Executive Summary
Summary | |
---|---|
Title | kernel security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0504 | First vendor Publication | 2010-07-01 |
Vendor | RedHat | Last vendor Modification | 2010-07-01 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * multiple flaws were found in the mmap and mremap implementations. A local user could use these flaws to cause a local denial of service or escalate their privileges. (CVE-2010-0291, Important) * a NULL pointer dereference flaw was found in the Fast Userspace Mutexes (futexes) implementation. The unlock code path did not check if the futex value associated with pi_state->owner had been modified. A local user could use this flaw to modify the futex value, possibly leading to a denial of service or privilege escalation when the pi_state->owner pointer is dereferenced. (CVE-2010-0622, Important) * a NULL pointer dereference flaw was found in the Linux kernel Network File System (NFS) implementation. A local user on a system that has an NFS-mounted file system could use this flaw to cause a denial of service or escalate their privileges on that system. (CVE-2010-1087, Important) * a flaw was found in the sctp_process_unk_param() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to an SCTP listening port on a target system, causing a kernel panic (denial of service). (CVE-2010-1173, Important) * a flaw was found in the Linux kernel Transparent Inter-Process Communication protocol (TIPC) implementation. If a client application, on a local system where the tipc module is not yet in network mode, attempted to send a message to a remote TIPC node, it would dereference a NULL pointer on the local system, causing a kernel panic (denial of service). (CVE-2010-1187, Important) * a buffer overflow flaw was found in the Linux kernel Global File System 2 (GFS2) implementation. In certain cases, a quota could be written past the end of a memory page, causing memory corruption, leaving the quota stored on disk in an invalid state. A user with write access to a GFS2 file system could trigger this flaw to cause a kernel crash (denial of service) or escalate their privileges on the GFS2 server. This issue can only be triggered if the GFS2 file system is mounted with the "quota=on" or "quota=account" mount option. (CVE-2010-1436, Important) * a race condition between finding a keyring by name and destroying a freed keyring was found in the Linux kernel key management facility. A local user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1437, Important) * a flaw was found in the link_path_walk() function in the Linux kernel. Using the file descriptor returned by the open() function with the O_NOFOLLOW flag on a subordinate NFS-mounted file system, could result in a NULL pointer dereference, causing a denial of service or privilege escalation. (CVE-2010-1088, Moderate) * a missing permission check was found in the gfs2_set_flags() function in the Linux kernel GFS2 implementation. A local user could use this flaw to change certain file attributes of files, on a GFS2 file system, that they do not own. (CVE-2010-1641, Low) Red Hat would like to thank Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer, for responsibly reporting CVE-2010-1173; Mario Mikocevic for responsibly reporting CVE-2010-1436; and Dan Rosenberg for responsibly reporting CVE-2010-1641. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from http://www.redhat.com/docs/en-US/errata/RHSA-2010-0504/Kernel_Security_Upda te/index.html Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 556703 - CVE-2010-0291 kernel: untangle the do_mremap() 563091 - CVE-2010-0622 kernel: futex: Handle user space corruption gracefully 567184 - CVE-2010-1087 kernel: NFS: Fix an Oops when truncating a file 567813 - CVE-2010-1088 kernel: fix LOOKUP_FOLLOW on automount "symlinks" 578057 - CVE-2010-1187 kernel: tipc: Fix oops on send prior to entering networked mode 584645 - CVE-2010-1173 kernel: sctp: crash due to malformed SCTPChunkInit packet 585094 - CVE-2010-1437 kernel: keyrings: find_keyring_by_name() can gain the freed keyring 586006 - CVE-2010-1436 kernel: gfs2 buffer overflow 587957 - Linux VM hangs while hot adding memory in VMware [rhel-5.5.z] 588219 - 25% performance regression of concurrent O_DIRECT writes. [rhel-5.5.z] 591493 - [Intel 5.6 Bug] Fix initialization of wakeup flags for e1000 [rhel-5.5.z] 591611 - virtio balloon should not use pages from kernel's reserve pools for fill requests [rhel-5.5.z] 592844 - RHEL5: tg3: 'SIOCSIFFLAGS: Invalid argument' setting IP [rhel-5.5.z] 592846 - missing power_meter release() function [rhel-5.5.z] 594054 - [5.5] SFQ qdisc crashes with limit of 2 packets [rhel-5.5.z] 594057 - [RHEL5] bonding mode 0 doesn't resend IGMP after a failure [rhel-5.5.z] 594061 - nfs: sys_read sometimes returns -EIO [rhel-5.5.z] 595579 - CVE-2010-1641 kernel: GFS2: The setflags ioctl() doesn't check file ownership 596384 - VFS: Busy inodes after unmount issue. [rhel-5.5.z] 596385 - implement dev_disable_lro for RHEL5 [rhel-5.5.z] 598355 - [5.5] SCTP: Check if the file structure is valid before checking the non-blocking flag [rhel-5.5.z] 599332 - e1000 and e1000e driver behaviour differences [rhel-5.5.z] 599730 - fasync_helper patch causing problems with GPFS [rhel-5.5.z] 599734 - should set ISVM bit (ECX:31) for CPUID leaf 0x00000001 [rhel-5.5.z] 599737 - vm.drop_caches corrupts hugepages and causes Oracle Database ORA-600 crashes [rhel-5.5.z] 599739 - PG_error bit is never cleared, even when a fresh I/O to the page succeeds [rhel-5.5.z] 600215 - [RHEL5] Netfilter modules unloading hangs [rhel-5.5.z] 600498 - netconsole fails with tg3 [rhel-5.5.z] 601080 - Timedrift on VM with pv_clock enabled, causing system hangs and sporadic time behaviour [rhel-5.5.z] 601090 - time drift due to incorrect accounting of lost ticks with VXTIME_PMTMR mode and VXTIME_TSC mode if 'tick_divider' > 1 [rhel-5.5.z] 607087 - bnx2x panic dumps with multiple interfaces enabled [rhel-5.5.z] |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0504.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-264 | Permissions, Privileges, and Access Controls |
14 % | CWE-476 | NULL Pointer Dereference |
14 % | CWE-416 | Use After Free |
14 % | CWE-399 | Resource Management Errors |
14 % | CWE-362 | Race Condition |
14 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10442 | |||
Oval ID: | oval:org.mitre.oval:def:10442 | ||
Title: | The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. | ||
Description: | The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1087 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10652 | |||
Oval ID: | oval:org.mitre.oval:def:10652 | ||
Title: | gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system. | ||
Description: | gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1436 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11824 | |||
Oval ID: | oval:org.mitre.oval:def:11824 | ||
Title: | The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess." | ||
Description: | The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0291 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19780 | |||
Oval ID: | oval:org.mitre.oval:def:19780 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1437 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19844 | |||
Oval ID: | oval:org.mitre.oval:def:19844 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1641 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20241 | |||
Oval ID: | oval:org.mitre.oval:def:20241 | ||
Title: | DSA-2003-1 linux-2.6 - several vulnerabilities | ||
Description: | NOTE: This kernel update marks the final planned kernel security update for the 2.6.18 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date. A final update that includes fixes for these issues in the 2.6.24 kernel is also in preparation and will be released shortly. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2003-1 CVE-2009-3080 CVE-2009-3726 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021 CVE-2009-4536 CVE-2010-0007 CVE-2010-0410 CVE-2010-0415 CVE-2010-0622 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20277 | |||
Oval ID: | oval:org.mitre.oval:def:20277 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | The Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) by sending datagrams through AF_TIPC before entering network mode, which triggers a NULL pointer dereference. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1187 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20417 | |||
Oval ID: | oval:org.mitre.oval:def:20417 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1088 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20502 | |||
Oval ID: | oval:org.mitre.oval:def:20502 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1436 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20522 | |||
Oval ID: | oval:org.mitre.oval:def:20522 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1087 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20536 | |||
Oval ID: | oval:org.mitre.oval:def:20536 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1173 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20549 | |||
Oval ID: | oval:org.mitre.oval:def:20549 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0291 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20551 | |||
Oval ID: | oval:org.mitre.oval:def:20551 | ||
Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0622 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28120 | |||
Oval ID: | oval:org.mitre.oval:def:28120 | ||
Title: | DEPRECATED: ELSA-2010-0504 -- kernel security and bug fix update (important) | ||
Description: | [2.6.18-194.8.1.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb (John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314] - [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702] - [net] bonding: fix xen+bonding+netconsole panic issue (Joe Jin) [orabug 9504524] - [rds] Patch rds to 1.4.2-14 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [mm] Enahance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki, Chris Mason, Herbert van den Bergh) [orabug 9245919] | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0504 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1088 CVE-2010-1173 CVE-2010-1187 CVE-2010-1436 CVE-2010-1437 CVE-2010-1641 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7532 | |||
Oval ID: | oval:org.mitre.oval:def:7532 | ||
Title: | DSA-2005 linux-2.6.24 -- privilege escalation/denial of service/sensitive memory leak | ||
Description: | NOTE: This kernel update marks the final planned kernel security update for the 2.6.24 kernel in the Debian release "etch". Although security support for "etch" officially ended on Feburary 15th, 2010, this update was already in preparation before that date. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Steve Beattie and Kees Cook reported an information leak in the maps and smaps files available under /proc. Local users may be able to read this data for setuid processes while the ELF binary is being loaded. Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. Dave Jones reported an issue in the gdth SCSI driver. A missing check for negative offsets in an ioctl call could be exploited by local users to create a denial of service or potentially gain elevated privileges. Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call. Joe Malicki discovered an issue in the megaraid_sas driver. Insufficient permissions on the sysfs dbg_lvl interface allow local users to modify the debug logging behavior. Roel Kluin discovered an issue in the hfc_usb driver, an ISDN driver for Colognechip HFC-S USB chip. A potential read overflow exists which may allow remote users to cause a denial of service condition. Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem. Anana V. Avati discovered an issue in the fuse subsystem. If the system is sufficiently low on memory, a local user can cause the kernel to dereference an invalid pointer resulting in a denial of service and potentially an escalation of privileges. Jay Fenlason discovered an issue in the firewire stack that allows local users to cause a denial of service by making a specially crafted ioctl call. Ted Ts’o discovered an issue in the ext4 filesystem that allows local users to cause a denial of service. For this to be exploitable, the local user must have sufficient privileges to mount a filesystem. Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted Ethernet frames. Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service or obtain elevated privileges. Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service. Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service or gain access to sensitive kernel memory. Jermome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service . | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2005 CVE-2009-2691 CVE-2009-2695 CVE-2009-3080 CVE-2009-3726 CVE-2009-3889 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4308 CVE-2009-4536 CVE-2009-4538 CVE-2010-0003 CVE-2010-0007 CVE-2010-0291 CVE-2010-0410 CVE-2010-0415 CVE-2010-0622 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6.24 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9655 | |||
Oval ID: | oval:org.mitre.oval:def:9655 | ||
Title: | The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. | ||
Description: | The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0622 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9715 | |||
Oval ID: | oval:org.mitre.oval:def:9715 | ||
Title: | Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. | ||
Description: | Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1437 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9832 | |||
Oval ID: | oval:org.mitre.oval:def:9832 | ||
Title: | The Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) by sending datagrams through AF_TIPC before entering network mode, which triggers a NULL pointer dereference. | ||
Description: | The Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) by sending datagrams through AF_TIPC before entering network mode, which triggers a NULL pointer dereference. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1187 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9916 | |||
Oval ID: | oval:org.mitre.oval:def:9916 | ||
Title: | The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. | ||
Description: | The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1641 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-08-09 | Linux Kernel <= 2.6.33.3 SCTP INIT Remote DoS |
OpenVAS Exploits
Date | Description |
---|---|
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2012-03-15 | Name : VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console an... File : nvt/gb_VMSA-2010-0016.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2010:0504 centos5 i386 File : nvt/gb_CESA-2010_0504_kernel_centos5_i386.nasl |
2011-04-22 | Name : SuSE Update for kernel SUSE-SA:2011:017 File : nvt/gb_suse_2011_017.nasl |
2010-12-09 | Name : Fedora Update for kernel FEDORA-2010-18432 File : nvt/gb_fedora_2010_18432_kernel_fc12.nasl |
2010-10-19 | Name : Mandriva Update for kernel MDVSA-2010:198 (kernel) File : nvt/gb_mandriva_MDVSA_2010_198.nasl |
2010-10-01 | Name : SuSE Update for kernel SUSE-SA:2010:046 File : nvt/gb_suse_2010_046.nasl |
2010-09-27 | Name : Mandriva Update for kernel MDVSA-2010:188 (kernel) File : nvt/gb_mandriva_MDVSA_2010_188.nasl |
2010-09-22 | Name : Fedora Update for kernel FEDORA-2010-14878 File : nvt/gb_fedora_2010_14878_kernel_fc12.nasl |
2010-09-10 | Name : SuSE Update for kernel SUSE-SA:2010:036 File : nvt/gb_suse_2010_036.nasl |
2010-09-07 | Name : Fedora Update for kernel FEDORA-2010-13903 File : nvt/gb_fedora_2010_13903_kernel_fc12.nasl |
2010-08-30 | Name : CentOS Update for kernel CESA-2010:0474 centos4 i386 File : nvt/gb_CESA-2010_0474_kernel_centos4_i386.nasl |
2010-08-30 | Name : Fedora Update for kernel FEDORA-2010-13058 File : nvt/gb_fedora_2010_13058_kernel_fc13.nasl |
2010-08-30 | Name : Fedora Update for kernel FEDORA-2010-13110 File : nvt/gb_fedora_2010_13110_kernel_fc12.nasl |
2010-08-06 | Name : Ubuntu Update for Linux kernel vulnerabilities USN-966-1 File : nvt/gb_ubuntu_USN_966_1.nasl |
2010-08-06 | Name : Fedora Update for kernel FEDORA-2010-11412 File : nvt/gb_fedora_2010_11412_kernel_fc12.nasl |
2010-08-06 | Name : Fedora Update for kernel FEDORA-2010-11462 File : nvt/gb_fedora_2010_11462_kernel_fc13.nasl |
2010-07-23 | Name : SuSE Update for kernel SUSE-SA:2010:031 File : nvt/gb_suse_2010_031.nasl |
2010-07-16 | Name : Fedora Update for kernel FEDORA-2010-10880 File : nvt/gb_fedora_2010_10880_kernel_fc12.nasl |
2010-07-12 | Name : Fedora Update for kernel FEDORA-2010-10876 File : nvt/gb_fedora_2010_10876_kernel_fc13.nasl |
2010-07-02 | Name : RedHat Update for kernel RHSA-2010:0504-01 File : nvt/gb_RHSA-2010_0504-01_kernel.nasl |
2010-06-18 | Name : Fedora Update for kernel FEDORA-2010-9209 File : nvt/gb_fedora_2010_9209_kernel_fc12.nasl |
2010-06-18 | Name : RedHat Update for kernel RHSA-2010:0474-01 File : nvt/gb_RHSA-2010_0474-01_kernel.nasl |
2010-06-07 | Name : Fedora Update for kernel FEDORA-2010-9183 File : nvt/gb_fedora_2010_9183_kernel_fc13.nasl |
2010-06-07 | Name : Ubuntu Update for linux regression USN-947-2 File : nvt/gb_ubuntu_USN_947_2.nasl |
2010-06-07 | Name : Ubuntu Update for Linux kernel vulnerabilities USN-947-1 File : nvt/gb_ubuntu_USN_947_1.nasl |
2010-06-03 | Name : Debian Security Advisory DSA 2053-1 (linux-2.6) File : nvt/deb_2053_1.nasl |
2010-05-04 | Name : Mandriva Update for kernel MDVSA-2010:088 (kernel) File : nvt/gb_mandriva_MDVSA_2010_088.nasl |
2010-03-22 | Name : SuSE Update for kernel SUSE-SA:2010:016 File : nvt/gb_suse_2010_016.nasl |
2010-03-22 | Name : Ubuntu Update for Linux kernel vulnerabilities USN-914-1 File : nvt/gb_ubuntu_USN_914_1.nasl |
2010-03-16 | Name : Debian Security Advisory DSA 2012-1 (linux-2.6) File : nvt/deb_2012_1.nasl |
2010-03-12 | Name : Mandriva Update for rsnapshot MDVA-2010:088 (rsnapshot) File : nvt/gb_mandriva_MDVA_2010_088.nasl |
2010-03-05 | Name : SuSE Update for kernel SUSE-SA:2010:014 File : nvt/gb_suse_2010_014.nasl |
2010-02-25 | Name : Debian Security Advisory DSA 2003-1 (linux-2.6) File : nvt/deb_2003_1.nasl |
2010-02-08 | Name : Ubuntu Update for Linux kernel vulnerabilities USN-894-1 File : nvt/gb_ubuntu_USN_894_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65066 | Linux Kernel fs/gfs2/file.c do_gfs2_set_flags Function SETFLAGS IOCTL Request... |
64865 | Linux Kernel gfs2 gfs2_quota Struct Out-of-bounds Write Local DoS |
64557 | Linux Kernel net/sctp/sm_make_chunk.c sctp_process_unk_param Function SCTPChu... |
64549 | Linux Kernel security/keys/keyring.c find_keyring_by_name Function Race Condi... |
63631 | Linux Kernel fs/nfs/pagelist.c nfs_wait_on_request Function DoS |
63630 | Linux Kernel fs/namei.c NFS Automount Symlink LOOKUP_FOLLOW Unspecified Issue |
63452 | Linux Kernel Transparent Inter-Process Communication (TIPC) AF_TIPC Datagram ... |
62380 | Linux Kernel kernel/futex.c wake_futex_pi Function Local DoS |
62379 | Linux Kernel mmap / mremap Function Local Privilege Escalation |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Linux kernel sctp_process_unk_param SCTPChunkInit buffer overflow attempt RuleID : 16724 - Revision : 7 - Type : OS-LINUX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0474.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0504.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100701_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100615_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7384.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7116.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7015.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-110413.nasl - Type : ACT_GATHER_INFO |
2011-03-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7381.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100721.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100618.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100709.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0016.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7112.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-198.nasl - Type : ACT_GATHER_INFO |
2010-09-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-188.nasl - Type : ACT_GATHER_INFO |
2010-09-24 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-100921.nasl - Type : ACT_GATHER_INFO |
2010-08-27 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12636.nasl - Type : ACT_GATHER_INFO |
2010-08-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0474.nasl - Type : ACT_GATHER_INFO |
2010-08-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-966-1.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-088.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0504.nasl - Type : ACT_GATHER_INFO |
2010-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-100709.nasl - Type : ACT_GATHER_INFO |
2010-07-13 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0504.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1804.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9209.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9183.nasl - Type : ACT_GATHER_INFO |
2010-06-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0474.nasl - Type : ACT_GATHER_INFO |
2010-06-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-947-2.nasl - Type : ACT_GATHER_INFO |
2010-06-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-947-1.nasl - Type : ACT_GATHER_INFO |
2010-05-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2053.nasl - Type : ACT_GATHER_INFO |
2010-05-07 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7011.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-100317.nasl - Type : ACT_GATHER_INFO |
2010-03-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-914-1.nasl - Type : ACT_GATHER_INFO |
2010-03-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2012.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100223.nasl - Type : ACT_GATHER_INFO |
2010-03-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-100223.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2005.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2003.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1996.nasl - Type : ACT_GATHER_INFO |
2010-02-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-894-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:35 |
|