Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title ESXi utilities and ESX Service Console third party updates
Informations
Name VMSA-2010-0009 First vendor Publication 2010-05-27
Vendor VMware Last vendor Modification 2010-05-27
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

a. Service Console update for COS kernel

Updated COS package "kernel" addresses the security issues that are fixed through versions 2.6.18-164.11.1.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1.

b. ESXi userworld update for ntp

The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source.

A vulnerability in ntpd could allow a remote attacker to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue.

c. Service Console package openssl updated to 0.9.8e-12.el5_4.1

OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide.

A memory leak in the zlib could allow a remote attacker to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4355 to this issue.

A vulnerability was discovered which may allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2409 to this issue.

This update also includes security fixes that were first addressed in version openssl-0.9.8e-12.el5.i386.rpm.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues.

d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to 2.2.14-15.

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.

Multiple integer underflows in the AES and RC4 functionality in the crypto library could allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4212 to this issue.

The service console package for pam_krb5 is updated to version pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In some non-default configurations (specifically, where pam_krb5 would be the first module to prompt for a password), a remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1384 to this issue.

e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2

BIND (Berkeley Internet Name Daemon) is by far the most widely used Domain Name System (DNS) software on the Internet.

A vulnerability was discovered which could allow remote attacker to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0097 to this issue.

A vulnerability was discovered which could allow remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains CNAME or DNAME records, which do not have the intended validation before caching.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0290 to this issue.

A vulnerability was found in the way that bind handles out-of- bailiwick data accompanying a secure response without re-fetching from the original source, which could allow remote attackers to have an unspecified impact via a crafted response.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0382 to this issue.

NOTE: ESX does not use the BIND name service daemon by default.

f. Service Console package gcc updated to 3.2.3-60

The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Java, and Ada, as well as libraries for these languages

GNU Libtool's ltdl.c attempts to open .la library files in the current working directory. This could allow a local user to gain privileges via a Trojan horse file. The GNU C Compiler collection (gcc) provided in ESX contains a statically linked version of the vulnerable code, and is being replaced.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3736 to this issue.

g. Service Console package gzip update to 1.3.3-15.rhel3

gzip is a software application used for file compression

An integer underflow in gzip's unlzw function on 64-bit platforms may allow a remote attacker to trigger an array index error leading to a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW compressed file.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0001 to this issue.

h. Service Console package sudo updated to 1.6.9p17-6.el5_4

Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.

When a pseudo-command is enabled, sudo permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0426 to this issue.

When the runas_default option is used, sudo does not properly set group memberships, which allows local users to gain privileges via a sudo command.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0427 to this issue.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2010-0009.html

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-61 Session Fixation
CAPEC-62 Cross Site Request Forgery (aka Session Riding)
CAPEC-122 Exploitation of Authorization
CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-232 Exploitation of Privilege/Trust
CAPEC-234 Hijacking a privileged process

CWE : Common Weakness Enumeration

% Id Name
29 % CWE-399 Resource Management Errors
18 % CWE-264 Permissions, Privileges, and Access Controls
15 % CWE-20 Improper Input Validation
12 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9 % CWE-200 Information Exposure
9 % CWE-189 Numeric Errors (CWE/SANS Top 25)
3 % CWE-362 Race Condition
3 % CWE-310 Cryptographic Issues
3 % CWE-287 Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10091
 
Oval ID: oval:org.mitre.oval:def:10091
Title: Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
Description: Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4020
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10198
 
Oval ID: oval:org.mitre.oval:def:10198
Title: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0590
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10209
 
Oval ID: oval:org.mitre.oval:def:10209
Title: The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Description: The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3613
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10216
 
Oval ID: oval:org.mitre.oval:def:10216
Title: The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.
Description: The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2908
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10310
 
Oval ID: oval:org.mitre.oval:def:10310
Title: The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
Description: The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3939
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10395
 
Oval ID: oval:org.mitre.oval:def:10395
Title: The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
Description: The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3612
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10516
 
Oval ID: oval:org.mitre.oval:def:10516
Title: The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack.
Description: The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4021
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10546
 
Oval ID: oval:org.mitre.oval:def:10546
Title: Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Description: Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0001
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10607
 
Oval ID: oval:org.mitre.oval:def:10607
Title: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
Description: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4536
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10740
 
Oval ID: oval:org.mitre.oval:def:10740
Title: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Description: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1387
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10763
 
Oval ID: oval:org.mitre.oval:def:10763
Title: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Description: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2409
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10797
 
Oval ID: oval:org.mitre.oval:def:10797
Title: The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
Description: The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
Family: unix Class: vulnerability
Reference(s): CVE-2006-6304
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10814
 
Oval ID: oval:org.mitre.oval:def:10814
Title: sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.
Description: sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0426
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10823
 
Oval ID: oval:org.mitre.oval:def:10823
Title: arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.
Description: arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2910
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10946
 
Oval ID: oval:org.mitre.oval:def:10946
Title: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Description: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0427
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10989
 
Oval ID: oval:org.mitre.oval:def:10989
Title: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
Description: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3080
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11018
 
Oval ID: oval:org.mitre.oval:def:11018
Title: The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
Description: The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3889
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11083
 
Oval ID: oval:org.mitre.oval:def:11083
Title: The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
Description: The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4567
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11167
 
Oval ID: oval:org.mitre.oval:def:11167
Title: A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.
Description: A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4272
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11179
 
Oval ID: oval:org.mitre.oval:def:11179
Title: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Description: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1386
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11225
 
Oval ID: oval:org.mitre.oval:def:11225
Title: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3563
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11260
 
Oval ID: oval:org.mitre.oval:def:11260
Title: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
Description: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4355
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11272
 
Oval ID: oval:org.mitre.oval:def:11272
Title: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Description: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4212
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11309
 
Oval ID: oval:org.mitre.oval:def:11309
Title: Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Description: Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1378
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11513
 
Oval ID: oval:org.mitre.oval:def:11513
Title: Service Console update for COS kernel
Description: Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3547
Version: 3
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11687
 
Oval ID: oval:org.mitre.oval:def:11687
Title: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3736
Version: 6
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11753
 
Oval ID: oval:org.mitre.oval:def:11753
Title: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
Description: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0382
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11783
 
Oval ID: oval:org.mitre.oval:def:11783
Title: DSA-2054 bind9 -- DNS cache poisoning
Description: Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data flag to a forged NXDOMAIN response for an existing domain. When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root , and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade".
Family: unix Class: patch
Reference(s): DSA-2054
CVE-2010-0097
CVE-2010-0290
CVE-2010-0382
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11897
 
Oval ID: oval:org.mitre.oval:def:11897
Title: DSA-2074 ncompress -- integer underflow
Description: Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive.
Family: unix Class: patch
Reference(s): DSA-2074
CVE-2010-0001
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): ncompress
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12141
 
Oval ID: oval:org.mitre.oval:def:12141
Title: AIX xntpd denial-of-service vulnerability
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3563
Version: 3
Platform(s): IBM AIX 5.3
IBM AIX 6.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12168
 
Oval ID: oval:org.mitre.oval:def:12168
Title: HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)
Description: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4355
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12205
 
Oval ID: oval:org.mitre.oval:def:12205
Title: HP-UX Running BIND, Remote Compromise of NXDOMAIN Responses.
Description: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0097
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12380
 
Oval ID: oval:org.mitre.oval:def:12380
Title: USN-905-1 -- sudo vulnerabilities
Description: It was discovered that sudo did not properly validate the path for the "sudoedit" pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. It was discovered that sudo did not reset group permissions when the "runas_default" configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04
Family: unix Class: patch
Reference(s): USN-905-1
CVE-2010-0426
CVE-2010-0427
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12440
 
Oval ID: oval:org.mitre.oval:def:12440
Title: VMware vmkernel third party e1000 Driver Packet Filter Bypass
Description: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4536
Version: 4
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12486
 
Oval ID: oval:org.mitre.oval:def:12486
Title: USN-884-1 -- openssl vulnerability
Description: It was discovered that OpenSSL did not correctly free unused memory in certain situations. A remote attacker could trigger this flaw in services that used SSL, causing the service to use all available system memory, leading to a denial of service.
Family: unix Class: patch
Reference(s): USN-884-1
CVE-2009-4355
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12656
 
Oval ID: oval:org.mitre.oval:def:12656
Title: DSA-1958-1 libtool -- privilege escalation
Description: It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. For the stable distribution, this problem has been fixed in version 1.5.26-4+lenny1. For the oldstable distribution, this problem has been fixed in version 1.5.22-4+etch1. For the testing distribution and unstable distribution, this problem has been fixed in 2.2.6b-1. We recommend that you upgrade your libtool packages.
Family: unix Class: patch
Reference(s): DSA-1958-1
CVE-2009-3736
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12783
 
Oval ID: oval:org.mitre.oval:def:12783
Title: DSA-1992-1 chrony -- several
Description: Several vulnerabilities have been discovered in chrony, a pair of programs which are used to maintain the accuracy of the system clock on a computer. This issues are similar to the NTP security flaw CVE-2009-3563. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0292 chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for unauthorised hosts. An attacker can abuse this behaviour to force two chronyd instances to play packet ping-pong by sending such a packet with spoofed source address and port. This results in high CPU and network usage and thus denial of service conditions. CVE-2010-0293 The client logging facility of chronyd doesn't limit memory that is used to store client information. An attacker can cause chronyd to allocate large amounts of memory by sending NTP or cmdmon packets with spoofed source addresses resulting in memory exhaustion. CVE-2010-0294 chronyd lacks of a rate limit control to the syslog facility when logging received packets from unauthorised hosts. This allows an attacker to cause denial of service conditions via filling up the logs and thus disk space by repeatedly sending invalid cmdmon packets. For the oldstable distribution, this problem has been fixed in version 1.21z-5+etch1. For the stable distribution, this problem has been fixed in version 1.23-6+lenny1. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your chrony packages.
Family: unix Class: patch
Reference(s): DSA-1992-1
CVE-2010-0292
CVE-2010-0293
CVE-2010-0294
CVE-2009-3563
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): chrony
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12862
 
Oval ID: oval:org.mitre.oval:def:12862
Title: ESX third party update for Service Console kernel
Description: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3080
Version: 4
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13115
 
Oval ID: oval:org.mitre.oval:def:13115
Title: DSA-2054-2 bind9 -- DNS cache poisoning
Description: This update restores the PID file location for bind to the location before the last security update. For reference, here is the original advisory text that explains the security problems fixed: Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data flag to a forged NXDOMAIN response for an existing domain. CVE-2010-0290 When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. CVE-2010-0382 When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root, and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade". For the stable distribution, these problems have been fixed in version 1:9.6.ESV.R1+dfsg-0+lenny2. The unstable distribution is not affected by the wrong PID file location. We recommend that you upgrade your bind9 packages.
Family: unix Class: patch
Reference(s): DSA-2054-2
CVE-2010-0097
CVE-2010-0290
CVE-2010-0382
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13174
 
Oval ID: oval:org.mitre.oval:def:13174
Title: USN-881-1 -- krb5 vulnerability
Description: It was discovered that Kerberos did not correctly handle invalid AES blocks. An unauthenticated remote attacker could send specially crafted traffic that would crash the KDC service, leading to a denial of service, or possibly execute arbitrary code with root privileges.
Family: unix Class: patch
Reference(s): USN-881-1
CVE-2009-4212
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13187
 
Oval ID: oval:org.mitre.oval:def:13187
Title: DSA-2054-1 bind9 -- DNS cache poisoning
Description: Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data flag to a forged NXDOMAIN response for an existing domain. CVE-2010-0290 When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. CVE-2010-0382 When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root, and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade". For the stable distribution, these problems have been fixed in version 1:9.6.ESV.R1+dfsg-0+lenny1. For the unstable distribution, these problems have been fixed in version 1:9.7.0.dfsg-1. We recommend that you upgrade your bind9 packages.
Family: unix Class: patch
Reference(s): DSA-2054-1
CVE-2010-0097
CVE-2010-0290
CVE-2010-0382
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13226
 
Oval ID: oval:org.mitre.oval:def:13226
Title: ESX third party update for Service Console kernel
Description: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4536
Version: 4
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13303
 
Oval ID: oval:org.mitre.oval:def:13303
Title: DSA-1970-1 openssl -- denial of service
Description: It was discovered that a significant memory leak could occur in openssl, related to the reinitialisation of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded. The old stable distribution is not affected by this issue. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny6. The packages for the arm architecture are not included in this advisory. They will be released as soon as they become available. For the testing distribution and the unstable distribution, this problem will be fixed soon. The issue does not seem to be exploitable with the apache2 package contained in squeeze/sid. We recommend that you upgrade your openssl packages. You also need to restart your Apache httpd server to make sure it uses the updated libraries.
Family: unix Class: patch
Reference(s): DSA-1970-1
CVE-2009-4355
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13325
 
Oval ID: oval:org.mitre.oval:def:13325
Title: USN-889-1 -- gzip vulnerabilities
Description: It was discovered that gzip incorrectly handled certain malformed compressed files. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Aki Helin discovered that gzip incorrectly handled certain malformed files compressed with the Lempel–Ziv–Welch algorithm. If a user or automated system were tricked into opening a specially crafted gzip file, an attacker could cause gzip to crash or possibly execute arbitrary code with the privileges of the user invoking the program
Family: unix Class: patch
Reference(s): USN-889-1
CVE-2009-2624
CVE-2010-0001
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): gzip
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13334
 
Oval ID: oval:org.mitre.oval:def:13334
Title: USN-928-1 -- sudo vulnerability
Description: Valerio Costamagna discovered that sudo did not properly validate the path for the "sudoedit" pseudo-command when the PATH contained only a dot. If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This is a different but related issue to CVE-2010-0426.
Family: unix Class: patch
Reference(s): USN-928-1
CVE-2010-0426
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13351
 
Oval ID: oval:org.mitre.oval:def:13351
Title: DSA-1928-1 linux-2.6.24 -- privilege escalation/denial of service/sensitive memory leak
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2846 Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. CVE-2009-2847 Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. CVE-2009-2848 Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service. CVE-2009-2849 Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service. CVE-2009-2903 Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp"N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. CVE-2009-2908 Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service by causing a dentry value to go negative. CVE-2009-2909 Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt can result in a denial of service. CVE-2009-2910 Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. CVE-2009-3001 Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. CVE-2009-3002 Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP, NET/ROM, Acorn Econet/AUN, and Controller Area Network implementations. Local users can exploit these issues to gain access to kernel memory. CVE-2009-3228 Eric Dumazet reported an instance of uninitialised kernel memory in the network packet scheduler. Local users may be able to exploit this issue to read the contents of sensitive kernel memory. CVE-2009-3238 Linus Torvalds provided a change to the get_random_int function to increase its randomness. CVE-2009-3286 Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. CVE-2009-3547 Earl Chew discovered a NULL pointer dereference issue in the pipe_rdwr_open function which can be used by local users to gain elevated privileges. CVE-2009-3612 Jiri Pirko discovered a typo in the initialisation of a structure in the netlink subsystem that may allow local users to gain access to sensitive kernel memory. CVE-2009-3613 Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service by transmitting a large amount of jumbo frames. CVE-2009-3620 Ben Hutchings discovered an issue in the DRM manager for ATI Rage 128 graphics adapters. Local users may be able to exploit this vulnerability to cause a denial of service. CVE-2009-3621 Tomoki Sekiyama discovered a deadlock condition in the UNIX domain socket implementation. Local users can exploit this vulnerability to cause a denial of service. For the oldstable distribution, this problem has been fixed in version 2.6.24-6~etchnhalf.9etch1. We recommend that you upgrade your linux-2.6.24 packages. Note: Debian "etch" includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian "etch" concludes. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, lower severity 2.6.18 and 2.6.24 updates will typically release in a staggered or "leap-frog" fashion.
Family: unix Class: patch
Reference(s): DSA-1928-1
CVE-2009-2846
CVE-2009-2847
CVE-2009-2848
CVE-2009-2849
CVE-2009-2903
CVE-2009-2908
CVE-2009-2909
CVE-2009-2910
CVE-2009-3001
CVE-2009-3002
CVE-2009-3228
CVE-2009-3238
CVE-2009-3286
CVE-2009-3547
CVE-2009-3612
CVE-2009-3613
CVE-2009-3620
CVE-2009-3621
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): linux-2.6.24
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13409
 
Oval ID: oval:org.mitre.oval:def:13409
Title: USN-830-1 -- openssl vulnerability
Description: Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation.
Family: unix Class: patch
Reference(s): USN-830-1
CVE-2009-2409
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13488
 
Oval ID: oval:org.mitre.oval:def:13488
Title: USN-867-1 -- ntp vulnerability
Description: Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remote attacker could send a crafted NTP mode 7 packet with a spoofed IP address of an affected server and cause a denial of service via CPU and disk resource consumption.
Family: unix Class: patch
Reference(s): USN-867-1
CVE-2009-3563
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13497
 
Oval ID: oval:org.mitre.oval:def:13497
Title: USN-888-1 -- bind9 vulnerabilities
Description: It was discovered that Bind would incorrectly cache bogus NXDOMAIN responses. When DNSSEC validation is in use, a remote attacker could exploit this to cause a denial of service, and possibly poison DNS caches. USN-865-1 provided updated Bind packages to fix a security vulnerability. The upstream security patch to fix CVE-2009-4022 was incomplete and CVE-2010-0290 was assigned to the issue. This update corrects the problem. Original advisory details: Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
Family: unix Class: patch
Reference(s): USN-888-1
CVE-2010-0097
CVE-2009-4022
CVE-2010-0290
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13574
 
Oval ID: oval:org.mitre.oval:def:13574
Title: DSA-1969-1 krb5 -- integer underflow
Description: It was discovered that krb5, a system for authenticating users and services on a network, is prone to integer underflow in the AES and RC4 decryption operations of the crypto library. A remote attacker can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution. For the old stable distribution, this problem has been fixed in version 1.4.4-7etch8. For the stable distribution, this problem has been fixed in version 1.6.dfsg.4~beta1-5lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.8+dfsg~alpha1-1. We recommend that you upgrade your krb5 package.
Family: unix Class: patch
Reference(s): DSA-1969-1
CVE-2009-4212
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13583
 
Oval ID: oval:org.mitre.oval:def:13583
Title: DSA-2074-1 ncompress -- integer underflow
Description: Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. For the stable distribution, this problem has been fixed in version 4.2.4.2-1+lenny1. For the testing and unstable distribution, this problem has been fixed in version 4.2.4.3-1. We recommend that you upgrade your ncompress package.
Family: unix Class: patch
Reference(s): DSA-2074-1
CVE-2010-0001
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): ncompress
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13588
 
Oval ID: oval:org.mitre.oval:def:13588
Title: DSA-1915-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Description: Notice: Debian 5.0.4, the next point release of Debian "lenny", will include a new default value for the mmap_min_addr tunable. This change will add an additional safeguard against a class of security vulnerabilities known as "NULL pointer dereference" vulnerabilities, but it will need to be overridden when using certain applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2695 Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. CVE-2009-2903 Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp"N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. CVE-2009-2908 Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service by causing a dentry value to go negative. CVE-2009-2909 Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt can result in a denial of service. CVE-2009-2910 Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. CVE-2009-3001 Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. CVE-2009-3002 Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP, NET/ROM, Acorn Econet/AUN, and Controller Area Network implementations. Local users can exploit these issues to gain access to kernel memory. CVE-2009-3286 Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. CVE-2009-3290 Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service and read or write guest kernel memory. CVE-2009-3613 Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service by transmitting a large amount of jumbo frames. For the stable distribution, this problem has been fixed in version 2.6.26-19lenny1. For the oldstable distribution, these problems, where applicable, will be fixed in updates to linux-2.6 and linux-2.6.24. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 user-mode-linux 2.6.26-1um-2+19lenny1
Family: unix Class: patch
Reference(s): DSA-1915-1
CVE-2009-2695
CVE-2009-2903
CVE-2009-2908
CVE-2009-2909
CVE-2009-2910
CVE-2009-3001
CVE-2009-3002
CVE-2009-3286
CVE-2009-3290
CVE-2009-3613
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13721
 
Oval ID: oval:org.mitre.oval:def:13721
Title: DSA-1888-1 openssl, openssl097 -- cryptographic weakness
Description: Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they’re no longer considered cryptographically secure. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny5. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch9 for openssl and version 0.9.7k-3.1etch5 for openssl097. The OpenSSL 0.9.8 update for oldstable also provides updated packages for multiple denial of service vulnerabilities in the Datagram Transport Layer Security implementation. These fixes were already provided for Debian stable in a previous point update. The OpenSSL 0.9.7 package from oldstable is not affected. For the unstable distribution, this problem has been fixed in version 0.9.8k-5. We recommend that you upgrade your openssl packages.
Family: unix Class: patch
Reference(s): DSA-1888-1
CVE-2009-2409
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379
CVE-2009-1386
CVE-2009-1387
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): openssl
openssl097
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13735
 
Oval ID: oval:org.mitre.oval:def:13735
Title: DSA-1929-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1883 Solar Designer discovered a missing capability check in the z90crypt driver or s390 systems. This vulnerability may allow a local user to gain elevated privileges. CVE-2009-2909 Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt can result in a denial of service. CVE-2009-3001 Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. CVE-2009-3002 Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP, NET/ROM, Acorn Econet/AUN, and Controller Area Network implementations. Local users can exploit these issues to gain access to kernel memory. CVE-2009-3228 Eric Dumazet reported an instance of uninitialised kernel memory in the network packet scheduler. Local users may be able to exploit this issue to read the contents of sensitive kernel memory. CVE-2009-3238 Linus Torvalds provided a change to the get_random_int function to increase its randomness. CVE-2009-3286 Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. CVE-2009-3547 Earl Chew discovered a NULL pointer dereference issue in the pipe_rdwr_open function which can be used by local users to gain elevated privileges. CVE-2009-3612 Jiri Pirko discovered a typo in the initialisation of a structure in the netlink subsystem that may allow local users to gain access to sensitive kernel memory. CVE-2009-3621 Tomoki Sekiyama discovered a deadlock condition in the UNIX domain socket implementation. Local users can exploit this vulnerability to cause a denial of service. For the oldstable distribution, this problem has been fixed in version 2.6.18.dfsg.1-26etch1. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Note: Debian "etch" includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian "etch" concludes. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, lower severity 2.6.18 and 2.6.24 updates will typically release in a staggered or "leap-frog" fashion. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 4.0 fai-kernels 1.17+etch.26etch1 user-mode-linux 2.6.18-1um-2etch.26etch1
Family: unix Class: patch
Reference(s): DSA-1929-1
CVE-2009-1883
CVE-2009-2909
CVE-2009-3001
CVE-2009-3002
CVE-2009-3228
CVE-2009-3238
CVE-2009-3286
CVE-2009-3547
CVE-2009-3612
CVE-2009-3621
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13737
 
Oval ID: oval:org.mitre.oval:def:13737
Title: DSA-1874-1 nss -- several
Description: Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. CVE-2009-2408 Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. CVE-2009-2409 Certificates with MD2 hash signatures are no longer accepted since they’re no longer considered cryptographically secure. The old stable distribution doesn’t contain nss. For the stable distribution, these problems have been fixed in version 3.12.3.1-0lenny1. For the unstable distribution, these problems have been fixed in version 3.12.3.1-1. We recommend that you upgrade your nss packages.
Family: unix Class: patch
Reference(s): DSA-1874-1
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13751
 
Oval ID: oval:org.mitre.oval:def:13751
Title: DSA-1763-1 openssl -- programming error
Description: It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch5 of the openssl package and in version 0.9.7k-3.1etch3 of the openssl097 package. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny1. For the unstable distribution, this problem has been fixed in version 0.9.8g-16. We recommend that you upgrade your openssl packages.
Family: unix Class: patch
Reference(s): DSA-1763-1
CVE-2009-0590
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13780
 
Oval ID: oval:org.mitre.oval:def:13780
Title: USN-810-2 -- nspr update
Description: USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site
Family: unix Class: patch
Reference(s): USN-810-2
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): nspr
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13799
 
Oval ID: oval:org.mitre.oval:def:13799
Title: USN-750-1 -- openssl vulnerability
Description: It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL.
Family: unix Class: patch
Reference(s): USN-750-1
CVE-2009-0590
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13850
 
Oval ID: oval:org.mitre.oval:def:13850
Title: USN-810-1 -- nss vulnerabilities
Description: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service or execute arbitrary code as the user invoking the program. Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site
Family: unix Class: patch
Reference(s): USN-810-1
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13891
 
Oval ID: oval:org.mitre.oval:def:13891
Title: USN-792-1 -- openssl vulnerabilities
Description: It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly free memory when processing DTLS fragments. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly handle certain server certificates when processing DTLS packets. A remote DTLS server could cause a denial of service by sending a message containing a specially crafted server certificate. It was discovered that OpenSSL did not properly handle a DTLS ChangeCipherSpec packet when it occured before ClientHello. A remote attacker could cause a denial of service by sending a specially crafted request. It was discovered that OpenSSL did not properly handle out of sequence DTLS handshake messages. A remote attacker could cause a denial of service by sending a specially crafted request
Family: unix Class: patch
Reference(s): USN-792-1
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379
CVE-2009-1386
CVE-2009-1387
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17673
 
Oval ID: oval:org.mitre.oval:def:17673
Title: DSA-1948-1 ntp - denial of service
Description: Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets.
Family: unix Class: patch
Reference(s): DSA-1948-1
CVE-2009-3563
Version: 5
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18169
 
Oval ID: oval:org.mitre.oval:def:18169
Title: DSA-2006-1 sudo - several vulnerabilities
Description: Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users.
Family: unix Class: patch
Reference(s): DSA-2006-1
CVE-2010-0426
CVE-2010-0427
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19376
 
Oval ID: oval:org.mitre.oval:def:19376
Title: HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3563
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19668
 
Oval ID: oval:org.mitre.oval:def:19668
Title: VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
Description: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4536
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19879
 
Oval ID: oval:org.mitre.oval:def:19879
Title: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1384
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20189
 
Oval ID: oval:org.mitre.oval:def:20189
Title: VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
Description: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3080
Version: 4
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20476
 
Oval ID: oval:org.mitre.oval:def:20476
Title: Multiple vulnerabilities in AIX BIND
Description: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0097
Version: 6
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20762
 
Oval ID: oval:org.mitre.oval:def:20762
Title: Multiple vulnerabilities in AIX BIND
Description: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0382
Version: 6
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21237
 
Oval ID: oval:org.mitre.oval:def:21237
Title: RHSA-2010:0258: pam_krb5 security and bug fix update (Low)
Description: pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Family: unix Class: patch
Reference(s): RHSA-2010:0258-04
CVE-2009-1384
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): pam_krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21755
 
Oval ID: oval:org.mitre.oval:def:21755
Title: RHSA-2010:0029: krb5 security update (Critical)
Description: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Family: unix Class: patch
Reference(s): RHSA-2010:0029-02
CESA-2010:0029
CVE-2009-4212
Version: 4
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21777
 
Oval ID: oval:org.mitre.oval:def:21777
Title: RHSA-2010:0046: kernel security and bug fix update (Important)
Description: A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.
Family: unix Class: patch
Reference(s): RHSA-2010:0046-01
CESA-2010:0046
CVE-2006-6304
CVE-2009-2910
CVE-2009-3080
CVE-2009-3556
CVE-2009-3889
CVE-2009-3939
CVE-2009-4020
CVE-2009-4021
CVE-2009-4138
CVE-2009-4141
CVE-2009-4272
Version: 146
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21795
 
Oval ID: oval:org.mitre.oval:def:21795
Title: RHSA-2010:0054: openssl security update (Moderate)
Description: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
Family: unix Class: patch
Reference(s): RHSA-2010:0054-01
CESA-2010:0054
CVE-2009-2409
CVE-2009-4355
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21912
 
Oval ID: oval:org.mitre.oval:def:21912
Title: RHSA-2010:0062: bind security update (Moderate)
Description: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
Family: unix Class: patch
Reference(s): RHSA-2010:0062-02
CESA-2010:0062
CVE-2010-0097
CVE-2010-0290
CVE-2010-0382
Version: 42
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): bind
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21943
 
Oval ID: oval:org.mitre.oval:def:21943
Title: RHSA-2010:0039: gcc and gcc4 security update (Moderate)
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: patch
Reference(s): RHSA-2010:0039-01
CESA-2010:0039
CVE-2009-3736
Version: 4
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): gcc
gcc4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22036
 
Oval ID: oval:org.mitre.oval:def:22036
Title: ELSA-2010:0019: kernel security update (Important)
Description: drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
Family: unix Class: patch
Reference(s): ELSA-2010:0019-01
CVE-2007-4567
CVE-2009-4536
CVE-2009-4537
CVE-2009-4538
Version: 21
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22119
 
Oval ID: oval:org.mitre.oval:def:22119
Title: RHSA-2010:0122: sudo security update (Important)
Description: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Family: unix Class: patch
Reference(s): RHSA-2010:0122-01
CESA-2010:0122
CVE-2010-0426
CVE-2010-0427
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22121
 
Oval ID: oval:org.mitre.oval:def:22121
Title: RHSA-2010:0061: gzip security update (Moderate)
Description: Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Family: unix Class: patch
Reference(s): RHSA-2010:0061-02
CESA-2010:0061
CVE-2010-0001
Version: 4
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): gzip
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22178
 
Oval ID: oval:org.mitre.oval:def:22178
Title: RHSA-2010:0019: kernel security update (Important)
Description: drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
Family: unix Class: patch
Reference(s): RHSA-2010:0019-01
CESA-2010:0019
CVE-2007-4567
CVE-2009-4536
CVE-2009-4537
CVE-2009-4538
Version: 55
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22194
 
Oval ID: oval:org.mitre.oval:def:22194
Title: HP-UX Running OpenSSL, Remote Denial of Service (DoS), Bypass Security Restrictions
Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0590
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22412
 
Oval ID: oval:org.mitre.oval:def:22412
Title: ELSA-2009:1186: nspr and nss security, bug fix, and enhancement update (Critical)
Description: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Family: unix Class: patch
Reference(s): ELSA-2009:1186-01
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 17
Platform(s): Oracle Linux 5
Product(s): nspr
nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22749
 
Oval ID: oval:org.mitre.oval:def:22749
Title: ELSA-2010:0062: bind security update (Moderate)
Description: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
Family: unix Class: patch
Reference(s): ELSA-2010:0062-02
CVE-2010-0097
CVE-2010-0290
CVE-2010-0382
Version: 17
Platform(s): Oracle Linux 5
Product(s): bind
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22755
 
Oval ID: oval:org.mitre.oval:def:22755
Title: ELSA-2009:1335: openssl security, bug fix, and enhancement update (Moderate)
Description: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family: unix Class: patch
Reference(s): ELSA-2009:1335-02
CVE-2006-7250
CVE-2009-0590
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379
CVE-2009-1386
CVE-2009-1387
Version: 33
Platform(s): Oracle Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22869
 
Oval ID: oval:org.mitre.oval:def:22869
Title: ELSA-2010:0029: krb5 security update (Critical)
Description: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Family: unix Class: patch
Reference(s): ELSA-2010:0029-02
CVE-2009-4212
Version: 6
Platform(s): Oracle Linux 5
Product(s): krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22940
 
Oval ID: oval:org.mitre.oval:def:22940
Title: ELSA-2010:0046: kernel security and bug fix update (Important)
Description: A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.
Family: unix Class: patch
Reference(s): ELSA-2010:0046-01
CVE-2006-6304
CVE-2009-2910
CVE-2009-3080
CVE-2009-3556
CVE-2009-3889
CVE-2009-3939
CVE-2009-4020
CVE-2009-4021
CVE-2009-4138
CVE-2009-4141
CVE-2009-4272
Version: 49
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22987
 
Oval ID: oval:org.mitre.oval:def:22987
Title: ELSA-2010:0054: openssl security update (Moderate)
Description: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
Family: unix Class: patch
Reference(s): ELSA-2010:0054-01
CVE-2009-2409
CVE-2009-4355
Version: 13
Platform(s): Oracle Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22999
 
Oval ID: oval:org.mitre.oval:def:22999
Title: ELSA-2009:1548: kernel security and bug fix update (Important)
Description: The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Family: unix Class: patch
Reference(s): ELSA-2009:1548-01
CVE-2009-2695
CVE-2009-2908
CVE-2009-3228
CVE-2009-3286
CVE-2009-3547
CVE-2009-3613
Version: 29
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23003
 
Oval ID: oval:org.mitre.oval:def:23003
Title: ELSA-2010:0061: gzip security update (Moderate)
Description: Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Family: unix Class: patch
Reference(s): ELSA-2010:0061-02
CVE-2010-0001
Version: 6
Platform(s): Oracle Linux 5
Product(s): gzip
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23008
 
Oval ID: oval:org.mitre.oval:def:23008
Title: ELSA-2009:1646: libtool security update (Moderate)
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: patch
Reference(s): ELSA-2009:1646-01
CVE-2009-3736
Version: 6
Platform(s): Oracle Linux 5
Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23021
 
Oval ID: oval:org.mitre.oval:def:23021
Title: ELSA-2009:1670: kernel security and bug fix update (Important)
Description: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Family: unix Class: patch
Reference(s): ELSA-2009:1670-01
CVE-2009-3612
CVE-2009-3620
CVE-2009-3621
CVE-2009-3726
Version: 21
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23033
 
Oval ID: oval:org.mitre.oval:def:23033
Title: ELSA-2009:1648: ntp security update (Moderate)
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: patch
Reference(s): ELSA-2009:1648-01
CVE-2009-3563
Version: 6
Platform(s): Oracle Linux 5
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23036
 
Oval ID: oval:org.mitre.oval:def:23036
Title: ELSA-2010:0039: gcc and gcc4 security update (Moderate)
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: patch
Reference(s): ELSA-2010:0039-01
CVE-2009-3736
Version: 6
Platform(s): Oracle Linux 5
Product(s): gcc
gcc4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23055
 
Oval ID: oval:org.mitre.oval:def:23055
Title: ELSA-2010:0258: pam_krb5 security and bug fix update (Low)
Description: pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Family: unix Class: patch
Reference(s): ELSA-2010:0258-04
CVE-2009-1384
Version: 6
Platform(s): Oracle Linux 5
Product(s): pam_krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23056
 
Oval ID: oval:org.mitre.oval:def:23056
Title: ELSA-2010:0122: sudo security update (Important)
Description: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Family: unix Class: patch
Reference(s): ELSA-2010:0122-01
CVE-2010-0426
CVE-2010-0427
Version: 13
Platform(s): Oracle Linux 5
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24227
 
Oval ID: oval:org.mitre.oval:def:24227
Title: Vulnerability in OpenSSL 0.9.8k and earlier 0.9.8 versions, allows remote attackers to cause a denial of service (memory consumption)
Description: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1377
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24700
 
Oval ID: oval:org.mitre.oval:def:24700
Title: Vulnerability in OpenSSL before 1.0.0 Beta 2, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)
Description: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1387
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25108
 
Oval ID: oval:org.mitre.oval:def:25108
Title: Vulnerability in OpenSSL before 0.9.8i, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)
Description: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1386
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25119
 
Oval ID: oval:org.mitre.oval:def:25119
Title: Vulnerability in OpenSSL 1.0.0 Beta 2, allows remote attackers to cause a denial of service (openssl s_client crash)
Description: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1379
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25124
 
Oval ID: oval:org.mitre.oval:def:25124
Title: Vulnerability in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4, allows remote attackers to cause a denial of service (memory consumption)
Description: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
Family: windows Class: vulnerability
Reference(s): CVE-2009-4355
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25180
 
Oval ID: oval:org.mitre.oval:def:25180
Title: Vulnerability in OpenSSL 0.9.8 through 0.9.8k, might allow remote attackers to spoof certificates
Description: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2409
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25196
 
Oval ID: oval:org.mitre.oval:def:25196
Title: Vulnerability in OpenSSL before 0.9.8k, allows remote attackers to cause a denial of service (invalid memory access and application crash)
Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0590
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27558
 
Oval ID: oval:org.mitre.oval:def:27558
Title: DEPRECATED: ELSA-2010-0258 -- pam_krb5 security and bug fix update (low)
Description: [2.2.14-15] - update backport for selecting which key to use for validation so that it prefers services with the local host name as the instance, from HEAD (more of #450776) [2.2.14-14] - backport the 'multiple_ccaches' option from HEAD, requiring that it be enabled to not immediately remove an old ccache when asked to create a new one (#463417) [2.2.14-13] - add patch to add the 'chpw_prompt' option, to allow the older behavior of attempting a password-change during authentication if libkrb5 detects an expired password, based on patch from Olivier Fourdan (#509092) [2.2.14-12] - dont vary the password prompt depending on whether or not the user exists or is known to the KDC (CVE-2009-1384, #505265) - prefer using the 'host' service when verifying that a TGT isnt forged, from HEAD (#450776) [2.2.14-11] - dont enforce minimum_uid when no_user_check is also used, from HEAD (#490404) - dont try to get password-changing creds with all of the flags set that we would request for a TGT (#489015)
Family: unix Class: patch
Reference(s): ELSA-2010-0258
CVE-2009-1384
Version: 4
Platform(s): Oracle Linux 5
Product(s): pam_krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27615
 
Oval ID: oval:org.mitre.oval:def:27615
Title: DEPRECATED: ELSA-2010-0046 -- kernel security and bug fix update (important)
Description: [2.6.18-164.11.1.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb ( John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support (Tina yang) [orabug 6993043] [bz 7258] - [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314] - FP register state is corrupted during the handling a SIGSEGV (Chuck Anderson) [orabug 7708133] [2.6.18-164.11.1.el5] - [firewire] ohci: handle receive packets with zero data (Jay Fenlason) [547241 547242] {CVE-2009-4138} - [x86] sanity check for AMD northbridges (Andrew Jones) [549905 547518] - [x86_64] disable vsyscall in kvm guests (Glauber Costa) [550968 542612] - [fs] ext3: replace lock_super with explicit resize lock (Eric Sandeen) [549908 525100] - [fs] respect flag in do_coredump (Danny Feng) [544188 544189] {CVE-2009-4036} - [gfs2] make O_APPEND behave as expected (Steven Whitehouse) [547521 544342] - [fs] hfs: fix a potential buffer overflow (Amerigo Wang) [540740 540741] {CVE-2009-4020} - [fuse] prevent fuse_put_request on invalid pointer (Danny Feng) [538736 538737] {CVE-2009-4021} - [mm] call vfs_check_frozen after unlocking the spinlock (Amerigo Wang) [548370 541956] - [infiniband] init neigh->dgid.raw on bonding events (Doug Ledford) [543448 538067] - [scsi] gdth: prevent negative offsets in ioctl (Amerigo Wang) [539420 539421] {CVE-2009-3080} - [fs] gfs2: fix glock ref count issues (Steven Whitehouse) [544978 539240] - [net] call cond_resched in rt_run_flush (Amerigo Wang) [547530 517588] - [scsi] megaraid: fix sas permissions in sysfs (Casey Dahlin) [537312 537313] {CVE-2009-3889 CVE-2009-3939} - [ia64] kdump: restore registers in the stack on init (Takao Indoh ) [542582 515753] - [x86] kvm: don't ask HV for tsc khz if not using kvmclock (Glauber Costa ) [537027 531268] - [net] sched: fix panic in bnx2_poll_work (John Feeney ) [539686 526481] - [x86_64] fix 32-bit process register leak (Amerigo Wang ) [526797 526798] - [cpufreq] add option to avoid smi while calibrating (Matthew Garrett ) [537343 513649] - [kvm] use upstream kvm_get_tsc_khz (Glauber Costa ) [540896 531025] - [net] fix unbalance rtnl locking in rt_secret_reschedule (Neil Horman ) [549907 510067] - [net] r8169: imporved rx length check errors (Neil Horman ) [552913 552438] - [scsi] lpfc: fix FC ports offlined during target controller faults (Rob Evers ) [549906 516541] - [net] emergency route cache flushing fixes (Thomas Graf ) [545662 545663] {CVE-2009-4272} - [fs] fasync: split 'fasync_helper()' into separate add/remove functions (Danny Feng ) [548656 548657] {CVE-2009-4141} - [scsi] qla2xxx: NPIV vport management pseudofiles are world writable (Tom Coughlan ) [537317 537318] {CVE-2009-3556}
Family: unix Class: patch
Reference(s): ELSA-2010-0046
CVE-2009-3889
CVE-2009-3939
CVE-2009-4020
CVE-2009-4021
CVE-2009-4138
CVE-2009-4141
CVE-2009-4272
CVE-2009-2910
CVE-2009-3080
CVE-2009-3556
CVE-2006-6304
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28008
 
Oval ID: oval:org.mitre.oval:def:28008
Title: DEPRECATED: ELSA-2010-0062 -- bind security update (moderate)
Description: [30:9.3.6-4.P1.2] - NSEC validation code could cause wrong NXDOMAIN responses (#554851, CVE-2010-0097) - improve fix for CVE-2009-4022 (#538744) - {C,D}NAMEs could be returned to clients without proper DNSSEC validation - don't validate + cache out-of-bailiwick data returned with a secure answer. Refetch it instead.
Family: unix Class: patch
Reference(s): ELSA-2010-0062
CVE-2010-0097
CVE-2010-0290
CVE-2010-0382
Version: 4
Platform(s): Oracle Linux 5
Product(s): bind
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28253
 
Oval ID: oval:org.mitre.oval:def:28253
Title: DEPRECATED: ELSA-2010-0054 -- openssl security update (moderate)
Description: [0.9.8e-12.1] - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data() is called prematurely by application (#546707)
Family: unix Class: patch
Reference(s): ELSA-2010-0054
CVE-2009-4355
CVE-2009-2409
Version: 4
Platform(s): Oracle Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28255
 
Oval ID: oval:org.mitre.oval:def:28255
Title: DEPRECATED: ELSA-2010-0019 -- kernel security update (important)
Description: [2.6.18-164.10.1.0.1.el5] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - Add entropy support to igb ( John Sobecki) [orabug 7607479] - [nfs] convert ENETUNREACH to ENOTCONN [orabug 7689332] - [NET] Add xen pv/bonding netconsole support (Tina yang) [orabug 6993043] [bz 7258] - [MM] shrink zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [nfsd] fix failure of file creation from hpux client (Wen gang Wang) [orabug 7579314] - FP register state is corrupted during the handling a SIGSEGV (Chuck Anderson) [orabug 7708133] [2.6.18-164.10.1.el5] - [net] e1000, r9169: fix rx length check errors (Cong Wang ) [550914 550915] - [net] e1000e: fix rx length check errors (Amerigo Wang ) [551222 551223] - [net] ipv6: fix ipv6_hop_jumbo remote system crash (Amerigo Wang ) [548642 548643] {CVE-2007-4567}
Family: unix Class: patch
Reference(s): ELSA-2010-0019
CVE-2007-4567
CVE-2009-4536
CVE-2009-4537
CVE-2009-4538
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28287
 
Oval ID: oval:org.mitre.oval:def:28287
Title: DEPRECATED: ELSA-2010-0122 -- sudo security update (important)
Description: [1.6.9p17-6] - added patches for CVE-2010-0426 and CVE-2010-0427 Resolves: #567689
Family: unix Class: patch
Reference(s): ELSA-2010-0122
CVE-2010-0426
CVE-2010-0427
Version: 4
Platform(s): Oracle Linux 5
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28749
 
Oval ID: oval:org.mitre.oval:def:28749
Title: RHSA-2009:1335 -- openssl security, bug fix, and enhancement update (Moderate)
Description: Updated openssl packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP).
Family: unix Class: patch
Reference(s): RHSA-2009:1335
CESA-2009:1335-CentOS 5
CVE-2006-7250
CVE-2009-0590
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379
CVE-2009-1386
CVE-2009-1387
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28862
 
Oval ID: oval:org.mitre.oval:def:28862
Title: RHSA-2009:1670 -- kernel security and bug fix update (Important)
Description: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system.
Family: unix Class: patch
Reference(s): RHSA-2009:1670
CESA-2009:1670-CentOS 5
CVE-2009-3612
CVE-2009-3620
CVE-2009-3621
CVE-2009-3726
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29071
 
Oval ID: oval:org.mitre.oval:def:29071
Title: USN-810-3 -- NSS regression
Description: USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (e.g. Firefox) to have an executable stack. This reduced the effectiveness of some defensive security protections. This update fixes the problem.
Family: unix Class: patch
Reference(s): USN-810-3
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 3
Platform(s): Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29169
 
Oval ID: oval:org.mitre.oval:def:29169
Title: RHSA-2009:1186 -- nspr and nss security, bug fix, and enhancement update (Critical)
Description: Updated nspr and nss packages that fix security issues, bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:1186
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Product(s): nspr
nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29266
 
Oval ID: oval:org.mitre.oval:def:29266
Title: RHSA-2009:1648 -- ntp security update (Moderate)
Description: An updated ntp package that fixes a security issue is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:1648
CESA-2009:1648-CentOS 5
CVE-2009-3563
Version: 3
Platform(s): Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29269
 
Oval ID: oval:org.mitre.oval:def:29269
Title: RHSA-2009:1548 -- kernel security and bug fix update (Important)
Description: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system.
Family: unix Class: patch
Reference(s): RHSA-2009:1548
CESA-2009:1548-CentOS 5
CVE-2009-2695
CVE-2009-2908
CVE-2009-3228
CVE-2009-3286
CVE-2009-3547
CVE-2009-3613
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29283
 
Oval ID: oval:org.mitre.oval:def:29283
Title: RHSA-2009:1646 -- libtool security update (Moderate)
Description: Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:1646
CESA-2009:1646-CentOS 3
CESA-2009:1646-CentOS 5
CVE-2009-3736
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 3
CentOS Linux 5
Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6631
 
Oval ID: oval:org.mitre.oval:def:6631
Title: Network Security Services Library Supports Certificates With Weak MD2 Hash Signatures
Description: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2409
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6636
 
Oval ID: oval:org.mitre.oval:def:6636
Title: Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
Description: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3726
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6665
 
Oval ID: oval:org.mitre.oval:def:6665
Title: HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information
Description: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0382
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6678
 
Oval ID: oval:org.mitre.oval:def:6678
Title: OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
Description: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4355
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6683
 
Oval ID: oval:org.mitre.oval:def:6683
Title: OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
Description: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1377
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6744
 
Oval ID: oval:org.mitre.oval:def:6744
Title: Red Hat Linux Kernel 'qla2xxx' DriverSecurity Bypass Vulnerability
Description: A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3556
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6750
 
Oval ID: oval:org.mitre.oval:def:6750
Title: hfs Subsystem Stack-based Buffer Overflow Vulnerability
Description: Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4020
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6757
 
Oval ID: oval:org.mitre.oval:def:6757
Title: Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities
Description: The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3228
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6763
 
Oval ID: oval:org.mitre.oval:def:6763
Title: Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
Description: The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3620
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6815
 
Oval ID: oval:org.mitre.oval:def:6815
Title: HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0290
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6848
 
Oval ID: oval:org.mitre.oval:def:6848
Title: OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
Description: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1379
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6895
 
Oval ID: oval:org.mitre.oval:def:6895
Title: Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
Description: net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3621
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6951
 
Oval ID: oval:org.mitre.oval:def:6951
Title: GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3736
Version: 6
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6955
 
Oval ID: oval:org.mitre.oval:def:6955
Title: Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
Description: The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4021
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6964
 
Oval ID: oval:org.mitre.oval:def:6964
Title: DSA-1970 openssl -- denial of service
Description: It was discovered that a significant memory leak could occur in OpenSSL, related to the reinitialisation of zlib. This could result in a remotely exploitable denial of service vulnerability when using the Apache httpd server in a configuration where mod_ssl, mod_php5, and the php5-curl extension are loaded. The old stable distribution is not affected by this issue.
Family: unix Class: patch
Reference(s): DSA-1970
CVE-2009-4355
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6992
 
Oval ID: oval:org.mitre.oval:def:6992
Title: Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
Description: The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2908
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6996
 
Oval ID: oval:org.mitre.oval:def:6996
Title: OpenSSL Multiple Vulnerabilities
Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0590
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7016
 
Oval ID: oval:org.mitre.oval:def:7016
Title: Linux e1000e Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
Description: drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4538
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7026
 
Oval ID: oval:org.mitre.oval:def:7026
Title: Red Hat Linux Kernel Routing Implementation Multiple Remote Denial of Service Vulnerabilities
Description: A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4272
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7054
 
Oval ID: oval:org.mitre.oval:def:7054
Title: Linux Kernel 'fasync_helper()' Local Privilege Escalation Vulnerability
Description: Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4141
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7076
 
Oval ID: oval:org.mitre.oval:def:7076
Title: NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
Description: ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3563
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7081
 
Oval ID: oval:org.mitre.oval:def:7081
Title: pam_krb5 Existing/Non-Existing Username Enumeration Weakness
Description: pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1384
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7086
 
Oval ID: oval:org.mitre.oval:def:7086
Title: ISC BIND 9 Cache Poisoning Vulnerability
Description: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0382
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7101
 
Oval ID: oval:org.mitre.oval:def:7101
Title: Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
Description: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3080
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7144
 
Oval ID: oval:org.mitre.oval:def:7144
Title: Linux Kernel with SELinux 'mmap_min_addr' Low Memory NULL Pointer Dereference Vulnerability
Description: The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2695
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7155
 
Oval ID: oval:org.mitre.oval:def:7155
Title: VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR.
Description: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2409
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7163
 
Oval ID: oval:org.mitre.oval:def:7163
Title: Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability
Description: The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3889
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7212
 
Oval ID: oval:org.mitre.oval:def:7212
Title: ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
Description: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0097
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7216
 
Oval ID: oval:org.mitre.oval:def:7216
Title: Sudo 'runas_default' Local Privilege Escalation Vulnerability
Description: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0427
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7229
 
Oval ID: oval:org.mitre.oval:def:7229
Title: OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
Description: Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1378
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7238
 
Oval ID: oval:org.mitre.oval:def:7238
Title: Sudo 'sudoedit' Local Privilege Escalation Vulnerability
Description: sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0426
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7310
 
Oval ID: oval:org.mitre.oval:def:7310
Title: DSA-1992 chrony -- several vulnerabilities
Description: Several vulnerabilities have been discovered in chrony, a pair of programs which are used to maintain the accuracy of the system clock on a computer. This issues are similar to the NTP security flaw CVE-2009-3563. The Common Vulnerabilities and Exposures project identifies the following problems: chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for unauthorised hosts. An attacker can abuse this behaviour to force two chronyd instances to play packet ping-pong by sending such a packet with spoofed source address and port. This results in high CPU and network usage and thus denial of service conditions. The client logging facility of chronyd doesn’t limit memory that is used to store client information. An attacker can cause chronyd to allocate large amounts of memory by sending NTP or cmdmon packets with spoofed source addresses resulting in memory exhaustion. chronyd lacks of a rate limit control to the syslog facility when logging received packets from unauthorised hosts. This allows an attacker to cause denial of service conditions via filling up the logs and thus disk space by repeatedly sending invalid cmdmon packets.
Family: unix Class: patch
Reference(s): DSA-1992
CVE-2010-0292
CVE-2010-0293
CVE-2010-0294
CVE-2009-3563
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): chrony
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7357
 
Oval ID: oval:org.mitre.oval:def:7357
Title: MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
Description: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4212
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7359
 
Oval ID: oval:org.mitre.oval:def:7359
Title: Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability
Description: arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2910
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7376
 
Oval ID: oval:org.mitre.oval:def:7376
Title: Linux Kernel 'drivers/firewire/ohci.c' NULL Pointer Dereference Denial of Service Vulnerability
Description: drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4138
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7377
 
Oval ID: oval:org.mitre.oval:def:7377
Title: Linux Kernel '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service Vulnerability
Description: The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3613
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7379
 
Oval ID: oval:org.mitre.oval:def:7379
Title: DSA-1948 ntp -- denial of service
Description: Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets. An unexpected NTP mode 7 packet with spoofed IP data can lead ntpd to reply with a mode 7 response to the spoofed address. This may result in the service playing packet ping-pong with other ntp servers or even itself which causes CPU usage and excessive disk use due to logging. An attacker can use this to conduct denial of service attacks.
Family: unix Class: patch
Reference(s): DSA-1948
CVE-2009-3563
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): ntp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7430
 
Oval ID: oval:org.mitre.oval:def:7430
Title: A vulnerability in the way named(1M) handles recursive client queries may allow a remote unprivileged user to cause named(1M) to return NXDOMAIN (Non-Existent Domain) for Internet hosts thus causing a Denial of Service (DoS) for those hosts to end users
Description: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0097
Version: 3
Platform(s): Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7443
 
Oval ID: oval:org.mitre.oval:def:7443
Title: Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability
Description: drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4537
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7446
 
Oval ID: oval:org.mitre.oval:def:7446
Title: Linux Kernel Do_Coredump Security Bypass Vulnerability
Description: The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
Family: unix Class: vulnerability
Reference(s): CVE-2006-6304
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7452
 
Oval ID: oval:org.mitre.oval:def:7452
Title: DSA-1969 krb5 -- integer underflow
Description: It was discovered that krb5, a system for authenticating users and services on a network, is prone to integer underflow in the AES and RC4 decryption operations of the crypto library. A remote attacker can cause crashes, heap corruption, or, under extraordinarily unlikely conditions, arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-1969
CVE-2009-4212
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7453
 
Oval ID: oval:org.mitre.oval:def:7453
Title: Linux e1000 Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
Description: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4536
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7469
 
Oval ID: oval:org.mitre.oval:def:7469
Title: OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
Description: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1386
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7474
 
Oval ID: oval:org.mitre.oval:def:7474
Title: Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
Description: The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4567
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7481
 
Oval ID: oval:org.mitre.oval:def:7481
Title: DSA-1958 libtool -- privilege escalation
Description: It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl.
Family: unix Class: patch
Reference(s): DSA-1958
CVE-2009-3736
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7511
 
Oval ID: oval:org.mitre.oval:def:7511
Title: gzip Integer Overflow Vulnerability
Description: Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0001
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7512
 
Oval ID: oval:org.mitre.oval:def:7512
Title: ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0290
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7527
 
Oval ID: oval:org.mitre.oval:def:7527
Title: Linux kernel 'O_EXCL' NFSv4 Privilege Escalation Vulnerability
Description: NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3286
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7540
 
Oval ID: oval:org.mitre.oval:def:7540
Title: Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability
Description: The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3939
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7557
 
Oval ID: oval:org.mitre.oval:def:7557
Title: Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
Description: The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3612
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7592
 
Oval ID: oval:org.mitre.oval:def:7592
Title: OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability
Description: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1387
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7608
 
Oval ID: oval:org.mitre.oval:def:7608
Title: Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
Description: Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3547
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7639
 
Oval ID: oval:org.mitre.oval:def:7639
Title: DSA-1915 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak
Description: Notice: Debian 5.0.4, the next point release of Debian "lenny", will include a new default value for the mmap_min_addr tunable. This change will add an additional safeguard against a class of security vulnerabilities known as "NULL pointer dereference" vulnerabilities, but it will need to be overridden when using certain applications. Additional information about this change, including instructions for making this change locally in advance of 5.0.4 (recommended), can be found at: http://wiki.debian.org/mmap_min_addr. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp "N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service (kernel oops) by causing a dentry value to go negative. Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt() can result in a denial of service (kernel oops). Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area Network (CAN) implementations. Local users can exploit these issues to gain access to kernel memory. Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory. Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service (IOMMU space exhaustion and system crash) by transmitting a large amount of jumbo frames.
Family: unix Class: patch
Reference(s): DSA-1915
CVE-2009-2695
CVE-2009-2903
CVE-2009-2908
CVE-2009-2909
CVE-2009-2910
CVE-2009-3001
CVE-2009-3002
CVE-2009-3286
CVE-2009-3290
CVE-2009-3613
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7937
 
Oval ID: oval:org.mitre.oval:def:7937
Title: DSA-1928 linux-2.6.24 -- privilege escalation/denial of service/sensitive memory leak
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service (memory corruption). Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service (oops). Mark Smith discovered a memory leak in the appletalk implementation. When the appletalk and ipddp modules are loaded, but no ipddp"N" device is found, remote attackers can cause a denial of service by consuming large amounts of system memory. Loic Minier discovered an issue in the eCryptfs filesystem. A local user can cause a denial of service (kernel oops) by causing a dentry value to go negative. Arjan van de Ven discovered an issue in the AX.25 protocol implementation. A specially crafted call to setsockopt() can result in a denial of service (kernel oops). Jan Beulich discovered the existence of a sensitive kernel memory leak. Systems running the "amd64" kernel do not properly sanitise registers for 32-bit processes. Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE 802.2 LLC implementation. This is not exploitable in the Debian lenny kernel as root privileges are required to exploit this issue. Eric Dumazet fixed several sensitive memory leaks in the IrDA, X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area Network (CAN) implementations. Local users can exploit these issues to gain access to kernel memory. Eric Dumazet reported an instance of uninitialised kernel memory in the network packet scheduler. Local users may be able to exploit this issue to read the contents of sensitive kernel memory. CVE-2009-3238 Linus Torvalds provided a change to the get_random_int() function to increase its randomness. Eric Paris discovered an issue with the NFSv4 server implementation. When an O_EXCL create fails, files may be left with corrupted permissions, possibly granting unintentional privileges to other local users. Earl Chew discovered a NULL pointer dereference issue in the pipe_rdwr_open function which can be used by local users to gain elevated privileges. Jiri Pirko discovered a typo in the initialisation of a structure in the netlink subsystem that may allow local users to gain access to sensitive kernel memory. Alistair Strachan reported an issue in the r8169 driver. Remote users can cause a denial of service (IOMMU space exhaustion and system crash) by transmitting a large amount of jumbo frames. Ben Hutchings discovered an issue in the DRM manager for ATI Rage 128 graphics adapters. Local users may be able to exploit this vulnerability to cause a denial of service (NULL pointer dereference). Tomoki Sekiyama discovered a deadlock condition in the UNIX domain socket implementation. Local users can exploit this vulnerability to cause a denial of service (system hang).
Family: unix Class: patch
Reference(s): DSA-1928
CVE-2009-2846
CVE-2009-2847
CVE-2009-2848
CVE-2009-2849
CVE-2009-2903
CVE-2009-2908
CVE-2009-2909
CVE-2009-2910
CVE-2009-3001
CVE-2009-3002
CVE-2009-3228
CVE-2009-3238
CVE-2009-3286
CVE-2009-3547
CVE-2009-3612
CVE-2009-3613
CVE-2009-3620
CVE-2009-3621
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): linux-2.6.24
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8038
 
Oval ID: oval:org.mitre.oval:def:8038
Title: DSA-1763 openssl -- programming error
Description: It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate.
Family: unix Class: patch
Reference(s): DSA-1763
CVE-2009-0590
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8111
 
Oval ID: oval:org.mitre.oval:def:8111
Title: DSA-1874 nss -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. Certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptographically secure. The old stable distribution (etch) doesn't contain nss.
Family: unix Class: patch
Reference(s): DSA-1874
CVE-2009-2404
CVE-2009-2408
CVE-2009-2409
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8192
 
Oval ID: oval:org.mitre.oval:def:8192
Title: Integer Overflow Security Vulnerability in AES and RC4 Decryption in the Solaris Kerberos Crypto Library May Lead to Execution of Arbitrary Code or a Denial of Service (DoS)
Description: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4212
Version: 2
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8594
 
Oval ID: oval:org.mitre.oval:def:8594
Title: VMware Network Security Services (NSS) certificate spoofing vulnerability by using MD2 design flaw
Description: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2409
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8884
 
Oval ID: oval:org.mitre.oval:def:8884
Title: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
Description: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0290
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9201
 
Oval ID: oval:org.mitre.oval:def:9201
Title: Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file.
Description: Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then closing this file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4141
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9327
 
Oval ID: oval:org.mitre.oval:def:9327
Title: Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
Description: Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3547
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9357
 
Oval ID: oval:org.mitre.oval:def:9357
Title: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Description: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0097
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9409
 
Oval ID: oval:org.mitre.oval:def:9409
Title: The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
Description: The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3228
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9439
 
Oval ID: oval:org.mitre.oval:def:9439
Title: drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.
Description: drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4537
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9527
 
Oval ID: oval:org.mitre.oval:def:9527
Title: drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.
Description: drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4138
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9652
 
Oval ID: oval:org.mitre.oval:def:9652
Title: pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Description: pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1384
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9663
 
Oval ID: oval:org.mitre.oval:def:9663
Title: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Description: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1377
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9702
 
Oval ID: oval:org.mitre.oval:def:9702
Title: drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
Description: drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4538
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9734
 
Oval ID: oval:org.mitre.oval:def:9734
Title: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Description: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3726
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9738
 
Oval ID: oval:org.mitre.oval:def:9738
Title: A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.
Description: A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3556
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9744
 
Oval ID: oval:org.mitr