunk Handling Infinite Loop Remote DoS

63146 Linux Kernel net/ipv6/ip6_output.c ip6_dst_lookup_tail() Function NULL Derefe...

62168 Linux Kernel mm/migrate.c do_pages_move() Function Local DoS

61984 Linux Kernel kernel/signal.c print_fatal_signal Function Log File Local Discl...

61670 Linux Kernel net/bridge/netfilter/ebtables.c do_ebt_set_ctl Function Ethernet...

61035 Linux Kernel fs/ext4/super.c ext4_decode_error Function DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-05-12 IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158
2010-01-07 IAVM : 2010-A-0001 - Multiple Vulnerabilities in Linux Kernel
Severity : Category I - VMSKEY : V0022180

Snort® IPS/IDS

Date Description
2017-10-10 Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt
RuleID : 44309 - Revision : 1 - Type : OS-LINUX
2017-10-10 Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt
RuleID : 44308 - Revision : 1 - Type : OS-LINUX
2014-01-10 Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt
RuleID : 18997 - Revision : 7 - Type : OS-LINUX

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO
2015-04-23 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16471.nasl - Type : ACT_GATHER_INFO
2015-04-22 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16473.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0147.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0146.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0148.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0342.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0149.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100316_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100316_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6778.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7515.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7516.nasl - Type : ACT_GATHER_INFO
2011-06-30 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-7568.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-100109.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO
2010-11-16 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2010-0016.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6779.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-198.nasl - Type : ACT_GATHER_INFO
2010-09-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-188.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-066.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-0919.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1787.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1804.nasl - Type : ACT_GATHER_INFO
2010-06-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-947-2.nasl - Type : ACT_GATHER_INFO
2010-06-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-947-1.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0147.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0146.nasl - Type : ACT_GATHER_INFO
2010-03-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-100317.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0147.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0146.nasl - Type : ACT_GATHER_INFO
2010-03-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-914-1.nasl - Type : ACT_GATHER_INFO
2010-03-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kernel-100301.nasl - Type : ACT_GATHER_INFO
2010-03-03 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-100223.nasl - Type : ACT_GATHER_INFO
2010-03-03 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kernel-100223.nasl - Type : ACT_GATHER_INFO
2010-03-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2005.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2003.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1996.nasl - Type : ACT_GATHER_INFO
2010-02-18 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12578.nasl - Type : ACT_GATHER_INFO
2010-02-16 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kernel-100203.nasl - Type : ACT_GATHER_INFO
2010-02-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-100128.nasl - Type : ACT_GATHER_INFO
2010-02-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-894-1.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-100108.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kernel-100107.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-091218.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:53:19
  • Multiple Updates