oval:org.mitre.oval:def:12956

Definition Id: oval:org.mitre.oval:def:12956
 
Oval ID: oval:org.mitre.oval:def:12956
Title: USN-1081-1 -- linux vulnerabilities
Description: It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the TIPC interface did not correctly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. Dan Rosenberg discovered that the ivtv V4L driver did not correctly initialize certian structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the semctl syscall did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. It was discovered that multithreaded exec did not handle CPU timers correctly. A local attacker could exploit this to crash the system, leading to a denial of service. Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service. Tavis Ormandy discovered that the install_special_mapping function could bypass the mmap_min_addr restriction. A local attacker could exploit this to mmap 4096 bytes below the mmap_min_addr area, possibly improving the chances of performing NULL pointer dereference attacks. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. A local attacker could exploit this crash the system or gain root privileges. Dan Carpenter discovered that the Infiniband driver did not correctly handle certain requests. A local user could exploit this to crash the system or potentially gain root privileges
Family: unix Class: patch
Reference(s): USN-1081-1
CVE-2010-3698
CVE-2010-3865
CVE-2010-3875
CVE-2010-3876
CVE-2010-3877
CVE-2010-3880
CVE-2010-4079
CVE-2010-4083
CVE-2010-4248
CVE-2010-4250
CVE-2010-4342
CVE-2010-4346
CVE-2010-4527
CVE-2010-4648
CVE-2010-4649
CVE-2011-1044
CVE-2010-4650
CVE-2011-0006
CVE-2011-4621
 Version: 5
Platform(s): Ubuntu 10.10
 Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13134
 
Oval ID: oval:org.mitre.oval:def:13134
Title: Ubuntu 10.10 is installed
Description: Ubuntu 10.10 is installed
Family: unix Class: inventory
Reference(s): cpe:/o:ubuntu:ubuntu_linux:10.10
 Version: 3
Platform(s): Ubuntu 10.10
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:12956