This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2008-06-25
Product Enterprise Linux Last view 2019-11-04
Version 4 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:enterprise_linux

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2019-11-04 CVE-2005-4890

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

5 2015-08-14 CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

7.4 2014-06-05 CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

5 2013-01-18 CVE-2012-2124

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.

6.9 2011-02-24 CVE-2011-1011

The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application.

6.9 2010-03-16 CVE-2010-0729

A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call.

4.6 2008-06-25 CVE-2008-1951

Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability (sblim) libraries before 1-13a.el4_6.1 in Red Hat Enterprise Linux (RHEL) 4, and before 1-31.el5_2.1 in RHEL 5, allows local users to gain privileges via a malicious library in a certain subdirectory of /var/tmp, related to an incorrect RPATH setting, as demonstrated by a malicious libc.so library for tog-pegasus.

CWE : Common Weakness Enumeration

%idName
42% (3) CWE-264 Permissions, Privileges, and Access Controls
28% (2) CWE-399 Resource Management Errors
14% (1) CWE-326 Inadequate Encryption Strength
14% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
72541 Red Hat policycoreutils seunshare sandbox/seunshare.c seunshare_mount Functio...
63080 Linux Kernel on RHEL ia64 ptrace_check_attach Call Local Privilege Escalation
46547 Red Hat Linux sblim RPATH Variable Search Path Subversion Local Privilege Esc...

OpenVAS Exploits

id Description
2012-06-06 Name : RedHat Update for policycoreutils RHSA-2011:0414-01
File : nvt/gb_RHSA-2011_0414-01_policycoreutils.nasl
2011-03-24 Name : Fedora Update for policycoreutils FEDORA-2011-3043
File : nvt/gb_fedora_2011_3043_policycoreutils_fc14.nasl
2010-05-07 Name : RedHat Update for kernel RHSA-2010:0394-01
File : nvt/gb_RHSA-2010_0394-01_kernel.nasl
2009-03-06 Name : RedHat Update for sblim RHSA-2008:0497-01
File : nvt/gb_RHSA-2008_0497-01_sblim.nasl
2009-02-27 Name : CentOS Update for sblim-cmpi-base CESA-2008:0497 centos4 i386
File : nvt/gb_CESA-2008_0497_sblim-cmpi-base_centos4_i386.nasl
2009-02-27 Name : CentOS Update for sblim-cmpi-base CESA-2008:0497 centos4 x86_64
File : nvt/gb_CESA-2008_0497_sblim-cmpi-base_centos4_x86_64.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0113 Multiple Vulnerabilities in Juniper Networks CTPOS
Severity: Category I - VMSKEY: V0060737
2014-B-0103 Multiple Vulnerabilities in VMware Horizon View Client
Severity: Category I - VMSKEY: V0053509
2014-B-0102 Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5
Severity: Category I - VMSKEY: V0053507
2014-B-0101 Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1
Severity: Category I - VMSKEY: V0053505
2014-A-0115 Multiple Vulnerabilities in VMware Horizon View
Severity: Category I - VMSKEY: V0053501
2014-B-0097 Multiple Vulnerabilities in VMware ESXi 5.0
Severity: Category I - VMSKEY: V0053319
2014-A-0103 Multiple Vulnerabilities in Oracle E-Business
Severity: Category I - VMSKEY: V0053195
2014-A-0109 Multiple Vulnerabilities in VMware Fusion
Severity: Category I - VMSKEY: V0053183
2014-A-0110 Multiple Vulnerabilities in VMware Player
Severity: Category I - VMSKEY: V0053181
2014-A-0111 Multiple Vulnerabilities in VMware Workstation
Severity: Category I - VMSKEY: V0053179
2014-B-0095 Multiple Vulnerabilities in Splunk
Severity: Category I - VMSKEY: V0053177
2014-B-0088 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0052911
2014-B-0089 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0052909
2014-B-0091 Multiple Vulnerabilities in VMware vCenter Update Manager 5.5
Severity: Category I - VMSKEY: V0052907
2014-B-0084 HP Onboard Administrator Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0052901
2014-B-0085 Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity: Category I - VMSKEY: V0052899
2014-B-0092 Multiple Vulnerabilities in VMware vSphere Client 5.5
Severity: Category I - VMSKEY: V0052893
2014-A-0089 Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE)
Severity: Category I - VMSKEY: V0052805
2014-B-0079 Multiple Vulnerabilities in IBM AIX
Severity: Category I - VMSKEY: V0052641
2014-B-0078 Multiple Vulnerabilities in Blue Coat ProxySG
Severity: Category I - VMSKEY: V0052639
2014-A-0087 Multiple Vulnerabilities in McAfee ePolicy Orchestrator
Severity: Category I - VMSKEY: V0052637
2014-B-0080 Multiple Vulnerabilities in Stunnel
Severity: Category I - VMSKEY: V0052627
2014-B-0077 Multiple Vulnerabilities in McAfee Web Gateway
Severity: Category I - VMSKEY: V0052625
2014-A-0083 Multiple Vulnerabilities in OpenSSL
Severity: Category I - VMSKEY: V0052495

Snort® IPS/IDS

Date Description
2020-01-21 OpenSSL SSL ChangeCipherSpec man-in-the-middle attempt
RuleID : 52487 - Type : SERVER-OTHER - Revision : 1
2014-11-16 OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31484 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31483 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31482 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31481 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31480 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31479 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31478 - Type : SERVER-OTHER - Revision : 3
2014-11-16 OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31477 - Type : SERVER-OTHER - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-01-17 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201701-37.nasl - Type: ACT_GATHER_INFO
2016-04-01 Name: The remote device is affected by multiple vulnerabilities.
File: appletv_9_2.nasl - Type: ACT_GATHER_INFO
2016-03-22 Name: The remote Mac OS X host is affected by multiple vulnerabilities.
File: macosx_10_11_4.nasl - Type: ACT_GATHER_INFO
2016-03-22 Name: The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File: macosx_SecUpd2016-002.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-037f844d3e.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2015-c24af963a2.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-294.nasl - Type: ACT_GATHER_INFO
2016-02-26 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20140605-openssl-ios.nasl - Type: ACT_GATHER_INFO
2016-02-26 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20140605-openssl-iosxe.nasl - Type: ACT_GATHER_INFO
2016-02-26 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20140605-openssl-iosxr.nasl - Type: ACT_GATHER_INFO
2016-02-26 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20140605-openssl-nxos.nasl - Type: ACT_GATHER_INFO
2016-01-25 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-32.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0030-1.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0049-1.nasl - Type: ACT_GATHER_INFO
2015-12-30 Name: The remote VMware ESXi host is missing a security-related patch.
File: vmware_VMSA-2014-0006_remote.nasl - Type: ACT_GATHER_INFO
2015-12-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3430.nasl - Type: ACT_GATHER_INFO
2015-12-29 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-959.nasl - Type: ACT_GATHER_INFO
2015-12-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20151207_libxml2_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2015-12-15 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2015-628.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-2550.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2015-2550.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-2550.nasl - Type: ACT_GATHER_INFO
2015-11-17 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2812-1.nasl - Type: ACT_GATHER_INFO
2015-11-03 Name: The remote multi-function device is affected by multiple vulnerabilities.
File: xerox_xrx15ao_colorqube.nasl - Type: ACT_GATHER_INFO
2015-08-04 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20150722_libxml2_on_SL6_x.nasl - Type: ACT_GATHER_INFO