Executive Summary
Summary | |
---|---|
Title | kernel security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0046 | First vendor Publication | 2010-01-19 |
Vendor | RedHat | Last vendor Modification | 2010-01-19 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * an array index error was found in the gdth driver. A local user could send a specially-crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the FUSE implementation. When a system is low on memory, fuse_put_request() could dereference an invalid pointer, possibly leading to a local denial of service or privilege escalation. (CVE-2009-4021, Important) * Tavis Ormandy discovered a deficiency in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important) * the Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table (via specially-crafted packets) for the emergency route flush to trigger, a deadlock could occur. Secondly, if the kernel routing cache was disabled, an uninitialized pointer would be left behind after a route lookup, leading to a kernel panic. (CVE-2009-4272, Important) * the RHSA-2009:0225 update introduced a rewrite attack flaw in the do_coredump() function. A local attacker able to guess the file name a process is going to dump its core to, prior to the process crashing, could use this flaw to append data to the dumped core file. This issue only affects systems that have "/proc/sys/fs/suid_dumpable" set to 2 (the default value is 0). (CVE-2006-6304, Moderate) The fix for CVE-2006-6304 changes the expected behavior: With suid_dumpable set to 2, the core file will not be recorded if the file already exists. For example, core files will not be overwritten on subsequent crashes of processes whose core files map to the same name. * an information leak was found in the Linux kernel. On AMD64 systems, 32-bit processes could access and read certain 64-bit registers by temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate) * the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV) support in the qla2xxx driver, resulting in two new sysfs pseudo files, "/sys/class/scsi_host/[a qla2xxx host]/vport_create" and "vport_delete". These two files were world-writable by default, allowing a local user to change SCSI host attributes. This flaw only affects systems using the qla2xxx driver and NPIV capable hardware. (CVE-2009-3556, Moderate) * permission issues were found in the megaraid_sas driver. The "dbg_lvl" and "poll_mode_io" files on the sysfs file system ("/sys/") had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate) * a NULL pointer dereference flaw was found in the firewire-ohci driver used for OHCI compliant IEEE 1394 controllers. A local, unprivileged user with access to /dev/fw* files could issue certain IOCTL calls, causing a denial of service or privilege escalation. The FireWire modules are blacklisted by default, and if enabled, only root has access to the files noted above by default. (CVE-2009-4138, Moderate) * a buffer overflow flaw was found in the hfs_bnode_read() function in the HFS file system implementation. This could lead to a denial of service if a user browsed a specially-crafted HFS file system, for example, by running "ls". (CVE-2009-4020, Low) Bug fix documentation for this update will be available shortly from www.redhat.com/docs/en-US/errata/RHSA-2010-0046/Kernel_Security_Update/ index.html Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 526068 - CVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs 526788 - CVE-2009-2910 kernel: x86_64 32 bit process register leak 537027 - Timedrift on VM with pv_clock enabled, causing system hangs and sporadic time behaviour [rhel-5.4.z] 537177 - CVE-2009-3556 kernel: qla2xxx NPIV vport management pseudofiles are world writable 537273 - CVE-2006-6304 kernel: use flag in do_coredump() 538734 - CVE-2009-4021 kernel: fuse: prevent fuse_put_request on invalid pointer 539414 - CVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl 539686 - bnx2: panic in bnx2_poll_work() [rhel-5.4.z] 540736 - CVE-2009-4020 kernel: hfs buffer overflow 540896 - PV clock fix throws off database application time [rhel-5.4.z] 542582 - kdump corefile cannot be backtraced in IA64 [rhel-5.4.z] 543448 - Using IPoIB, losing connectivity with 1 host, other hosts accessible [rhel-5.4.z] 544978 - glock_workqueue -- glock ref count via gfs2_glock_hold [rhel-5.4.z] 545411 - CVE-2009-4272 kernel: emergency route cache flushing leads to node deadlock 547236 - CVE-2009-4138 kernel: firewire: ohci: handle receive packets with a data length of zero 547521 - CRM#1971672, Data loss in GFS2 when multiple nodes writes to same file [rhel-5.4.z] 547530 - kernel: BUG: soft lockup - CPU#1 stuck for 13s! [httpd:4490] [rhel-5.4.z] 547906 - CVE-2009-4141 kernel: create_elf_tables can leave urandom in a bad state 548370 - kernel: sleeping vfs_check_frozen in called in atomic context from do_wp_page [rhel-5.4.z] 549905 - hvm, x86_64 guest panic on 2.6.18-164.9.1.el5 [rhel-5.4.z] 549906 - [NetApp 5.4.z bug] Emulex FC ports on RHEL 5.4 GA offlined during target controller faults [rhel-5.4.z] 549907 - Hang when echoing to /proc/sys/net/ipv4/route/secret_interval [rhel-5.4.z] 549908 - resize2fs online resize hangs [rhel-5.4.z] 550968 - RHEL5.4 guest with PV clock: inconsistent times returned by clock_gettime(CLOCK_REALTIME) and gettimeofday() [rhel-5.4.z] |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0046.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
CAPEC-17 | Accessing, Modifying or Executing Executable Files |
CAPEC-60 | Reusing Session IDs (aka Session Replay) |
CAPEC-61 | Session Fixation |
CAPEC-62 | Cross Site Request Forgery (aka Session Riding) |
CAPEC-122 | Exploitation of Authorization |
CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels |
CAPEC-232 | Exploitation of Privilege/Trust |
CAPEC-234 | Hijacking a privileged process |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
36 % | CWE-399 | Resource Management Errors |
18 % | CWE-264 | Permissions, Privileges, and Access Controls |
9 % | CWE-732 | Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25) |
9 % | CWE-667 | Insufficient Locking |
9 % | CWE-200 | Information Exposure |
9 % | CWE-129 | Improper Validation of Array Index |
9 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10516 | |||
Oval ID: | oval:org.mitre.oval:def:10516 | ||
Title: | The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. | ||
Description: | The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4021 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10797 | |||
Oval ID: | oval:org.mitre.oval:def:10797 | ||
Title: | The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump. | ||
Description: | The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-6304 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11167 | |||
Oval ID: | oval:org.mitre.oval:def:11167 | ||
Title: | A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. | ||
Description: | A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4272 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12862 | |||
Oval ID: | oval:org.mitre.oval:def:12862 | ||
Title: | ESX third party update for Service Console kernel | ||
Description: | Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3080 | Version: | 4 |
Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20189 | |||
Oval ID: | oval:org.mitre.oval:def:20189 | ||
Title: | VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues | ||
Description: | Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3080 | Version: | 4 |
Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21777 | |||
Oval ID: | oval:org.mitre.oval:def:21777 | ||
Title: | RHSA-2010:0046: kernel security and bug fix update (Important) | ||
Description: | A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0046-01 CESA-2010:0046 CVE-2006-6304 CVE-2009-2910 CVE-2009-3080 CVE-2009-3556 CVE-2009-3889 CVE-2009-3939 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4141 CVE-2009-4272 | Version: | 146 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27615 | |||
Oval ID: | oval:org.mitre.oval:def:27615 | ||
Title: | DEPRECATED: ELSA-2010-0046 -- kernel security and bug fix update (important) | ||
Description: | [2.6.18-164.11.1.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb ( John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support (Tina yang) [orabug 6993043] [bz 7258] - [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314] - FP register state is corrupted during the handling a SIGSEGV (Chuck Anderson) [orabug 7708133] [2.6.18-164.11.1.el5] - [firewire] ohci: handle receive packets with zero data (Jay Fenlason) [547241 547242] {CVE-2009-4138} - [x86] sanity check for AMD northbridges (Andrew Jones) [549905 547518] - [x86_64] disable vsyscall in kvm guests (Glauber Costa) [550968 542612] - [fs] ext3: replace lock_super with explicit resize lock (Eric Sandeen) [549908 525100] - [fs] respect flag in do_coredump (Danny Feng) [544188 544189] {CVE-2009-4036} - [gfs2] make O_APPEND behave as expected (Steven Whitehouse) [547521 544342] - [fs] hfs: fix a potential buffer overflow (Amerigo Wang) [540740 540741] {CVE-2009-4020} - [fuse] prevent fuse_put_request on invalid pointer (Danny Feng) [538736 538737] {CVE-2009-4021} - [mm] call vfs_check_frozen after unlocking the spinlock (Amerigo Wang) [548370 541956] - [infiniband] init neigh->dgid.raw on bonding events (Doug Ledford) [543448 538067] - [scsi] gdth: prevent negative offsets in ioctl (Amerigo Wang) [539420 539421] {CVE-2009-3080} - [fs] gfs2: fix glock ref count issues (Steven Whitehouse) [544978 539240] - [net] call cond_resched in rt_run_flush (Amerigo Wang) [547530 517588] - [scsi] megaraid: fix sas permissions in sysfs (Casey Dahlin) [537312 537313] {CVE-2009-3889 CVE-2009-3939} - [ia64] kdump: restore registers in the stack on init (Takao Indoh ) [542582 515753] - [x86] kvm: don't ask HV for tsc khz if not using kvmclock (Glauber Costa ) [537027 531268] - [net] sched: fix panic in bnx2_poll_work (John Feeney ) [539686 526481] - [x86_64] fix 32-bit process register leak (Amerigo Wang ) [526797 526798] - [cpufreq] add option to avoid smi while calibrating (Matthew Garrett ) [537343 513649] - [kvm] use upstream kvm_get_tsc_khz (Glauber Costa ) [540896 531025] - [net] fix unbalance rtnl locking in rt_secret_reschedule (Neil Horman ) [549907 510067] - [net] r8169: imporved rx length check errors (Neil Horman ) [552913 552438] - [scsi] lpfc: fix FC ports offlined during target controller faults (Rob Evers ) [549906 516541] - [net] emergency route cache flushing fixes (Thomas Graf ) [545662 545663] {CVE-2009-4272} - [fs] fasync: split 'fasync_helper()' into separate add/remove functions (Danny Feng ) [548656 548657] {CVE-2009-4141} - [scsi] qla2xxx: NPIV vport management pseudofiles are world writable (Tom Coughlan ) [537317 537318] {CVE-2009-3556} | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0046 CVE-2009-3889 CVE-2009-3939 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4141 CVE-2009-4272 CVE-2009-2910 CVE-2009-3080 CVE-2009-3556 CVE-2006-6304 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6744 | |||
Oval ID: | oval:org.mitre.oval:def:6744 | ||
Title: | Red Hat Linux Kernel 'qla2xxx' DriverSecurity Bypass Vulnerability | ||
Description: | A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3556 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6750 | |||
Oval ID: | oval:org.mitre.oval:def:6750 | ||
Title: | hfs Subsystem Stack-based Buffer Overflow Vulnerability | ||
Description: | Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4020 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6955 | |||
Oval ID: | oval:org.mitre.oval:def:6955 | ||
Title: | Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability | ||
Description: | The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4021 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7026 | |||
Oval ID: | oval:org.mitre.oval:def:7026 | ||
Title: | Red Hat Linux Kernel Routing Implementation Multiple Remote Denial of Service Vulnerabilities | ||
Description: | A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4272 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7054 | |||
Oval ID: | oval:org.mitre.oval:def:7054 | ||
Title: | Linux Kernel 'fasync_helper()' Local Privilege Escalation Vulnerability | ||
Description: | Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4141 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7101 | |||
Oval ID: | oval:org.mitre.oval:def:7101 | ||
Title: | Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability | ||
Description: | Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3080 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7163 | |||
Oval ID: | oval:org.mitre.oval:def:7163 | ||
Title: | Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability | ||
Description: | The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3889 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7359 | |||
Oval ID: | oval:org.mitre.oval:def:7359 | ||
Title: | Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability | ||
Description: | arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2910 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7376 | |||
Oval ID: | oval:org.mitre.oval:def:7376 | ||
Title: | Linux Kernel 'drivers/firewire/ohci.c' NULL Pointer Dereference Denial of Service Vulnerability | ||
Description: | drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4138 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7446 | |||
Oval ID: | oval:org.mitre.oval:def:7446 | ||
Title: | Linux Kernel Do_Coredump Security Bypass Vulnerability | ||
Description: | The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-6304 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7540 | |||
Oval ID: | oval:org.mitre.oval:def:7540 | ||
Title: | Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability | ||
Description: | The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3939 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9201 | |||
Oval ID: | oval:org.mitre.oval:def:9201 | ||
Title: | Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file. | ||
Description: | Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4141 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9527 | |||
Oval ID: | oval:org.mitre.oval:def:9527 | ||
Title: | drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. | ||
Description: | drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4138 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9738 | |||
Oval ID: | oval:org.mitre.oval:def:9738 | ||
Title: | A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. | ||
Description: | A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3556 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-05 | Name : CentOS Update for kernel CESA-2012:1323 centos5 File : nvt/gb_CESA-2012_1323_kernel_centos5.nasl |
2012-10-03 | Name : RedHat Update for kernel RHSA-2012:1323-01 File : nvt/gb_RHSA-2012_1323-01_kernel.nasl |
2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
2012-03-16 | Name : VMSA-2011-0009.3 VMware hosted product updates, ESX patches and VI Client upd... File : nvt/gb_VMSA-2011-0009.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:1671 centos4 i386 File : nvt/gb_CESA-2009_1671_kernel_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2010:0046 centos5 i386 File : nvt/gb_CESA-2010_0046_kernel_centos5_i386.nasl |
2010-09-10 | Name : SuSE Update for kernel SUSE-SA:2010:036 File : nvt/gb_suse_2010_036.nasl |
2010-03-22 | Name : SuSE Update for kernel SUSE-SA:2010:016 File : nvt/gb_suse_2010_016.nasl |
2010-03-05 | Name : SuSE Update for kernel SUSE-SA:2010:014 File : nvt/gb_suse_2010_014.nasl |
2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-1500 File : nvt/gb_fedora_2010_1500_kernel_fc11.nasl |
2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-1804 File : nvt/gb_fedora_2010_1804_kernel_fc11.nasl |
2010-02-25 | Name : Debian Security Advisory DSA 2003-1 (linux-2.6) File : nvt/deb_2003_1.nasl |
2010-02-19 | Name : Mandriva Update for kernel MDVSA-2010:034-1 (kernel) File : nvt/gb_mandriva_MDVSA_2010_034_1.nasl |
2010-02-19 | Name : SuSE Update for kernel SUSE-SA:2010:010 File : nvt/gb_suse_2010_010.nasl |
2010-02-19 | Name : SuSE Update for kernel SUSE-SA:2010:012 File : nvt/gb_suse_2010_012.nasl |
2010-02-15 | Name : Mandriva Update for kernel MDVSA-2010:034 (kernel) File : nvt/gb_mandriva_MDVSA_2010_034.nasl |
2010-02-08 | Name : Mandriva Update for kernel MDVSA-2010:030 (kernel) File : nvt/gb_mandriva_MDVSA_2010_030.nasl |
2010-02-08 | Name : RedHat Update for kernel RHSA-2010:0076-01 File : nvt/gb_RHSA-2010_0076-01_kernel.nasl |
2010-02-08 | Name : Ubuntu Update for Linux kernel vulnerabilities USN-894-1 File : nvt/gb_ubuntu_USN_894_1.nasl |
2010-01-20 | Name : RedHat Update for kernel RHSA-2010:0046-01 File : nvt/gb_RHSA-2010_0046-01_kernel.nasl |
2010-01-20 | Name : SuSE Update for kernel SUSE-SA:2010:005 File : nvt/gb_suse_2010_005.nasl |
2010-01-15 | Name : SuSE Update for kernel SUSE-SA:2010:001 File : nvt/gb_suse_2010_001.nasl |
2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1671 File : nvt/RHSA_2009_1671.nasl |
2009-12-30 | Name : CentOS Security Advisory CESA-2009:1671 (kernel) File : nvt/ovcesa2009_1671.nasl |
2009-12-14 | Name : Fedora Core 10 FEDORA-2009-13098 (kernel) File : nvt/fcore_2009_13098.nasl |
2009-12-10 | Name : SuSE Security Advisory SUSE-SA:2009:060 (kernel) File : nvt/suse_sa_2009_060.nasl |
2009-12-10 | Name : RedHat Security Advisory RHSA-2009:1635 File : nvt/RHSA_2009_1635.nasl |
2009-12-03 | Name : SLES11: Security update for Linux kernel File : nvt/sles11_ext4dev-kmp-def4.nasl |
2009-11-17 | Name : SLES10: Security update for Linux kernel File : nvt/sles10_kernel9.nasl |
2009-11-17 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5062456.nasl |
2009-11-11 | Name : Fedora Core 11 FEDORA-2009-10639 (kernel) File : nvt/fcore_2009_10639.nasl |
2009-11-11 | Name : Debian Security Advisory DSA 1928-1 (linux-2.6.24) File : nvt/deb_1928_1.nasl |
2009-11-11 | Name : SLES11: Security update for Linux kernel File : nvt/sles11_ext4dev-kmp-def3.nasl |
2009-11-11 | Name : SuSE Security Advisory SUSE-SA:2009:051 (kernel) File : nvt/suse_sa_2009_051.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1540 File : nvt/RHSA_2009_1540.nasl |
2009-10-27 | Name : Debian Security Advisory DSA 1915-1 (linux-2.6) File : nvt/deb_1915_1.nasl |
2009-10-19 | Name : Fedora Core 10 FEDORA-2009-10525 (kernel) File : nvt/fcore_2009_10525.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62122 | Linux Kernel on Red Hat net/ipv4/route.c IPv4 Routing Hash Table Packet Colli... |
62058 | Linux Kernel on Red Hat qla2xxx Driver SCSI Host Local Modification |
61687 | Linux Kernel fs/fcntl.c fasync_helper Function Use-after-free Local Privilege... |
61309 | Linux Kernel drivers/firewire/ohci.c ISO Packet IOCTL Handling Local DoS |
60795 | Linux Kernel hfs Subsystem fs/hfs/dir.c hfs_readdir Function Remote Overflow |
60558 | Linux Kernel fuse Subsystem fs/fuse/file.c fuse_direct_io Function Local DoS |
60311 | Linux Kernel drivers/scsi/gdth.c gdth_read_event() Function IOCTL Handling Lo... |
60202 | Linux Kernel megaraid_sas Driver dbg_lvl Permission Weakness I/O Multiple Lev... |
60201 | Linux Kernel megaraid_sas Driver poll_mode_io Permission Weakness I/O Mode Lo... |
59082 | Linux Kernel on x86_64 arch/x86/ia32/ia32entry.S 64-bit Mode ia32 Process Loc... |
31466 | Linux Kernel fs/exec.c do_coredump() Function File Overwrite |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-06-09 | IAVM : 2011-A-0075 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0028311 |
2010-01-28 | IAVM : 2010-A-0015 - Multiple Vulnerabilities in Red Hat Linux Kernel Severity : Category I - VMSKEY : V0022631 |
2010-01-07 | IAVM : 2010-A-0001 - Multiple Vulnerabilities in Linux Kernel Severity : Category I - VMSKEY : V0022180 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0009_remote.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0812-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1832-1.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-756.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-357.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-342.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0076.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0046.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1671.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1550.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1548.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1541.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1548.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1541.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0149.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091215_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100202_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6636.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6697.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7015.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6730.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6929.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6810.nasl - Type : ACT_GATHER_INFO |
2011-06-06 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0009.nasl - Type : ACT_GATHER_INFO |
2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100109.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6925.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6694.nasl - Type : ACT_GATHER_INFO |
2010-08-27 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12636.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1500.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
2010-05-07 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-7011.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-100223.nasl - Type : ACT_GATHER_INFO |
2010-03-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100223.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2005.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1928.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1915.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1996.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2003.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12578.nasl - Type : ACT_GATHER_INFO |
2010-02-16 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-100203.nasl - Type : ACT_GATHER_INFO |
2010-02-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-034.nasl - Type : ACT_GATHER_INFO |
2010-02-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-100128.nasl - Type : ACT_GATHER_INFO |
2010-02-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0076.nasl - Type : ACT_GATHER_INFO |
2010-02-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-894-1.nasl - Type : ACT_GATHER_INFO |
2010-02-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6806.nasl - Type : ACT_GATHER_INFO |
2010-02-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0076.nasl - Type : ACT_GATHER_INFO |
2010-02-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-030.nasl - Type : ACT_GATHER_INFO |
2010-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0046.nasl - Type : ACT_GATHER_INFO |
2010-01-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0046.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-100107.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100108.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-091218.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6726.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1671.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1671.nasl - Type : ACT_GATHER_INFO |
2009-12-14 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13098.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-864-1.nasl - Type : ACT_GATHER_INFO |
2009-12-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-091123.nasl - Type : ACT_GATHER_INFO |
2009-12-01 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-091123.nasl - Type : ACT_GATHER_INFO |
2009-11-16 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12541.nasl - Type : ACT_GATHER_INFO |
2009-11-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6632.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1548.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1541.nasl - Type : ACT_GATHER_INFO |
2009-11-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-091015.nasl - Type : ACT_GATHER_INFO |
2009-11-02 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-091016.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10639.nasl - Type : ACT_GATHER_INFO |
2009-10-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10525.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:11 |
|