This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2003-12-31
Product Enterprise Linux Last view 2015-08-14
Version 3.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:enterprise_linux

Activity : Overall

Related : CVE

  Date Alert Description
5 2015-08-14 CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

4.3 2010-07-02 CVE-2010-2598

LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."

6.9 2009-07-17 CVE-2009-1893

The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.

5 2009-06-26 CVE-2009-1887

agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.

7.1 2008-03-06 CVE-2008-1198

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

1.9 2007-09-18 CVE-2007-0004

The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.

4.9 2007-04-16 CVE-2007-2030

lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.

4 2006-10-17 CVE-2006-4342

The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked.

2.1 2004-12-31 CVE-2004-0491

The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.

4.6 2003-12-31 CVE-2003-0857

The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

CWE : Common Weakness Enumeration

%idName
28% (2) CWE-264 Permissions, Privileges, and Access Controls
14% (1) CWE-399 Resource Management Errors
14% (1) CWE-189 Numeric Errors
14% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
14% (1) CWE-20 Improper Input Validation
14% (1) CWE-16 Configuration

Open Source Vulnerability Database (OSVDB)

id Description
65972 LibTIFF on RHEL Unconfigured Compression Functionality Downsampled OJPEG Inpu...
60323 Linux IPTables Netlink Interface Spoofed Message Local DoS
56464 Red Hat Linux DHCP dhcpd configtest Function Symlink Arbitrary File Overwrite
56459 Net-SNMP snmpd agent/snmp_agent.c Crafted GETBULK Request Remote DoS
45907 Red Hat Linux Kernel NFS Client File Permission Information Disclosure
43144 Red Hat Enterprise Linux IPSec ifup Aggressive Mode PSK Hash Disclosure
37049 LHA lharc.c Insecure Temporary File Creation
30001 Red Hat Enterprise Linux Kernel shmat Local DoS
13932 Multiple Linux linux-2.4.21-mlock.patch mlock Memory Disclosure

OpenVAS Exploits

id Description
2012-02-21 Name : RedHat Update for initscripts RHSA-2012:0312-03
File : nvt/gb_RHSA-2012_0312-03_initscripts.nasl
2011-08-09 Name : CentOS Update for net-snmp CESA-2009:1124 centos3 i386
File : nvt/gb_CESA-2009_1124_net-snmp_centos3_i386.nasl
2011-08-09 Name : CentOS Update for dhclient CESA-2009:1154 centos3 i386
File : nvt/gb_CESA-2009_1154_dhclient_centos3_i386.nasl
2011-03-24 Name : Ubuntu Update for tiff regression USN-1085-2
File : nvt/gb_ubuntu_USN_1085_2.nasl
2011-03-15 Name : Ubuntu Update for tiff vulnerabilities USN-1085-1
File : nvt/gb_ubuntu_USN_1085_1.nasl
2010-08-20 Name : CentOS Update for libtiff CESA-2010:0520 centos3 i386
File : nvt/gb_CESA-2010_0520_libtiff_centos3_i386.nasl
2010-07-12 Name : RedHat Update for libtiff RHSA-2010:0520-01
File : nvt/gb_RHSA-2010_0520-01_libtiff.nasl
2009-07-29 Name : RedHat Security Advisory RHSA-2009:1154
File : nvt/RHSA_2009_1154.nasl
2009-07-29 Name : Mandrake Security Advisory MDVSA-2009:156 (net-snmp)
File : nvt/mdksa_2009_156.nasl
2009-07-29 Name : CentOS Security Advisory CESA-2009:1154 (dhcp)
File : nvt/ovcesa2009_1154.nasl
2009-06-30 Name : RedHat Security Advisory RHSA-2009:1124
File : nvt/RHSA_2009_1124.nasl
2009-06-30 Name : CentOS Security Advisory CESA-2009:1124 (net-snmp)
File : nvt/ovcesa2009_1124.nasl
2009-04-09 Name : Mandriva Update for lha MDKSA-2007:117 (lha)
File : nvt/gb_mandriva_MDKSA_2007_117.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-A-0105 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0021867

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-01-17 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201701-37.nasl - Type: ACT_GATHER_INFO
2016-04-01 Name: The remote device is affected by multiple vulnerabilities.
File: appletv_9_2.nasl - Type: ACT_GATHER_INFO
2016-03-22 Name: The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File: macosx_SecUpd2016-002.nasl - Type: ACT_GATHER_INFO
2016-03-22 Name: The remote Mac OS X host is affected by multiple vulnerabilities.
File: macosx_10_11_4.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-c24af963a2.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-037f844d3e.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote host is missing a security-related patch.
File: vmware_VMSA-2009-0014_remote.nasl - Type: ACT_GATHER_INFO
2016-01-25 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-32.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0049-1.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0030-1.nasl - Type: ACT_GATHER_INFO
2015-12-29 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-959.nasl - Type: ACT_GATHER_INFO
2015-12-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3430.nasl - Type: ACT_GATHER_INFO
2015-12-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20151207_libxml2_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2015-12-15 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2015-628.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-2550.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2015-2550.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-2550.nasl - Type: ACT_GATHER_INFO
2015-11-17 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2812-1.nasl - Type: ACT_GATHER_INFO
2015-08-04 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20150722_libxml2_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2015-07-31 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2015-0097.nasl - Type: ACT_GATHER_INFO
2015-07-30 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2015-1419.nasl - Type: ACT_GATHER_INFO
2015-07-28 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-1419.nasl - Type: ACT_GATHER_INFO
2015-07-23 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-1419.nasl - Type: ACT_GATHER_INFO
2015-07-08 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201507-08.nasl - Type: ACT_GATHER_INFO
2015-07-06 Name: The remote Debian host is missing a security update.
File: debian_DLA-266.nasl - Type: ACT_GATHER_INFO