Executive Summary
Summary | |
---|---|
Title | kernel security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:0836 | First vendor Publication | 2011-06-01 |
Vendor | RedHat | Last vendor Modification | 2011-06-01 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer underflow flaw, leading to a buffer overflow, was found in the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation. This could allow a remote attacker to cause a denial of service. (CVE-2011-1770, Important) * Missing sanity checks were found in setup_arg_pages() in the Linux kernel. When making the size of the argument and environment area on the stack very large, it could trigger a BUG_ON(), resulting in a local denial of service. (CVE-2010-3858, Moderate) * A missing validation check was found in the bcm_release() and raw_release() functions in the Linux kernel's Controller Area Network (CAN) implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1598, CVE-2011-1748, Moderate) * The fix for Red Hat Bugzilla bug 656461, as provided in RHSA-2011:0542, introduced a regression in the cifs_close() function in the Linux kernel's Common Internet File System (CIFS) implementation. A local, unprivileged user with write access to a CIFS file system could use this flaw to cause a denial of service. (CVE-2011-1771, Moderate) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770; Brad Spengler for reporting CVE-2010-3858; and Oliver Hartkopp for reporting CVE-2011-1748. This update also fixes various bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to resolve these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 645222 - CVE-2010-3858 kernel: setup_arg_pages: diagnose excessive argument size 698057 - CVE-2011-1598 CVE-2011-1748 kernel: missing check in can/bcm and can/raw socket releases 703011 - CVE-2011-1770 kernel: dccp: handle invalid feature options length 703016 - CVE-2011-1771 kernel: cifs oops when creating file with O_DIRECT set 704014 - [brocade 6.1 bug] bfa fc staying tech preview [rhel-6.1.z] |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-0836.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
60 % | CWE-476 | NULL Pointer Dereference |
20 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
20 % | CWE-191 | Integer Underflow (Wrap or Wraparound) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13909 | |||
Oval ID: | oval:org.mitre.oval:def:13909 | ||
Title: | USN-1164-1 -- linux-fsl-imx51 vulnerabilities | ||
Description: | linux-fsl-imx51: Linux kernel for IMX51 Multiple kernel flaws have been fixed. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1164-1 CVE-2010-3865 CVE-2010-3873 CVE-2010-3874 CVE-2010-3875 CVE-2010-3876 CVE-2010-3877 CVE-2010-3880 CVE-2010-4080 CVE-2010-4081 CVE-2010-4082 CVE-2010-4083 CVE-2010-4157 CVE-2010-4164 CVE-2010-4248 CVE-2010-4258 CVE-2010-4342 CVE-2010-4346 CVE-2010-4527 CVE-2010-4529 CVE-2010-4565 CVE-2010-4655 CVE-2010-4656 CVE-2011-0463 CVE-2011-0521 CVE-2011-0695 CVE-2011-0711 CVE-2011-0712 CVE-2011-1017 CVE-2011-1182 CVE-2011-1494 CVE-2011-1495 CVE-2011-1593 CVE-2011-1745 CVE-2011-2022 CVE-2011-1746 CVE-2011-1748 | Version: | 5 |
Platform(s): | Ubuntu 10.04 | Product(s): | linux-fsl-imx51 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19636 | |||
Oval ID: | oval:org.mitre.oval:def:19636 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3858 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27552 | |||
Oval ID: | oval:org.mitre.oval:def:27552 | ||
Title: | DEPRECATED: ELSA-2011-0836 -- kernel security and bug fix update (important) | ||
Description: | [2.6.32-131.2.1.el6] - [kernel] lib/vsprintf.c: add %pU to print UUID/GUIDs (Frantisek Hrbata) [704280 700299] - [scsi] megaraid_sas: Driver only report tape drive, JBOD and logic drives (Tomas Henzl) [704601 619422] [2.6.32-131.1.1.el6] - [net] dccp: handle invalid feature options length (Jiri Pirko) [703012 703013] {CVE-2011-1770} - [fs] cifs: check for private_data before trying to put it (Jeff Layton) [703017 702642] {CVE-2011-1771} - [net] can: add missing socket check in can/raw and can/bcm release (Jiri Pirko) [698482 698483] {CVE-2011-1748 CVE-2011-1598} - [netdrv] ixgbe: do not clear FCoE DDP error status for received ABTS (Andy Gospodarek) [704011 695966] - [netdrv] ixgbe: DCB remove ixgbe_fcoe_getapp routine (Andy Gospodarek) [704002 694358] - [fs] setup_arg_pages: diagnose excessive argument size (Oleg Nesterov) [645228 645229] {CVE-2010-3858} - [scsi] bfa: change tech-preview to cover all cases (Rob Evers) [704014 703251] - [scsi] bfa: driver version update (Rob Evers) [704282 703265] - [scsi] bfa: kdump fix (Rob Evers) [704282 703265] - [scsi] bfa: firmware download fix (Rob Evers) [704282 703265] - [netdrv] bna: fix memory leak during RX path cleanup (Ivan Vecera) [704000 698625] - [netdrv] bna: fix for clean fw re-initialization (Ivan Vecera) [704000 698625] - [scsi] ipr: improve interrupt service routine performance (Steve Best) [704009 696754] | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0836 CVE-2010-3858 CVE-2011-1598 CVE-2011-1748 CVE-2011-1770 CVE-2011-1771 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | kernel |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-02 | Name : SuSE Update for kernel openSUSE-SU-2012:0236-1 (kernel) File : nvt/gb_suse_2012_0236_1.nasl |
2012-08-02 | Name : SuSE Update for kernel openSUSE-SU-2012:0206-1 (kernel) File : nvt/gb_suse_2012_0206_1.nasl |
2012-07-30 | Name : CentOS Update for kernel CESA-2011:0004 centos5 x86_64 File : nvt/gb_CESA-2011_0004_kernel_centos5_x86_64.nasl |
2012-06-06 | Name : RedHat Update for kernel RHSA-2011:0836-01 File : nvt/gb_RHSA-2011_0836-01_kernel.nasl |
2012-03-16 | Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX... File : nvt/gb_VMSA-2011-0012.nasl |
2011-12-02 | Name : Fedora Update for kernel FEDORA-2011-16346 File : nvt/gb_fedora_2011_16346_kernel_fc14.nasl |
2011-11-11 | Name : Ubuntu Update for linux-lts-backport-natty USN-1256-1 File : nvt/gb_ubuntu_USN_1256_1.nasl |
2011-11-08 | Name : Fedora Update for kernel FEDORA-2011-15241 File : nvt/gb_fedora_2011_15241_kernel_fc14.nasl |
2011-10-31 | Name : Fedora Update for kernel FEDORA-2011-14747 File : nvt/gb_fedora_2011_14747_kernel_fc14.nasl |
2011-10-10 | Name : Fedora Update for kernel FEDORA-2011-12874 File : nvt/gb_fedora_2011_12874_kernel_fc14.nasl |
2011-09-23 | Name : Ubuntu Update for linux-ti-omap4 USN-1212-1 File : nvt/gb_ubuntu_USN_1212_1.nasl |
2011-09-16 | Name : Ubuntu Update for linux USN-1201-1 File : nvt/gb_ubuntu_USN_1201_1.nasl |
2011-09-16 | Name : Ubuntu Update for linux-ti-omap4 USN-1202-1 File : nvt/gb_ubuntu_USN_1202_1.nasl |
2011-09-16 | Name : Ubuntu Update for linux-fsl-imx51 USN-1204-1 File : nvt/gb_ubuntu_USN_1204_1.nasl |
2011-09-16 | Name : Ubuntu Update for linux-lts-backport-maverick USN-1205-1 File : nvt/gb_ubuntu_USN_1205_1.nasl |
2011-08-27 | Name : Fedora Update for kernel FEDORA-2011-11103 File : nvt/gb_fedora_2011_11103_kernel_fc14.nasl |
2011-08-12 | Name : Ubuntu Update for linux-lts-backport-maverick USN-1187-1 File : nvt/gb_ubuntu_USN_1187_1.nasl |
2011-08-12 | Name : Ubuntu Update for linux USN-1183-1 File : nvt/gb_ubuntu_USN_1183_1.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2011:0004 centos5 i386 File : nvt/gb_CESA-2011_0004_kernel_centos5_i386.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2264-1 (linux-2.6) File : nvt/deb_2264_1.nasl |
2011-07-18 | Name : Ubuntu Update for linux-mvl-dove USN-1159-1 File : nvt/gb_ubuntu_USN_1159_1.nasl |
2011-07-18 | Name : Ubuntu Update for linux USN-1168-1 File : nvt/gb_ubuntu_USN_1168_1.nasl |
2011-07-18 | Name : Ubuntu Update for linux USN-1167-1 File : nvt/gb_ubuntu_USN_1167_1.nasl |
2011-07-18 | Name : Ubuntu Update for linux-ec2 USN-1161-1 File : nvt/gb_ubuntu_USN_1161_1.nasl |
2011-07-12 | Name : Fedora Update for kernel FEDORA-2011-7823 File : nvt/gb_fedora_2011_7823_kernel_fc15.nasl |
2011-07-08 | Name : Ubuntu Update for linux USN-1160-1 File : nvt/gb_ubuntu_USN_1160_1.nasl |
2011-07-08 | Name : Ubuntu Update for linux-mvl-dove USN-1162-1 File : nvt/gb_ubuntu_USN_1162_1.nasl |
2011-07-08 | Name : Ubuntu Update for linux-fsl-imx51 USN-1164-1 File : nvt/gb_ubuntu_USN_1164_1.nasl |
2011-06-20 | Name : Fedora Update for kernel FEDORA-2011-7551 File : nvt/gb_fedora_2011_7551_kernel_fc14.nasl |
2011-05-06 | Name : SuSE Update for kernel SUSE-SA:2011:020 File : nvt/gb_suse_2011_020.nasl |
2011-04-22 | Name : SuSE Update for kernel SUSE-SA:2011:017 File : nvt/gb_suse_2011_017.nasl |
2011-03-07 | Name : Ubuntu Update for linux-lts-backport-maverick vulnerabilities USN-1083-1 File : nvt/gb_ubuntu_USN_1083_1.nasl |
2011-02-28 | Name : Ubuntu Update for linux vulnerabilities USN-1072-1 File : nvt/gb_ubuntu_USN_1072_1.nasl |
2011-01-24 | Name : Debian Security Advisory DSA 2126-1 (linux-2.6) File : nvt/deb_2126_1.nasl |
2011-01-14 | Name : Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1041-1 File : nvt/gb_ubuntu_USN_1041_1.nasl |
2011-01-11 | Name : RedHat Update for kernel RHSA-2011:0004-01 File : nvt/gb_RHSA-2011_0004-01_kernel.nasl |
2011-01-04 | Name : Mandriva Update for kernel MDVSA-2010:257 (kernel) File : nvt/gb_mandriva_MDVSA_2010_257.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74645 | Linux Kernel Common Internet File System (CIFS) Implementation cifs_close() F... |
73449 | Linux Kernel net/dccp/options.c dccp_parse_options Function DCCP Packet Remot... |
73040 | Linux Kernel net/can/raw.c raw_release Function Release Operation NULL Derefe... |
71884 | Linux Kernel net/can/bcm.c bcm_release() Function NULL Dereference Local DoS The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when a NULL pointer dereference error in the bcm_release() function to net/can/bcm.c occurs, and will result in loss of availability for the kernel. |
69551 | Linux Kernel fs/exec.c setup_arg_pages CONFIG_STACK_GROWSDOWN Crafted Exec Sy... Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when the 'setup_arg_pages' function in 'fs/exec.c' doesn't properly restrict the stack memory consumption of the 'arguments' or 'environment' when 'CONFIG_STACK_GROWSDOWN' is used, allowing a local attacker to cause a denial of service via a crafted exec system call. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-10-27 | IAVM : 2011-A-0147 - Multiple Vulnerabilities in VMware ESX and ESXi Severity : Category I - VMSKEY : V0030545 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0012_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO |
2014-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1253.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_kernel-120104.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_kernel-120104.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_kernel-110414.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0004.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0836.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-2019.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1083-1.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1093-1.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110104_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1256-1.nasl - Type : ACT_GATHER_INFO |
2011-10-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0012.nasl - Type : ACT_GATHER_INFO |
2011-09-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1212-1.nasl - Type : ACT_GATHER_INFO |
2011-09-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1205-1.nasl - Type : ACT_GATHER_INFO |
2011-09-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1204-1.nasl - Type : ACT_GATHER_INFO |
2011-09-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1202-1.nasl - Type : ACT_GATHER_INFO |
2011-09-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1201-1.nasl - Type : ACT_GATHER_INFO |
2011-08-23 | Name : The remote Fedora host is missing a security update. File : fedora_2011-11103.nasl - Type : ACT_GATHER_INFO |
2011-08-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1187-1.nasl - Type : ACT_GATHER_INFO |
2011-08-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1183-1.nasl - Type : ACT_GATHER_INFO |
2011-07-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-110718.nasl - Type : ACT_GATHER_INFO |
2011-07-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1168-1.nasl - Type : ACT_GATHER_INFO |
2011-07-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1159-1.nasl - Type : ACT_GATHER_INFO |
2011-07-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1167-1.nasl - Type : ACT_GATHER_INFO |
2011-07-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1161-1.nasl - Type : ACT_GATHER_INFO |
2011-07-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1164-1.nasl - Type : ACT_GATHER_INFO |
2011-07-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1162-1.nasl - Type : ACT_GATHER_INFO |
2011-06-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1160-1.nasl - Type : ACT_GATHER_INFO |
2011-06-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2264.nasl - Type : ACT_GATHER_INFO |
2011-06-12 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7551.nasl - Type : ACT_GATHER_INFO |
2011-06-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2240.nasl - Type : ACT_GATHER_INFO |
2011-06-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7823.nasl - Type : ACT_GATHER_INFO |
2011-06-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0836.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-110413.nasl - Type : ACT_GATHER_INFO |
2011-03-09 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-110228.nasl - Type : ACT_GATHER_INFO |
2011-03-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1072-1.nasl - Type : ACT_GATHER_INFO |
2011-01-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1041-1.nasl - Type : ACT_GATHER_INFO |
2011-01-07 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0004.nasl - Type : ACT_GATHER_INFO |
2011-01-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0004.nasl - Type : ACT_GATHER_INFO |
2010-12-17 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-257.nasl - Type : ACT_GATHER_INFO |
2010-11-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2126.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:54:44 |
|