Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title VMware ESXi and ESX updates to third party library and ESX Service Console
Informations
Name VMSA-2012-0001 First vendor Publication 2012-01-30
Vendor VMware Last vendor Modification 2012-03-29
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

a. ESX third party update for Service Console kernel

The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues.

b. ESX third party update for Service Console cURL RPM

The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue.

c. ESX third party update for Service Console nspr and nss RPMs

The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues.

A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses.

d. ESX third party update for Service Console rpm RPMs

The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues.

e. ESX third party update for Service Console samba RPMs

The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues.

Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694.

f. ESX third party update for Service Console python package

The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and CVE-2011-1521 to these issues.

g. ESXi update to third party component python

The python third party library is updated to python 2.5.6 which fixes multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, and CVE-2011-1521 to these issues.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2012-0001.html

CWE : Common Weakness Enumeration

% Id Name
22 % CWE-20 Improper Input Validation
15 % CWE-200 Information Exposure
13 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7 % CWE-476 NULL Pointer Dereference
7 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)
7 % CWE-189 Numeric Errors (CWE/SANS Top 25)
4 % CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4 % CWE-399 Resource Management Errors
4 % CWE-362 Race Condition
4 % CWE-264 Permissions, Privileges, and Access Controls
2 % CWE-682 Incorrect Calculation
2 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
2 % CWE-255 Credentials Management
2 % CWE-94 Failure to Control Generation of Code ('Code Injection')
2 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
2 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10613
 
Oval ID: oval:org.mitre.oval:def:10613
Title: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Description: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3560
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11019
 
Oval ID: oval:org.mitre.oval:def:11019
Title: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3720
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12210
 
Oval ID: oval:org.mitre.oval:def:12210
Title: Vulnerability in smtpd module in Python 2.6, 2.7, 3.1 and 3.2 alpha
Description: Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3493
Version: 12
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12719
 
Oval ID: oval:org.mitre.oval:def:12719
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3720
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12942
 
Oval ID: oval:org.mitre.oval:def:12942
Title: HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
Description: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3560
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13004
 
Oval ID: oval:org.mitre.oval:def:13004
Title: DSA-2271-1 curl -- improper delegation of client credentials
Description: Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism. This is obviously a very sensitive operation, which should only be done when the user explicitly so directs.
Family: unix Class: patch
Reference(s): DSA-2271-1
CVE-2011-2192
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): curl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13013
 
Oval ID: oval:org.mitre.oval:def:13013
Title: DSA-2240-1 linux-2.6 -- privilege escalation/denial of service/information leak
Description: CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to sensitive kernel memory. CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can exploit a race condition to cause a denial of service. CVE-2011-0711 Dan Rosenberg reported an issue in the XFS filesystem. Local users may obtain access to sensitive kernel memory. CVE-2011-0726 Kees Cook reported an issue in the /proc/pid/stat implementation. Local users could learn the text location of a process, defeating protections provided by address space layout randomization. CVE-2011-1016 Marek Olšák discovered an issue in the driver for ATI/AMD Radeon video chips. Local users could pass arbitrary values to video memory and the graphics translation table, resulting in denial of service or escalated privileges. On default Debian installations, this is exploitable only by members of the "video" group. CVE-2011-1078 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1079 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users with the CAP_NET_ADMIN capability can cause a denial of service. CVE-2011-1080 Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users can obtain access to sensitive kernel memory. CVE-2011-1090 Neil Horman discovered a memory leak in the setacl call on NFSv4 filesystems. Local users can explot this to cause a denial of service. CVE-2011-1160 Peter Huewe reported an issue in the Linux kernel's support for TPM security chips. Local users with permission to open the device can gain access to sensitive kernel memory. CVE-2011-1163 Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted OSF partition. CVE-2011-1170 Vasiliy Kulikov reported an issue in the Netfilter arp table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1171 Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1172 Vasiliy Kulikov reported an issue in the Netfilter IP6 table implementation. Local users with the CAP_NET_ADMIN capability can gain access to sensitive kernel memory. CVE-2011-1173 Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. Local users can obtain access to sensitive kernel memory on systems that use this rare hardware. CVE-2011-1180 Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. Remote attackers within IR device range can cause a denial of service or possibly gain elevated privileges. CVE-2011-1182 Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information. CVE-2011-1476 Dan Rosenberg reported issues in the Open Sound System MIDI interface that allow local users to cause a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable. CVE-2011-1477 Dan Rosenberg reported issues in the Open Sound System driver for cards that include a Yamaha FM synthesizer chip. Local users can cause memory corruption resulting in a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable. CVE-2011-1478 Ryan Sweat reported an issue in the Generic Receive Offload support in the Linux networking subsystem. If an interface has GRO enabled and is running in promiscuous mode, remote users can cause a denial of service by sending packets on an unknown VLAN. CVE-2011-1493 Dan Rosenburg reported two issues in the Linux implementation of the Amateur Radio X.25 PLP protocol. A remote user can cause a denial of service by providing specially crafted facilities fields. CVE-2011-1494 Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain elevated privileges by specially crafted ioctl calls. On default Debian installations this is not exploitable as this interface is only accessible to root. CVE-2011-1495 Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain elevated privileges and ready arbitrary kernel memory by using specially crafted ioctl calls. On default Debian installations this is not exploitable as this interface is only accessible to root. CVE-2011-1585 Jeff Layton reported an issue in the Common Internet File System. Local users can bypass authentication requirements for shares that are already mounted by another user. CVE-2011-1593 Robert Swiecki reported a signednes issue in the next_pidmap function, which can be exploited my local users to cause a denial of service. CVE-2011-1598 Dave Jones reported an issue in the Broadcast Manager Controller Area Network protocol that may allow local users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1745 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1746 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the agp_allocate_memory and agp_create_user_memory. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1748 Oliver Kartkopp reported an issue in the Controller Area Network raw socket implementation which permits ocal users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1759 Dan Rosenberg reported an issue in the support for executing "old ABI" binaries on ARM processors. Local users can obtain elevated privileges due to insufficient bounds checking in the semtimedop system call. CVE-2011-1767 Alexecy Dobriyan reported an issue in the GRE over IP implementation. Remote users can cause a denial of service by sending a packet during module initialisation. CVE-2011-1770 Dan Rosenberg reported an issue in the Datagram Congestion Control Protocol. Remote users can cause a denial of service or potentially obtain access to sensitive kernel memory. CVE-2011-1776 Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. CVE-2011-2022 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian installations, this is exploitable only by users in the video group. This update also includes changes queued for the next point release of Debian 6.0, which also fix various non-security issues
Family: unix Class: patch
Reference(s): DSA-2240-1
CVE-2010-3875
CVE-2011-0695
CVE-2011-0711
CVE-2011-0726
CVE-2011-1016
CVE-2011-1078
CVE-2011-1079
CVE-2011-1080
CVE-2011-1090
CVE-2011-1160
CVE-2011-1163
CVE-2011-1170
CVE-2011-1171
CVE-2011-1172
CVE-2011-1173
CVE-2011-1180
CVE-2011-1182
CVE-2011-1476
CVE-2011-1477
CVE-2011-1478
CVE-2011-1493
CVE-2011-1494
CVE-2011-1495
CVE-2011-1585
CVE-2011-1593
CVE-2011-1598
CVE-2011-1745
CVE-2011-1746
CVE-2011-1748
CVE-2011-1759
CVE-2011-1767
CVE-2011-1770
CVE-2011-1776
CVE-2011-2022
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13090
 
Oval ID: oval:org.mitre.oval:def:13090
Title: USN-890-6 -- cmake vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for CMake. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-6
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): cmake
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13120
 
Oval ID: oval:org.mitre.oval:def:13120
Title: USN-890-5 -- xmlrpc-c vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-5
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 9.10
Product(s): xmlrpc-c
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13155
 
Oval ID: oval:org.mitre.oval:def:13155
Title: USN-890-1 -- expat vulnerabilities
Description: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-1
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13168
 
Oval ID: oval:org.mitre.oval:def:13168
Title: DSA-2004-1 samba -- several
Description: Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3297 Ronald Volgers discovered that a race condition in mount.cifs allows local users to mount remote filesystems over arbitrary mount points. CVE-2010-0547 Jeff Layton discovered that missing input sanitising in mount.cifs allows denial of service by corrupting /etc/mtab. For the stable distribution, these problems have been fixed in version 2:3.2.5-4lenny9. For the unstable distribution, these problems have been fixed in version 2:3.4.5~dfsg-2. We recommend that you upgrade your samba packages.
Family: unix Class: patch
Reference(s): DSA-2004-1
CVE-2009-3297
CVE-2010-0547
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13228
 
Oval ID: oval:org.mitre.oval:def:13228
Title: USN-890-3 -- python2.4 vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-3
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): python2.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13312
 
Oval ID: oval:org.mitre.oval:def:13312
Title: USN-890-4 -- python-xml vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-4
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 6.06
Product(s): python-xml
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13330
 
Oval ID: oval:org.mitre.oval:def:13330
Title: USN-893-1 -- samba vulnerability
Description: Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, suffered from a race condition when verifying user permissions. A local attacker could trick samba into mounting over arbitrary locations, leading to a root privilege escalation.
Family: unix Class: patch
Reference(s): USN-893-1
CVE-2009-3297
CVE-2010-0787
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13386
 
Oval ID: oval:org.mitre.oval:def:13386
Title: USN-1182-1 -- samba vulnerabilities
Description: samba: SMB/CIFS file, print, and login server for Unix An attacker could use a malicious URL to reconfigure Samba or steal information.
Family: unix Class: patch
Reference(s): USN-1182-1
CVE-2011-2522
CVE-2011-2694
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13420
 
Oval ID: oval:org.mitre.oval:def:13420
Title: DSA-1953-2 expat -- denial of service
Description: The expat updates released in DSA-1953-1 caused a regression: In some cases, expat would abort with the message "error in processing external entity reference". For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch3. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny3. For the testing distribution and the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your expat packages. For reference, the original advisory text is provided below. Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
Family: unix Class: patch
Reference(s): DSA-1953-2
CVE-2009-3560
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13433
 
Oval ID: oval:org.mitre.oval:def:13433
Title: USN-1093-1 -- linux-mvl-dove vulnerabilities
Description: Joel Becker discovered that OCFS2 did not correctly validate on-disk symlink structures. If an attacker were able to trick a user or automated system into mounting a specially crafted filesystem, it could crash the system or exposde kernel memory, leading to a loss of privacy. Ben Hutchings discovered that the ethtool interface did not correctly check certain sizes. A local attacker could perform malicious ioctl calls that could crash the system, leading to a denial of service. Eric Dumazet discovered that many network functions could leak kernel stack contents. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy. Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. A remote attacker could exploit this to read or write disk blocks that had changed file assignment or had become unlinked, leading to a loss of privacy. Tavis Ormandy discovered that the IRDA subsystem did not correctly shut down. A local attacker could exploit this to cause the system to crash or possibly gain root privileges. Brad Spengler discovered that the wireless extensions did not correctly validate certain request sizes. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy. Tavis Ormandy discovered that the session keyring did not correctly check for its parent. On systems without a default session keyring, a local attacker could exploit this to crash the system, leading to a denial of service. Kees Cook discovered that the Intel i915 graphics driver did not correctly validate memory regions. A local attacker with access to the video card could read and write arbitrary kernel memory to gain root privileges. Kees Cook discovered that the V4L1 32bit compat interface did not correctly validate certain parameters. A local attacker on a 64bit system with access to a video device could exploit this to gain root privileges. Tavis Ormandy discovered that the AIO subsystem did not correctly validate certain parameters. A local attacker could exploit this to crash the system or possibly gain root privileges. Dan Rosenberg discovered that certain XFS ioctls leaked kernel stack contents. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy. Robert Swiecki discovered that ftrace did not correctly handle mutexes. A local attacker could exploit this to crash the kernel, leading to a denial of service. Tavis Ormandy discovered that the OSS sequencer device did not correctly shut down. A local attacker could exploit this to crash the system or possibly gain root privileges. Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the ROSE driver did not correctly check parameters. A local attacker with access to a ROSE network device could exploit this to crash the system or possibly gain root privileges. Thomas Dreibholz discovered that SCTP did not correctly handle appending packet chunks. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Dan Rosenberg discovered that the CD driver did not correctly check parameters. A local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. Dan Rosenberg discovered that the Sound subsystem did not correctly validate parameters. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that SCTP did not correctly handle HMAC calculations. A remote attacker could send specially crafted traffic that would crash the system, leading to a denial of service. Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service via a NULL pointer dereference, escalate privileges by overflowing the kernel stack, and assign Econet addresses to arbitrary interfaces. Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Kees Cook discovered that the ethtool interface did not correctly clear kernel memory. A local attacker could read kernel heap memory, leading to a loss of privacy. Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Dan Rosenberg discovered that the CAN protocol on 64bit systems did not correctly calculate the size of certain buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the TIPC interface did not correctly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. Kees Cook and Vasiliy Kulikov discovered that the shm interface did not clear kernel memory correctly. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. Steve Chen discovered that setsockopt did not correctly check MSS values. A local attacker could make a specially crafted socket call to crash the system, leading to a denial of service. Dave Jones discovered that the mprotect system call did not correctly handle merged VMAs. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service. Vegard Nossum discovered that memory garbage collection was not handled correctly for active sockets. A local attacker could exploit this to allocate all available kernel memory, leading to a denial of service. It was discovered that multithreaded exec did not handle CPU timers correctly. A local attacker could exploit this to crash the system, leading to a denial of service. Krishna Gudipati discovered that the bfa adapter driver did not correctly initialize certain structures. A local attacker could read files in /sys to crash the system, leading to a denial of service. Tavis Ormandy discovered that the install_special_mapping function could bypass the mmap_min_addr restriction. A local attacker could exploit this to mmap 4096 bytes below the mmap_min_addr area, possibly improving the chances of performing NULL pointer dereference attacks. It was discovered that the ICMP stack did not correctly handle certain unreachable messages. If a remote attacker were able to acquire a socket lock, they could send specially crafted traffic that would crash the system, leading to a denial of service. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. A local attacker could exploit this crash the system or gain root privileges. Dan Carpenter discovered that the Infiniband driver did not correctly handle certain requests. A local user could exploit this to crash the system or potentially gain root privileges
Family: unix Class: patch
Reference(s): USN-1093-1
CVE-2010-3904
CVE-2010-3848
CVE-2010-3849
CVE-2010-3850
CVE-2010-2478
CVE-2010-3084
CVE-2010-2942
CVE-2010-3477
CVE-2010-2943
CVE-2010-2954
CVE-2010-2955
CVE-2010-2960
CVE-2010-2962
CVE-2010-2963
CVE-2010-3067
CVE-2010-3078
CVE-2010-3079
CVE-2010-3080
CVE-2010-3296
CVE-2010-3297
CVE-2010-3298
CVE-2010-3310
CVE-2010-3432
CVE-2010-3437
CVE-2010-3442
CVE-2010-3448
CVE-2010-3698
CVE-2010-3705
CVE-2010-3858
CVE-2010-3859
CVE-2010-3861
CVE-2010-3865
CVE-2010-3873
CVE-2010-3874
CVE-2010-3875
CVE-2010-3876
CVE-2010-3877
CVE-2010-3880
CVE-2010-3881
CVE-2010-4072
CVE-2010-4073
CVE-2010-4075
CVE-2010-4079
CVE-2010-4080
CVE-2010-4081
CVE-2010-4082
CVE-2010-4083
CVE-2010-4157
CVE-2010-4158
CVE-2010-4160
CVE-2010-4162
CVE-2010-4163
CVE-2010-4668
CVE-2010-4164
CVE-2010-4165
CVE-2010-4169
CVE-2010-4175
CVE-2010-4242
CVE-2010-4248
CVE-2010-4249
CVE-2010-4258
CVE-2010-4343
CVE-2010-4346
CVE-2010-4526
CVE-2010-4527
CVE-2010-4648
CVE-2010-4649
CVE-2011-1044
CVE-2010-4650
CVE-2010-4655
CVE-2010-4656
CVE-2011-0006
CVE-2011-0521
CVE-2011-0712
CVE-2011-1010
CVE-2011-1012
CVE-2011-1082
CVE-2011-1093
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
Product(s): linux-mvl-dove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13596
 
Oval ID: oval:org.mitre.oval:def:13596
Title: USN-890-2 -- python2.5 vulnerabilities
Description: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash
Family: unix Class: patch
Reference(s): USN-890-2
CVE-2009-2625
CVE-2009-3720
CVE-2009-3560
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): python2.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13655
 
Oval ID: oval:org.mitre.oval:def:13655
Title: DSA-1953-1 expat -- denial of service
Description: Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. For the old stable distribution, this problem has been fixed in version 1.95.8-3.4+etch2. For the stable distribution, this problem has been fixed in version 2.0.1-4+lenny2. For the testing distribution and the unstable distribution , this problem will be in version 2.0.1-6. The builds for the mipsel architecture for the old stable distribution are not included yet. They will be released when they become available. We recommend that you upgrade your expat packages.
Family: unix Class: patch
Reference(s): DSA-1953-1
CVE-2009-3560
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13824
 
Oval ID: oval:org.mitre.oval:def:13824
Title: USN-1170-1 -- linux vulnerabilities
Description: linux: Linux kernel Multiple kernel flaws have been fixed.
Family: unix Class: patch
Reference(s): USN-1170-1
CVE-2010-4076
CVE-2010-4077
CVE-2010-4247
CVE-2010-4526
CVE-2011-0726
CVE-2011-1163
CVE-2011-1577
CVE-2011-1745
CVE-2011-2022
CVE-2011-1746
Version: 5
Platform(s): Ubuntu 8.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13906
 
Oval ID: oval:org.mitre.oval:def:13906
Title: USN-1183-1 -- linux vulnerabilities
Description: linux: Linux kernel Multiple kernel flaws have been fixed.
Family: unix Class: patch
Reference(s): USN-1183-1
CVE-2010-4076
CVE-2010-4077
CVE-2011-1090
CVE-2011-1163
CVE-2011-1577
CVE-2011-1598
CVE-2011-1746
Version: 5
Platform(s): Ubuntu 10.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14116
 
Oval ID: oval:org.mitre.oval:def:14116
Title: USN-1146-1 -- linux vulnerabilities
Description: linux: Linux kernel Multiple flaws fixed in the Linux kernel.
Family: unix Class: patch
Reference(s): USN-1146-1
CVE-2010-4655
CVE-2010-4656
CVE-2011-0463
CVE-2011-0695
CVE-2011-0712
CVE-2011-1012
CVE-2011-1017
CVE-2011-1593
Version: 5
Platform(s): Ubuntu 8.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14747
 
Oval ID: oval:org.mitre.oval:def:14747
Title: USN-1269-1 -- Linux kernel (EC2) vulnerabilities
Description: linux-ec2: Linux kernel for EC2 Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1269-1
CVE-2011-2491
CVE-2011-2496
CVE-2011-2517
CVE-2011-2525
Version: 5
Platform(s): Ubuntu 10.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14846
 
Oval ID: oval:org.mitre.oval:def:14846
Title: USN-1271-1 -- Linux kernel (i.MX51) vulnerabilities
Description: linux-fsl-imx51: Linux kernel for IMX51 Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1271-1
CVE-2011-1585
CVE-2011-1767
CVE-2011-1768
CVE-2011-2491
Version: 5
Platform(s): Ubuntu 10.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14986
 
Oval ID: oval:org.mitre.oval:def:14986
Title: USN-1274-1 -- Linux kernel (Marvell DOVE) vulnerabilities
Description: linux-mvl-dove: Linux kernel for DOVE Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1274-1
CVE-2011-2491
CVE-2011-2496
CVE-2011-2517
CVE-2011-2525
Version: 5
Platform(s): Ubuntu 10.10
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15056
 
Oval ID: oval:org.mitre.oval:def:15056
Title: USN-1278-1 -- Linux (Maverick backport) vulnerabilities
Description: linux-lts-backport-maverick: Linux kernel backport from Maverick Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1278-1
CVE-2011-1585
CVE-2011-2183
CVE-2011-2491
CVE-2011-2496
CVE-2011-2517
Version: 5
Platform(s): Ubuntu 10.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15067
 
Oval ID: oval:org.mitre.oval:def:15067
Title: USN-1272-1 -- Linux kernel vulnerabilities
Description: linux: Linux kernel Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1272-1
CVE-2011-1585
CVE-2011-2183
CVE-2011-2491
CVE-2011-2496
CVE-2011-2517
Version: 5
Platform(s): Ubuntu 10.10
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15137
 
Oval ID: oval:org.mitre.oval:def:15137
Title: DSA-2290-1 samba -- cross-site scripting
Description: The Samba Web Administration Tool contains several cross-site request forgery vulnerabilities and a cross-site scripting vulnerability .
Family: unix Class: patch
Reference(s): DSA-2290-1
CVE-2011-2522
CVE-2011-2694
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15138
 
Oval ID: oval:org.mitre.oval:def:15138
Title: USN-1187-1 -- Linux kernel (Maverick backport) vulnerabilities
Description: linux-lts-backport-maverick: Linux kernel backport from Maverick Multiple kernel flaws have been fixed.
Family: unix Class: patch
Reference(s): USN-1187-1
CVE-2010-3698
CVE-2010-3865
CVE-2010-3875
CVE-2010-3876
CVE-2010-3877
CVE-2010-3880
CVE-2010-3881
CVE-2010-4075
CVE-2010-4076
CVE-2010-4077
CVE-2010-4079
CVE-2010-4083
CVE-2010-4163
CVE-2010-4668
CVE-2010-4248
CVE-2010-4342
CVE-2010-4346
CVE-2010-4527
CVE-2010-4529
CVE-2010-4565
CVE-2010-4649
CVE-2011-1044
CVE-2010-4656
CVE-2011-0463
CVE-2011-0521
CVE-2011-0695
CVE-2011-0711
CVE-2011-0712
CVE-2011-0726
CVE-2011-1010
CVE-2011-1012
CVE-2011-1013
CVE-2011-1016
CVE-2011-1017
CVE-2011-1019
CVE-2011-1078
CVE-2011-1079
CVE-2011-1080
CVE-2011-1082
CVE-2011-1090
CVE-2011-1093
CVE-2011-1160
CVE-2011-1163
CVE-2011-1169
CVE-2011-1170
CVE-2011-1171
CVE-2011-1172
CVE-2011-2534
CVE-2011-1173
CVE-2011-1180
CVE-2011-1182
CVE-2011-1478
CVE-2011-1494
CVE-2011-1495
CVE-2011-1577
CVE-2011-1593
CVE-2011-1598
CVE-2011-1748
CVE-2011-1745
CVE-2011-2022
CVE-2011-1746
Version: 5
Platform(s): Ubuntu 10.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15177
 
Oval ID: oval:org.mitre.oval:def:15177
Title: USN-1286-1 -- Linux kernel vulnerabilities
Description: linux: Linux kernel Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-1286-1
CVE-2011-2491
CVE-2011-2496
CVE-2011-2517
CVE-2011-2525
Version: 5
Platform(s): Ubuntu 10.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15345
 
Oval ID: oval:org.mitre.oval:def:15345
Title: USN-1314-1 -- Python 3 vulnerabilities
Description: python3.1: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Applications using certain Python 3 modules could be made to crash or expose sensitive information over the network.
Family: unix Class: patch
Reference(s): USN-1314-1
CVE-2010-3493
CVE-2011-1521
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): Python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15448
 
Oval ID: oval:org.mitre.oval:def:15448
Title: USN-1205-1 -- Linux kernel (Maverick backport) vulnerabilities
Description: linux-lts-backport-maverick: Linux kernel backport from Maverick Multiple kernel flaws have been fixed.
Family: unix Class: patch
Reference(s): USN-1205-1
CVE-2011-1020
CVE-2011-1493
CVE-2011-1770
CVE-2011-2484
CVE-2011-2492
Version: 5
Platform(s): Ubuntu 10.04
Product(s): Linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18064
 
Oval ID: oval:org.mitre.oval:def:18064
Title: DSA-1977-1 python - several vulnerabilities
Description: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. (<a href="http://security-tracker.debian.org/tracker/CVE-2009-3560">CVE-2009-3560</a> <a href="http://security-tracker.debian.org/tracker/CVE-2009-3720">CVE-2009-3720</a>) This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
Family: unix Class: patch
Reference(s): DSA-1977-1
CVE-2008-2316
CVE-2009-3560
CVE-2009-3720
Version: 7
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): python2.4
python2.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19662
 
Oval ID: oval:org.mitre.oval:def:19662
Title: CIFS Server (Samba), Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS)
Description: Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2522
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19700
 
Oval ID: oval:org.mitre.oval:def:19700
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1593
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19711
 
Oval ID: oval:org.mitre.oval:def:19711
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0711
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19724
 
Oval ID: oval:org.mitre.oval:def:19724
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.
Family: unix Class: vulnerability
Reference(s): CVE-2010-2059
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19744
 
Oval ID: oval:org.mitre.oval:def:19744
Title: VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
Description: lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.
Family: unix Class: vulnerability
Reference(s): CVE-2010-2059
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19755
 
Oval ID: oval:org.mitre.oval:def:19755
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3493
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19774
 
Oval ID: oval:org.mitre.oval:def:19774
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1166
Version: 5
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20192
 
Oval ID: oval:org.mitre.oval:def:20192
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2689
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20200
 
Oval ID: oval:org.mitre.oval:def:20200
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1521
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20208
 
Oval ID: oval:org.mitre.oval:def:20208
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1936
Version: 5
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20210
 
Oval ID: oval:org.mitre.oval:def:20210
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1170
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20229
 
Oval ID: oval:org.mitre.oval:def:20229
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2901
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20234
 
Oval ID: oval:org.mitre.oval:def:20234
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1746
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20248
 
Oval ID: oval:org.mitre.oval:def:20248
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3378
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20258
 
Oval ID: oval:org.mitre.oval:def:20258
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2495
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20263
 
Oval ID: oval:org.mitre.oval:def:20263
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1163
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20305
 
Oval ID: oval:org.mitre.oval:def:20305
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1573
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20325
 
Oval ID: oval:org.mitre.oval:def:20325
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1182
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20403
 
Oval ID: oval:org.mitre.oval:def:20403
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2491
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20404
 
Oval ID: oval:org.mitre.oval:def:20404
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1495
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20406
 
Oval ID: oval:org.mitre.oval:def:20406
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
Family: unix Class: vulnerability
Reference(s): CVE-2011-2694
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20416
 
Oval ID: oval:org.mitre.oval:def:20416
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1015
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20423
 
Oval ID: oval:org.mitre.oval:def:20423
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2519
Version: 5
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20425
 
Oval ID: oval:org.mitre.oval:def:20425
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2492
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20431
 
Oval ID: oval:org.mitre.oval:def:20431
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1745
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20437
 
Oval ID: oval:org.mitre.oval:def:20437
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0695
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20444
 
Oval ID: oval:org.mitre.oval:def:20444
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1172
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20485
 
Oval ID: oval:org.mitre.oval:def:20485
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1776
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20528
 
Oval ID: oval:org.mitre.oval:def:20528
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member.
Family: unix Class: vulnerability
Reference(s): CVE-2010-4649
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20530
 
Oval ID: oval:org.mitre.oval:def:20530
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1495
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20531
 
Oval ID: oval:org.mitre.oval:def:20531
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1763
Version: 5
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20545
 
Oval ID: oval:org.mitre.oval:def:20545
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2022
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20548
 
Oval ID: oval:org.mitre.oval:def:20548
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1171
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20550
 
Oval ID: oval:org.mitre.oval:def:20550
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1044
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20567
 
Oval ID: oval:org.mitre.oval:def:20567
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1080
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20570
 
Oval ID: oval:org.mitre.oval:def:20570
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1494
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20573
 
Oval ID: oval:org.mitre.oval:def:20573
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1577
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20576
 
Oval ID: oval:org.mitre.oval:def:20576
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2517
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20577
 
Oval ID: oval:org.mitre.oval:def:20577
Title: VMware ESX third party updates for Service Console packages glibc and dhcp
Description: Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1494
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20605
 
Oval ID: oval:org.mitre.oval:def:20605
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1780
Version: 5
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20615
 
Oval ID: oval:org.mitre.oval:def:20615
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1576
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20619
 
Oval ID: oval:org.mitre.oval:def:20619
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2522
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20630
 
Oval ID: oval:org.mitre.oval:def:20630
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2192
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20631
 
Oval ID: oval:org.mitre.oval:def:20631
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0547
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20637
 
Oval ID: oval:org.mitre.oval:def:20637
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3720
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20640
 
Oval ID: oval:org.mitre.oval:def:20640
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1079
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20644
 
Oval ID: oval:org.mitre.oval:def:20644
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1678
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20650
 
Oval ID: oval:org.mitre.oval:def:20650
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary.
Family: unix Class: vulnerability
Reference(s): CVE-2011-0726
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20671
 
Oval ID: oval:org.mitre.oval:def:20671
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2525
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20672
 
Oval ID: oval:org.mitre.oval:def:20672
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2213
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20687
 
Oval ID: oval:org.mitre.oval:def:20687
Title: VMware ESXi and ESX address several security issues
Description: A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet.
Family: unix Class: vulnerability
Reference(s): CVE-2011-2482
Version: 4
Platform(s): VMWare ESX Server 4.0
VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20695
 
Oval ID: oval:org.mitre.oval:def:20695
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1078
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20697
 
Oval ID: oval:org.mitre.oval:def:20697
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1093
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20717
 
Oval ID: oval:org.mitre.oval:def:20717
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0787
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21200
 
Oval ID: oval:org.mitre.oval:def:21200
Title: RHSA-2011:1212: kernel security and bug fix update (Important)
Description: Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits.
Family: unix Class: patch
Reference(s): RHSA-2011:1212-01
CESA-2011:1212
CVE-2011-2482
CVE-2011-2491
CVE-2011-2495
CVE-2011-2517
CVE-2011-2519
CVE-2011-2901
Version: 81
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21626
 
Oval ID: oval:org.mitre.oval:def:21626
Title: RHSA-2011:0554: python security, bug fix, and enhancement update (Moderate)
Description: The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
Family: unix Class: patch
Reference(s): RHSA-2011:0554-01
CVE-2010-3493
CVE-2011-1015
CVE-2011-1521
Version: 42
Platform(s): Red Hat Enterprise Linux 6
Product(s): python
python-docs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21659
 
Oval ID: oval:org.mitre.oval:def:21659
Title: RHSA-2011:1349: rpm security update (Important)
Description: RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
Family: unix Class: patch
Reference(s): RHSA-2011:1349-01
CESA-2011:1349
CVE-2011-3378
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
CentOS Linux 6
Product(s): rpm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21896
 
Oval ID: oval:org.mitre.oval:def:21896
Title: RHSA-2011:0927: kernel security and bug fix update (Important)
Description: The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
Family: unix Class: patch
Reference(s): RHSA-2011:0927-01
CESA-2011:0927
CVE-2010-4649
CVE-2011-0695
CVE-2011-0711
CVE-2011-1044
CVE-2011-1182
CVE-2011-1573
CVE-2011-1576
CVE-2011-1593
CVE-2011-1745
CVE-2011-1746
CVE-2011-1776
CVE-2011-1936
CVE-2011-2022
CVE-2011-2213
CVE-2011-2492
Version: 198
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21913
 
Oval ID: oval:org.mitre.oval:def:21913
Title: RHSA-2011:0918: curl security update (Moderate)
Description: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Family: unix Class: patch
Reference(s): RHSA-2011:0918-01
CVE-2011-2192
CESA-2011:0918-CentOS 5
Version: 6
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): curl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21921
 
Oval ID: oval:org.mitre.oval:def:21921
Title: RHSA-2011:0027: python security, bug fix, and enhancement update (Low)
Description: The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
Family: unix Class: patch
Reference(s): RHSA-2011:0027-01
CVE-2008-5983
CVE-2009-4134
CVE-2010-1449
CVE-2010-1450
CVE-2010-1634
CVE-2010-2089
Version: 81
Platform(s): Red Hat Enterprise Linux 5
Product(s): python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21923
 
Oval ID: oval:org.mitre.oval:def:21923
Title: RHSA-2011:0492: python security update (Moderate)
Description: The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
Family: unix Class: patch
Reference(s): RHSA-2011:0492-01
CESA-2011:0492
CVE-2009-3720
CVE-2010-3493
CVE-2011-1015
CVE-2011-1521
Version: 55
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21924
 
Oval ID: oval:org.mitre.oval:def:21924
Title: RHSA-2011:0498: kernel security, bug fix, and enhancement update (Important)
Description: net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
Family: unix Class: patch
Reference(s): RHSA-2011:0498-01
CVE-2010-4250
CVE-2010-4565
CVE-2010-4649
CVE-2011-0006
CVE-2011-0711
CVE-2011-0712
CVE-2011-0726
CVE-2011-1013
CVE-2011-1016
CVE-2011-1019
CVE-2011-1044
CVE-2011-1079
CVE-2011-1080
CVE-2011-1093
CVE-2011-1573
Version: 198
Platform(s): Red Hat Enterprise Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21936
 
Oval ID: oval:org.mitre.oval:def:21936
Title: RHSA-2011:1065: Red Hat Enterprise Linux 5.7 kernel security and bug fix update (Important)
Description: The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.
Family: unix Class: patch
Reference(s): RHSA-2011:1065-01
CESA-2011:1065
CVE-2011-1780
CVE-2011-2525
CVE-2011-2689
Version: 42
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21948
 
Oval ID: oval:org.mitre.oval:def:21948
Title: RHSA-2010:0002: PyXML security update (Moderate)
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: patch
Reference(s): RHSA-2010:0002-01
CESA-2010:0002
CVE-2009-3720
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): PyXML
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21965
 
Oval ID: oval:org.mitre.oval:def:21965
Title: RHSA-2011:0833: kernel security and bug fix update (Important)
Description: The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.
Family: unix Class: patch
Reference(s): RHSA-2011:0833-01
CESA-2011:0833
CVE-2011-0726
CVE-2011-1078
CVE-2011-1079
CVE-2011-1080
CVE-2011-1093
CVE-2011-1163
CVE-2011-1166
CVE-2011-1170
CVE-2011-1171
CVE-2011-1172
CVE-2011-1494
CVE-2011-1495
CVE-2011-1577
CVE-2011-1763
Version: 185
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21999
 
Oval ID: oval:org.mitre.oval:def:21999
Title: RHSA-2010:0679: rpm security and bug fix update (Moderate)
Description: lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.
Family: unix Class: patch
Reference(s): RHSA-2010:0679-01
CESA-2010:0679
CVE-2010-2059
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): rpm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22352
 
Oval ID: oval:org.mitre.oval:def:22352
Title: ELSA-2011:0833: kernel security and bug fix update (Important)
Description: The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.
Family: unix Class: patch
Reference(s): ELSA-2011:0833-01
CVE-2011-0726
CVE-2011-1078
CVE-2011-1079
CVE-2011-1080
CVE-2011-1093
CVE-2011-1163
CVE-2011-1166
CVE-2011-1170
CVE-2011-1171
CVE-2011-1172
CVE-2011-1494
CVE-2011-1495
CVE-2011-1577
CVE-2011-1763
Version: 61
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22813
 
Oval ID: oval:org.mitre.oval:def:22813
Title: ELSA-2010:0679: rpm security and bug fix update (Moderate)
Description: lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.
Family: unix Class: patch
Reference(s): ELSA-2010:0679-01
CVE-2010-2059
Version: 6
Platform(s): Oracle Linux 5
Product(s): rpm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22821
 
Oval ID: oval:org.mitre.oval:def:22821
Title: ELSA-2011:0027: python security, bug fix, and enhancement update (Low)
Description: The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
Family: unix Class: patch
Reference(s): ELSA-2011:0027-01
CVE-2008-5983
CVE-2009-4134
CVE-2010-1449
CVE-2010-1450
CVE-2010-1634
CVE-2010-2089
Version: 29
Platform(s): Oracle Linux 5
Product(s): python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22877
 
Oval ID: oval:org.mitre.oval:def:22877
Title: ELSA-2011:1065: Oracle Linux 5.x.7 kernel security and bug fix update (Important)
Description: The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.
Family: unix Class: patch
Reference(s): ELSA-2011:1065-01
CVE-2011-1780
CVE-2011-2525
CVE-2011-2689
Version: 17
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22880
 
Oval ID: oval:org.mitre.oval:def:22880
Title: ELSA-2009:1625: expat security update (Moderate)
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: patch
Reference(s): ELSA-2009:1625-01
CVE-2009-3560
CVE-2009-3720
Version: 13
Platform(s): Oracle Linux 5
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23002
 
Oval ID: oval:org.mitre.oval:def:23002
Title: ELSA-2010:0002: PyXML security update (Moderate)
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: patch
Reference(s): ELSA-2010:0002-01
CVE-2009-3720
Version: 6
Platform(s): Oracle Linux 5
Product(s): PyXML
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23218
 
Oval ID: oval:org.mitre.oval:def:23218
Title: ELSA-2011:0918: curl security update (Moderate)
Description: The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
Family: unix Class: patch
Reference(s): ELSA-2011:0918-01
CVE-2011-2192
Version: 6
Platform(s): Oracle Linux 6
Product(s): curl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23229
 
Oval ID: oval:org.mitre.oval:def:23229
Title: ELSA-2011:0492: python security update (Moderate)
Description: The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
Family: unix Class: patch
Reference(s): ELSA-2011:0492-01
CVE-2009-3720
CVE-2010-3493
CVE-2011-1015
CVE-2011-1521
Version: 21
Platform(s): Oracle Linux 5
Product(s): python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23293
 
Oval ID: oval:org.mitre.oval:def:23293
Title: ELSA-2011:1212: kernel security and bug fix update (Important)
Description: Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits.
Family: unix Class: patch
Reference(s): ELSA-2011:1212-01
CVE-2011-2482
CVE-2011-2491
CVE-2011-2495
CVE-2011-2517
CVE-2011-2519
CVE-2011-2901
Version: 29
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23316
 
Oval ID: oval:org.mitre.oval:def:23316
Title: DEPRECATED: ELSA-2011:1349: rpm security update (Important)
Description: RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
Family: unix Class: patch
Reference(s): ELSA-2011:1349-01
CVE-2011-3378
Version: 7
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): rpm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23330
 
Oval ID: oval:org.mitre.oval:def:23330
Title: ELSA-2011:0927: kernel security and bug fix update (Important)
Description: The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.
Family: unix Class: patch
Reference(s): ELSA-2011:0927-01
CVE-2010-4649
CVE-2011-0695
CVE-2011-0711
CVE-2011-1044
CVE-2011-1182
CVE-2011-1573
CVE-2011-1576
CVE-2011-1593
CVE-2011-1745
CVE-2011-1746
CVE-2011-1776
CVE-2011-1936
CVE-2011-2022
CVE-2011-2213
CVE-2011-2492
Version: 65
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23384
 
Oval ID: oval:org.mitre.oval:def:23384
Title: ELSA-2011:0498: kernel security, bug fix, and enhancement update (Important)
Description: net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
Family: unix Class: patch
Reference(s): ELSA-2011:0498-01
CVE-2010-4250
CVE-2010-4565
CVE-2010-4649
CVE-2011-0006
CVE-2011-0711
CVE-2011-0712
CVE-2011-0726
CVE-2011-1013
CVE-2011-1016
CVE-2011-1019
CVE-2011-1044
CVE-2011-1079
CVE-2011-1080
CVE-2011-1093
CVE-2011-1573
Version: 65
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23473
 
Oval ID: oval:org.mitre.oval:def:23473
Title: ELSA-2011:0554: python security, bug fix, and enhancement update (Moderate)
Description: The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
Family: unix Class: patch
Reference(s): ELSA-2011:0554-01
CVE-2010-3493
CVE-2011-1015
CVE-2011-1521
Version: 17
Platform(s): Oracle Linux 6
Product(s): python
python-docs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23541
 
Oval ID: oval:org.mitre.oval:def:23541
Title: ELSA-2011:1349: rpm security update (Important)
Description: RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
Family: unix Class: patch
Reference(s): ELSA-2011:1349-01
CVE-2011-3378
Version: 6
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): rpm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27720
 
Oval ID: oval:org.mitre.oval:def:27720
Title: DEPRECATED: ELSA-2011-1065 -- Oracle Linux 5.7 kernel security and bug fix update (important)
Description: [2.6.18-274.el5] - [xen] svm: fix invlpg emulator regression (Paolo Bonzini) [719894]
Family: unix Class: patch
Reference(s): ELSA-2011-1065
CVE-2011-1780
CVE-2011-2525
CVE-2011-2689
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27781
 
Oval ID: oval:org.mitre.oval:def:27781
Title: DEPRECATED: ELSA-2011-1212 -- kernel security and bug fix update (important)
Description: [2.6.18-274.3.1.0.1.el5] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - fix missing aio_complete() in end_io (Joel Becker) [orabug 10365195] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [aio] patch removes limit on number of retries (Srinivas Eeda) [orabug 10044782] - [loop] Do not call loop_unplug for not configured loop device (orabug 10314497)
Family: unix Class: patch
Reference(s): ELSA-2011-1212
CVE-2011-2482
CVE-2011-2491
CVE-2011-2495
CVE-2011-2517
CVE-2011-2519
CVE-2011-2901
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27793
 
Oval ID: oval:org.mitre.oval:def:27793
Title: ELSA-2011-2016 -- Unbreakable Enterprise kernel security fix update (important)
Description: A [2.6.32-100.28.17.el6] - [net] Extend prot->slab size when add sock extend fields. [2.6.32-100.28.16.el6] - kernel: Fix unlimited socket backlog DoS {CVE-2010-4251} - RDS: Fix congestion issues for loopback - rds: prevent BUG_ON triggering on congestion map updates {CVE-2011-1023} - epoll: prevent creating circular epoll structures {CVE-2011-1082} - fs: fix corrupted OSF partition table parsing {CVE-2011-1163} - fs: Increase OSF partition limit from 8 to 18 {CVE-2011-1163} - netfilter: arp_tables: fix infoleak to userspace {CVE-2011-1170} - netfilter: ip_tables: fix infoleak to userspace {CVE-2011-1171} - ipv6: netfilter: ip6_tables: fix infoleak to userspace {CVE-2011-1172} - [SCSI] mpt2sas: prevent heap overflows and unchecked reads {CVE-2011-1494, CVE-2011-1495}
Family: unix Class: patch
Reference(s): ELSA-2011-2016
CVE-2010-4251
CVE-2011-1023
CVE-2011-1082
CVE-2011-1163
CVE-2011-1170
CVE-2011-1171
CVE-2011-1172
CVE-2011-1494
CVE-2011-1495
Version: 5
Platform(s): Oracle Linux 5
Product(s): kernel-uek
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27806
 
Oval ID: oval:org.mitre.oval:def:27806
Title: DEPRECATED: ELSA-2011-0833 -- kernel security and bug fix update (important)
Description: [2.6.18-238.12.1.0.1.el5] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - fix missing aio_complete() in end_io (Joel Becker) [orabug 10365195] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702] - [nfs] too many getattr and access calls after direct I/O [orabug 9348191] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [aio] patch removes limit on number of retries (Srinivas Eeda) [orabug 10044782] - [loop] Do not call loop_unplug for not configured loop device (orabug 10314497)
Family: unix Class: patch
Reference(s): ELSA-2011-0833
CVE-2011-0726
CVE-2011-1078
CVE-2011-1079
CVE-2011-1080
CVE-2011-1093
CVE-2011-1163
CVE-2011-1166
CVE-2011-1170
CVE-2011-1171
CVE-2011-1172
CVE-2011-1494
CVE-2011-1495
CVE-2011-1577
CVE-2011-1763
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27865
 
Oval ID: oval:org.mitre.oval:def:27865
Title: DEPRECATED: ELSA-2011-0927 -- kernel security and bug fix update (important)
Description: [2.6.18-238.19.1.0.1.el5] - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - bonding: reread information about speed and duplex when interface goes up (John Haxby) [orabug 11890822] - [scsi] fix scsi hotplug and rescan race [orabug 10260172] - fix filp_close() race (Joe Jin) [orabug 10335998] - fix missing aio_complete() in end_io (Joel Becker) [orabug 10365195] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105] RDS: Fix BUG_ONs to not fire when in a tasklet ipoib: Fix lockup of the tx queue RDS: Do not call set_page_dirty() with irqs off (Sherman Pun) RDS: Properly unmap when getting a remote access error (Tina Yang) RDS: Fix locking in rds_send_drop_to() - [qla] fix qla not to query hccr (Guru Anbalagane) [Orabug 8746702] - [nfs] too many getattr and access calls after direct I/O [orabug 9348191] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [aio] patch removes limit on number of retries (Srinivas Eeda) [orabug 10044782] - [loop] Do not call loop_unplug for not configured loop device (orabug 10314497)
Family: unix Class: patch
Reference(s): ELSA-2011-0927
CVE-2010-4649
CVE-2011-0695
CVE-2011-0711
CVE-2011-1044
CVE-2011-1182
CVE-2011-1573
CVE-2011-1576
CVE-2011-1593
CVE-2011-1745
CVE-2011-1746
CVE-2011-1776
CVE-2011-1936
CVE-2011-2022
CVE-2011-2213
CVE-2011-2492
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28004
 
Oval ID: oval:org.mitre.oval:def:28004
Title: ELSA-2011-2015 -- Oracle Linux 6 Unbreakable Enterprise kernel security fix update (important)
Description: [2.6.32-100.28.15.el6] - sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set {CVE-2011-1573} - dccp: fix oops on Reset after close {CVE-2011-1093} - bridge: netfilter: fix information leak {CVE-2011-1080} - Bluetooth: bnep: fix buffer overflow {CVE-2011-1079} - net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules {CVE-2011-1019} - ipip: add module alias for tunl0 tunnel device - gre: add module alias for gre0 tunnel device - drm/radeon/kms: check AA resolve registers on r300 {CVE-2011-1016} - drm/radeon: fix regression with AA resolve checking {CVE-2011-1016} - drm: fix unsigned vs signed comparison issue in modeset ctl ioctl {CVE-2011-1013} - proc: protect mm start_code/end_code in /proc/pid/stat {CVE-2011-0726} - ALSA: caiaq - Fix possible string-buffer overflow {CVE-2011-0712} - xfs: zero proper structure size for geometry calls {CVE-2011-0711} - xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 {CVE-2011-0711} - ima: fix add LSM rule bug {CVE-2011-0006} - IB/uverbs: Handle large number of entries in poll CQ {CVE-2010-4649, CVE-2011-1044} - CAN: Use inode instead of kernel address for /proc file {CVE-2010-4565} [2.6.32-100.28.14.el6] - IB/qib: fix qib compile warning. - IB/core: Allow device-specific per-port sysfs files. - dm crypt: add plain64 iv. - firmware: add firmware for qib. - Infiniband: Add QLogic PCIe QLE InfiniBand host channel adapters support.
Family: unix Class: patch
Reference(s): ELSA-2011-2015
CVE-2010-4565
CVE-2010-4649
CVE-2011-0006
CVE-2011-0711
CVE-2011-0712
CVE-2011-0726
CVE-2011-1013
CVE-2011-1016
CVE-2011-1019
CVE-2011-1044
CVE-2011-1079
CVE-2011-1080
CVE-2011-1093
CVE-2011-1573
Version: 5
Platform(s): Oracle Linux 5
Product(s): kernel-uek
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28032
 
Oval ID: oval:org.mitre.oval:def:28032
Title: DEPRECATED: ELSA-2011-0554 -- python security, bug fix, and enhancement update (moderate)
Description: python: [2.6.6-20] Resolves: CVE-2010-3493
Family: unix Class: patch
Reference(s): ELSA-2011-0554
CVE-2010-3493
CVE-2011-1015
CVE-2011-1521
Version: 4
Platform(s): Oracle Linux 6
Product(s): python
python-docs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28038
 
Oval ID: oval:org.mitre.oval:def:28038
Title: ELSA-2011-2024 -- Oracle Linux 6 Unbreakable Enterprise kernel security and bug fix update (moderate)
Description: [2.6.32-200.16.1.el6uek] - Revert change to restore DEFAULTKERNEL
Family: unix Class: patch
Reference(s): ELSA-2011-2024
CVE-2011-1767
CVE-2011-1768
CVE-2011-2213
Version: 5
Platform(s): Oracle Linux 6
Product(s): kernel-uek
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28060
 
Oval ID: oval:org.mitre.oval:def:28060
Title: DEPRECATED: ELSA-2011-0492 -- python security update (moderate)
Description: [2.4.3-44] - add patch adapted from upstream (patch 208) to add support for building against system expat; add --with-system-expat to configure invocation; remove embedded copy of expat-1.95.8 from the source tree during prep - ensure pyexpat.so gets built by explicitly listing all C modules in the payload in %files, rather than using dynfiles Resolves: CVE-2009-3720 - backport three security fixes to 2.4 (patches 209, 210, 211): Resolves: CVE-2011-1521 Resolves: CVE-2011-1015 Resolves: CVE-2010-3493
Family: unix Class: patch
Reference(s): ELSA-2011-0492
CVE-2009-3720
CVE-2010-3493
CVE-2011-1015
CVE-2011-1521
Version: 4
Platform(s): Oracle Linux 5
Product(s): python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28065
 
Oval ID: oval:org.mitre.oval:def:28065
Title: DEPRECATED: ELSA-2011-0498 -- kernel security, bug fix, and enhancement update (important)
Description: [2.6.32-71.29.1.el6] - [mm] Revert '[mm] pdpte registers are not flushed when PGD entry is changed in x86 PAE mode' (Larry Woodman) [695256 691310]
Family: unix Class: patch
Reference(s): ELSA-2011-0498
CVE-2010-4250
CVE-2010-4565
CVE-2010-4649
CVE-2011-0006
CVE-2011-0711
CVE-2011-0712
CVE-2011-0726
CVE-2011-1013
CVE-2011-1016
CVE-2011-1019
CVE-2011-1044
CVE-2011-1079
CVE-2011-1080
CVE-2011-1093
CVE-2011-1573
Version: 4
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28094
 
Oval ID: oval:org.mitre.oval:def:28094
Title: DEPRECATED: ELSA-2010-0679 -- rpm security and bug fix update (moderate)
Description: [4.4.2.3-20.el5_5.1] - make the sbits removal behavior consistent with all the RHELs - add proper suffix for Z branch [4.4.2.3-19] - fix CVE-2010-2059, fails to drop SUID/SGID bits on package upgrade (#626707) - fix SELinux memory leak (#627630), patch from Florian Festi
Family: unix Class: patch
Reference(s): ELSA-2010-0679
CVE-2010-2059
Version: 4
Platform(s): Oracle Linux 5
Product(s): rpm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29347
 
Oval ID: oval:org.mitre.oval:def:29347
Title: RHSA-2009:1625 -- expat security update (Moderate)
Description: Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Expat is a C library written by James Clark for parsing XML documents. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. (CVE-2009-3560, CVE-2009-3720)
Family: unix Class: patch
Reference(s): RHSA-2009:1625
CESA-2009:1625-CentOS 3
CESA-2009:1625-CentOS 5
CVE-2009-3560
CVE-2009-3720
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 3
CentOS Linux 5
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6760
 
Oval ID: oval:org.mitre.oval:def:6760
Title: DSA-1953 expat -- denial of service
Description: Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
Family: unix Class: patch
Reference(s): DSA-1953
CVE-2009-3560
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): expat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6883
 
Oval ID: oval:org.mitre.oval:def:6883
Title: Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
Description: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3560
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7112
 
Oval ID: oval:org.mitre.oval:def:7112
Title: Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3720
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7152
 
Oval ID: oval:org.mitre.oval:def:7152
Title: DSA-1977 python2.4 python2.5 -- several vulnerabilities
Description: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. It only affects the oldstable distribution.
Family: unix Class: patch
Reference(s): DSA-1977
CVE-2008-2316
CVE-2009-3560
CVE-2009-3720
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): python2.4 python2.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7515
 
Oval ID: oval:org.mitre.oval:def:7515
Title: DSA-2004 samba -- several vulnerabilities
Description: Two local vulnerabilities have been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems: Ronald Volgers discovered that a race condition in mount.cifs allows local users to mount remote filesystems over arbitrary mount points. Jeff Layton discovered that missing input sanitising in mount.cifs allows denial of service by corrupting /etc/mtab.
Family: unix Class: patch
Reference(s): DSA-2004
CVE-2009-3297
CVE-2010-0547
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): samba
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 93
Application 1
Application 39
Application 128
Application 202
Application 16
Os 81
Os 5
Os 3
Os 2
Os