Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Linux kernel vulnerabilities
Informations
Name USN-578-1 First vendor Publication 2008-02-14
Vendor Ubuntu Last vendor Modification 2008-02-14
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
linux-image-2.6.15-51-386 2.6.15-51.66
linux-image-2.6.15-51-686 2.6.15-51.66
linux-image-2.6.15-51-amd64-generic 2.6.15-51.66
linux-image-2.6.15-51-amd64-k8 2.6.15-51.66
linux-image-2.6.15-51-amd64-server 2.6.15-51.66
linux-image-2.6.15-51-amd64-xeon 2.6.15-51.66
linux-image-2.6.15-51-hppa32 2.6.15-51.66
linux-image-2.6.15-51-hppa32-smp 2.6.15-51.66
linux-image-2.6.15-51-hppa64 2.6.15-51.66
linux-image-2.6.15-51-hppa64-smp 2.6.15-51.66
linux-image-2.6.15-51-itanium 2.6.15-51.66
linux-image-2.6.15-51-itanium-smp 2.6.15-51.66
linux-image-2.6.15-51-k7 2.6.15-51.66
linux-image-2.6.15-51-mckinley 2.6.15-51.66
linux-image-2.6.15-51-mckinley-smp 2.6.15-51.66
linux-image-2.6.15-51-powerpc 2.6.15-51.66
linux-image-2.6.15-51-powerpc-smp 2.6.15-51.66
linux-image-2.6.15-51-powerpc64-smp 2.6.15-51.66
linux-image-2.6.15-51-server 2.6.15-51.66
linux-image-2.6.15-51-server-bigiron 2.6.15-51.66
linux-image-2.6.15-51-sparc64 2.6.15-51.66
linux-image-2.6.15-51-sparc64-smp 2.6.15-51.66

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-386, linux-powerpc, linux-amd64-generic), a standard system upgrade will automatically perform this as well.

Details follow:

The minix filesystem did not properly validate certain filesystem values. If a local attacker could trick the system into attempting to mount a corrupted minix filesystem, the kernel could be made to hang for long periods of time, resulting in a denial of service. (CVE-2006-6058)

Alexander Schulze discovered that the skge driver does not properly use the spin_lock and spin_unlock functions. Remote attackers could exploit this by sending a flood of network traffic and cause a denial of service (crash). (CVE-2006-7229)

Hugh Dickins discovered that hugetlbfs performed certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE. A local user could exploit this and cause a denial of service via kernel panic. (CVE-2007-4133)

Chris Evans discovered an issue with certain drivers that use the ieee80211_rx function. Remote attackers could send a crafted 802.11 frame and cause a denial of service via crash. (CVE-2007-4997)

Alex Smith discovered an issue with the pwc driver for certain webcam devices. A local user with physical access to the system could remove the device while a userspace application had it open and cause the USB subsystem to block. (CVE-2007-5093)

Scott James Remnant discovered a coding error in ptrace. Local users could exploit this and cause the kernel to enter an infinite loop. (CVE-2007-5500)

Venustech AD-LAB discovered a buffer overflow in the isdn net subsystem. This issue is exploitable by local users via crafted input to the isdn_ioctl function. (CVE-2007-6063)

It was discovered that the isdn subsystem did not properly check for NULL termination when performing ioctl handling. A local user could exploit this to cause a denial of service. (CVE-2007-6151)

Blake Frantz discovered that when a root process overwrote an existing core file, the resulting core file retained the previous core file's ownership. Local users could exploit this to gain access to sensitive information. (CVE-2007-6206)

Hugh Dickins discovered the when using the tmpfs filesystem, under rare circumstances, a kernel page may be improperly cleared. A local user may be able to exploit this and read sensitive kernel data or cause a denial of service via crash. (CVE-2007-6417)

Bill Roman discovered that the VFS subsystem did not properly check access modes. A local user may be able to gain removal privileges on directories. (CVE-2008-0001)

Original Source

Url : http://www.ubuntu.com/usn/USN-578-1

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-399 Resource Management Errors
22 % CWE-200 Information Exposure
22 % CWE-189 Numeric Errors (CWE/SANS Top 25)
22 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10451
 
Oval ID: oval:org.mitre.oval:def:10451
Title: The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.
Description: The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4133
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10494
 
Oval ID: oval:org.mitre.oval:def:10494
Title: The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device.
Description: The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5093
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10596
 
Oval ID: oval:org.mitre.oval:def:10596
Title: Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."
Description: Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."
Family: unix Class: vulnerability
Reference(s): CVE-2007-4997
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10719
 
Oval ID: oval:org.mitre.oval:def:10719
Title: The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
Description: The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
Family: unix Class: vulnerability
Reference(s): CVE-2007-6206
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10971
 
Oval ID: oval:org.mitre.oval:def:10971
Title: The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.
Description: The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2007-6151
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17238
 
Oval ID: oval:org.mitre.oval:def:17238
Title: USN-574-1 -- linux-source-2.6.17/20/22 vulnerabilities
Description: The minix filesystem did not properly validate certain filesystem values.
Family: unix Class: patch
Reference(s): USN-574-1
CVE-2006-6058
CVE-2007-3107
CVE-2007-4567
CVE-2007-4849
CVE-2007-4997
CVE-2007-5093
CVE-2007-5500
CVE-2007-5501
CVE-2007-5966
CVE-2007-6063
CVE-2007-6151
CVE-2007-6206
CVE-2007-6417
CVE-2008-0001
 Version: 7
Platform(s): Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
 Product(s): linux-source-2.6.17
linux-source-2.6.20
linux-source-2.6.22
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17639
 
Oval ID: oval:org.mitre.oval:def:17639
Title: USN-578-1 -- linux-source-2.6.15 vulnerabilities
Description: The minix filesystem did not properly validate certain filesystem values.
Family: unix Class: patch
Reference(s): USN-578-1
CVE-2006-6058
CVE-2006-7229
CVE-2007-4133
CVE-2007-4997
CVE-2007-5093
CVE-2007-5500
CVE-2007-6063
CVE-2007-6151
CVE-2007-6206
CVE-2007-6417
CVE-2008-0001
 Version: 7
Platform(s): Ubuntu 6.06
 Product(s): linux-source-2.6.15
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18091
 
Oval ID: oval:org.mitre.oval:def:18091
Title: DSA-1381-2 linux-2.6
Description: Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1381-2
CVE-2006-5755
CVE-2007-4133
CVE-2007-4573
CVE-2007-5093
 Version: 7
Platform(s): Debian GNU/Linux 4.0
 Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18770
 
Oval ID: oval:org.mitre.oval:def:18770
Title: DSA-1479-1 linux-2.6
Description: Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1479-1
CVE-2007-2878
CVE-2007-4571
CVE-2007-6151
CVE-2008-0001
 Version: 7
Platform(s): Debian GNU/Linux 4.0
 Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20546
 
Oval ID: oval:org.mitre.oval:def:20546
Title: DSA-1436-1 linux-2.6 fai-kernels user-mode-linux - several vulnerabilities
Description: Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1436-1
CVE-2006-6058
CVE-2007-5966
CVE-2007-6063
CVE-2007-6206
CVE-2007-6417
 Version: 7
Platform(s): Debian GNU/Linux 4.0
 Product(s): linux-2.6
fai-kernels
user-mode-linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21882
 
Oval ID: oval:org.mitre.oval:def:21882
Title: ELSA-2008:0089: kernel security and bug fix update (Important)
Description: VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.
Family: unix Class: patch
Reference(s): ELSA-2008:0089-01
CVE-2007-3104
CVE-2007-5904
CVE-2007-6206
CVE-2007-6416
CVE-2008-0001
 Version: 25
Platform(s): Oracle Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6514
 
Oval ID: oval:org.mitre.oval:def:6514
Title: Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
Description: Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
Family: unix Class: vulnerability
Reference(s): CVE-2007-6063
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7654
 
Oval ID: oval:org.mitre.oval:def:7654
Title: DSA-1479 linux-2.6 -- several vulnerabilities
Description: Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Bart Oldeman reported a denial of service (DoS) issue in the VFAT filesystem that allows local users to corrupt a kernel structure resulting in a system crash. This is only an issue for systems which make use of the VFAT compat ioctl interface, such as systems running an "amd64" flavor kernel. Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module. Local users could exploit this issue to obtain sensitive information from the kernel. ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory by issuing ioctls with unterminated data. Bill Roman of Datalight noticed a coding error in the linux VFS subsystem that, under certain conditions, can allow local users to remove directories for which they should not have removal privileges. These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-17etch1. We recommend that you upgrade your kernel packages immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.
Family: unix Class: patch
Reference(s): DSA-1479
CVE-2007-2878
CVE-2007-4571
CVE-2007-6151
CVE-2008-0001
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8920
 
Oval ID: oval:org.mitre.oval:def:8920
Title: The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash).
Description: The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash).
Family: unix Class: vulnerability
Reference(s): CVE-2007-6417
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9709
 
Oval ID: oval:org.mitre.oval:def:9709
Title: VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.
Description: VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0001
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9846
 
Oval ID: oval:org.mitre.oval:def:9846
Title: Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
Description: Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
Family: unix Class: vulnerability
Reference(s): CVE-2007-6063
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9868
 
Oval ID: oval:org.mitre.oval:def:9868
Title: The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.
Description: The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5500
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 4
Os 2
Os 948
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for kernel CESA-2009:0001-01 centos2 i386
File : nvt/gb_CESA-2009_0001-01_kernel_centos2_i386.nasl
2010-09-10 Name : SuSE Update for kernel SUSE-SA:2010:036
File : nvt/gb_suse_2010_036.nasl
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5023071.nasl
2009-04-09 Name : Mandriva Update for kernel MDVSA-2008:112 (kernel)
File : nvt/gb_mandriva_MDVSA_2008_112.nasl
2009-04-09 Name : Mandriva Update for kernel MDVSA-2008:105 (kernel)
File : nvt/gb_mandriva_MDVSA_2008_105.nasl
2009-04-09 Name : Mandriva Update for kernel MDVSA-2008:044 (kernel)
File : nvt/gb_mandriva_MDVSA_2008_044.nasl
2009-04-09 Name : Mandriva Update for kernel MDKSA-2007:232 (kernel)
File : nvt/gb_mandriva_MDKSA_2007_232.nasl
2009-04-09 Name : Mandriva Update for kernel MDKSA-2007:226 (kernel)
File : nvt/gb_mandriva_MDKSA_2007_226.nasl
2009-03-23 Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerabilities USN-558-1
File : nvt/gb_ubuntu_USN_558_1.nasl
2009-03-23 Name : Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-578-1
File : nvt/gb_ubuntu_USN_578_1.nasl
2009-03-23 Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerabilities USN-574-1
File : nvt/gb_ubuntu_USN_574_1.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2008:0885-01
File : nvt/gb_RHSA-2008_0885-01_kernel.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2007:0993-01
File : nvt/gb_RHSA-2007_0993-01_kernel.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2007:1104-01
File : nvt/gb_RHSA-2007_1104-01_kernel.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2008:0055-01
File : nvt/gb_RHSA-2008_0055-01_kernel.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2008:0089-01
File : nvt/gb_RHSA-2008_0089-01_kernel.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2008:0154-01
File : nvt/gb_RHSA-2008_0154-01_kernel.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2008:0211-01
File : nvt/gb_RHSA-2008_0211-01_kernel.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2008:0275-01
File : nvt/gb_RHSA-2008_0275-01_kernel.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2008:0972-01
File : nvt/gb_RHSA-2008_0972-01_kernel.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2008:0973-03
File : nvt/gb_RHSA-2008_0973-03_kernel.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0973 centos3 i386
File : nvt/gb_CESA-2008_0973_kernel_centos3_i386.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0972 centos4 x86_64
File : nvt/gb_CESA-2008_0972_kernel_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0972 centos4 i386
File : nvt/gb_CESA-2008_0972_kernel_centos4_i386.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0211 centos3 x86_64
File : nvt/gb_CESA-2008_0211_kernel_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0211 centos3 i386
File : nvt/gb_CESA-2008_0211_kernel_centos3_i386.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0055 centos4 x86_64
File : nvt/gb_CESA-2008_0055_kernel_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0973 centos3 x86_64
File : nvt/gb_CESA-2008_0973_kernel_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0055 centos4 i386
File : nvt/gb_CESA-2008_0055_kernel_centos4_i386.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2007:1104 centos4 x86_64
File : nvt/gb_CESA-2007_1104_kernel_centos4_x86_64.nasl
2009-02-27 Name : Fedora Update for kernel FEDORA-2007-3751
File : nvt/gb_fedora_2007_3751_kernel_fc7.nasl
2009-02-27 Name : Fedora Update for kernel FEDORA-2007-3837
File : nvt/gb_fedora_2007_3837_kernel_fc8.nasl
2009-02-27 Name : Fedora Update for kernel FEDORA-2007-759
File : nvt/gb_fedora_2007_759_kernel_fc6.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2007:1104 centos4 i386
File : nvt/gb_CESA-2007_1104_kernel_centos4_i386.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-0742
File : nvt/gb_fedora_2008_0742_kernel_fc7.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-0984
File : nvt/gb_fedora_2008_0984_kernel_fc8.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-0958
File : nvt/gb_fedora_2008_0958_kernel_fc7.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-0748
File : nvt/gb_fedora_2008_0748_kernel_fc8.nasl
2009-02-10 Name : CentOS Security Advisory CESA-2009:0001-01 (kernel)
File : nvt/ovcesa2009_0001_01.nasl
2009-01-28 Name : SuSE Update for kernel SUSE-SA:2007:059
File : nvt/gb_suse_2007_059.nasl
2009-01-28 Name : SuSE Update for kernel SUSE-SA:2007:063
File : nvt/gb_suse_2007_063.nasl
2009-01-28 Name : SuSE Update for kernel SUSE-SA:2007:064
File : nvt/gb_suse_2007_064.nasl
2009-01-23 Name : SuSE Update for kernel SUSE-SA:2008:032
File : nvt/gb_suse_2008_032.nasl
2009-01-23 Name : SuSE Update for kernel SUSE-SA:2008:030
File : nvt/gb_suse_2008_030.nasl
2009-01-23 Name : SuSE Update for kernel SUSE-SA:2008:017
File : nvt/gb_suse_2008_017.nasl
2009-01-23 Name : SuSE Update for kernel SUSE-SA:2008:007
File : nvt/gb_suse_2008_007.nasl
2009-01-23 Name : SuSE Update for kernel-rt SUSE-SA:2008:013
File : nvt/gb_suse_2008_013.nasl
2009-01-13 Name : RedHat Security Advisory RHSA-2009:0001
File : nvt/RHSA_2009_0001.nasl
2009-01-07 Name : RedHat Security Advisory RHSA-2008:0787
File : nvt/RHSA_2008_0787.nasl
2008-03-11 Name : Debian Security Advisory DSA 1503-2 (kernel-source-2.4.27 (2.4.27-10sarge7))
File : nvt/deb_1503_2.nasl
2008-02-28 Name : Debian Security Advisory DSA 1503-1 (kernel-source-2.4.27 (2.4.27-10sarge6))
File : nvt/deb_1503_1.nasl
2008-02-28 Name : Debian Security Advisory DSA 1504-1 (kernel-source-2.6.8 (2.6.8-17sarge1))
File : nvt/deb_1504_1.nasl
2008-01-31 Name : Debian Security Advisory DSA 1428-1 (linux-2.6)
File : nvt/deb_1428_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1436-1 (linux-2.6)
File : nvt/deb_1436_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1428-2 (linux-2.6)
File : nvt/deb_1428_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1381-2 (linux-2.6)
File : nvt/deb_1381_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1381-1 (linux-2.6)
File : nvt/deb_1381_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
45283 Linux Kernel on Ubuntu skge Driver spin_*lock Functions Traffic Saturation Re...
44120 Linux Kernel mm/shmem.c shmem_getpage Function Arbitrary Memory Disclosure
40913 Linux Kernel isdn_common.c isdn_ioctl Function Local Overflow DoS
40910 Linux Kernel VFS Arbitrary Directory Truncation
39246 Linux Kernel wait_task_stopped Function Local DoS
39243 Linux Kernel fs/exec.c do_coredump() Function Local Information Disclosure
39240 Linux Kernel isdn_net.c isdn_net_setcfg() Function Local Overflow
39239 Linux Kernel s/hugetlbfs/inode.c Multiple Function Local DoS
39236 Linux Kernel net/ieee80211/ieee80211_rx.c ieee80211_rx() Function Remote DoS
39233 Linux Kernel Philips USB Webcam (pwc) Driver Disconnect Method Local DoS
30506 Linux Kernel minix File System Malformed Stream minix_bmap Function Local DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-22 IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0021867

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2008-2006.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2008-2005.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0275.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0973.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0972.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0885.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0211.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0154.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0089.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0055.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-1104.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0993.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0940.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080507_kernel_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20071219_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20071129_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20071022_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080123_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080131_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080305_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080924_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081119_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081216_kernel_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-4938.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-4745.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-5370.nasl - Type : ACT_GATHER_INFO
2010-08-27 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12636.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0940.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0885.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0275.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0089.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0154.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2008-0011.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-232.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-044.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0972.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-105.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-112.nasl - Type : ACT_GATHER_INFO
2009-01-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0001.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0973.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0973.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0972.nasl - Type : ACT_GATHER_INFO
2008-09-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0885.nasl - Type : ACT_GATHER_INFO
2008-07-08 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-5375.nasl - Type : ACT_GATHER_INFO
2008-06-24 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-5336.nasl - Type : ACT_GATHER_INFO
2008-05-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0275.nasl - Type : ACT_GATHER_INFO
2008-05-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0211.nasl - Type : ACT_GATHER_INFO
2008-05-09 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0211.nasl - Type : ACT_GATHER_INFO
2008-03-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0154.nasl - Type : ACT_GATHER_INFO
2008-02-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1503.nasl - Type : ACT_GATHER_INFO
2008-02-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1504.nasl - Type : ACT_GATHER_INFO
2008-02-14 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-4986.nasl - Type : ACT_GATHER_INFO
2008-02-14 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-4987.nasl - Type : ACT_GATHER_INFO
2008-02-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-578-1.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote Fedora host is missing a security update.
File : fedora_2008-0984.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-4970.nasl - Type : ACT_GATHER_INFO
2008-02-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-4935.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0055.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote Fedora host is missing a security update.
File : fedora_2008-0742.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-574-1.nasl - Type : ACT_GATHER_INFO
2008-02-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0055.nasl - Type : ACT_GATHER_INFO
2008-02-01 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-4943.nasl - Type : ACT_GATHER_INFO
2008-02-01 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-4941.nasl - Type : ACT_GATHER_INFO
2008-02-01 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-4929.nasl - Type : ACT_GATHER_INFO
2008-01-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1479.nasl - Type : ACT_GATHER_INFO
2008-01-29 Name : The remote Fedora host is missing a security update.
File : fedora_2008-0958.nasl - Type : ACT_GATHER_INFO
2008-01-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0089.nasl - Type : ACT_GATHER_INFO
2008-01-27 Name : The remote Fedora host is missing a security update.
File : fedora_2008-0748.nasl - Type : ACT_GATHER_INFO
2008-01-08 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-4752.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-1104.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1436.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-1104.nasl - Type : ACT_GATHER_INFO
2007-12-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-558-1.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-4741.nasl - Type : ACT_GATHER_INFO
2007-12-11 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-759.nasl - Type : ACT_GATHER_INFO
2007-12-11 Name : The remote Fedora host is missing a security update.
File : fedora_2007-3751.nasl - Type : ACT_GATHER_INFO
2007-12-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1428.nasl - Type : ACT_GATHER_INFO
2007-12-07 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-4749.nasl - Type : ACT_GATHER_INFO
2007-12-04 Name : The remote Fedora host is missing a security update.
File : fedora_2007-3837.nasl - Type : ACT_GATHER_INFO
2007-11-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0993.nasl - Type : ACT_GATHER_INFO
2007-11-12 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-4641.nasl - Type : ACT_GATHER_INFO
2007-10-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0940.nasl - Type : ACT_GATHER_INFO
2007-10-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1381.nasl - Type : ACT_GATHER_INFO
2007-08-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0672.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:04:56
  • Multiple Updates