Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:13699
[Rus]
Version
9
Class
patch
ALTXid
28399
Language
English
Severity
NotAvailable
Title
USN-1111-1 -- linux-source-2.6.15 vulnerabilities
Description
linux-source-2.6.15: Linux kernel Multiple flaws fixed in the Linux kernel.
Family
unix
Platform
Ubuntu 6.06
Product
linux-source-2.6.15
Reference
VENDOR: USN-1111-1
VENDOR: USN-1111-1
Id:
USN-1111-1
Reference:
https://usn.ubuntu.com/usn/usn-1111-1
CVE: CVE-2011-1017
CVE: CVE-2011-1017
Id:
CVE-2011-1017
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1017
Comment
: Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE:
787 (Out-of-bounds Write)
References:
[oss-security] 20110224 Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables (MLIST)
[oss-security] 20110223 CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables (MLIST)
http://www.pre-cert.de/advisories/PRE-SA-2011-01.txt (MISC)
1025128 (SECTRACK)
[oss-security] 20110223 Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables (MLIST)
43738 (SECUNIA)
43716 (SECUNIA)
46512 (BID)
8115 (SREASON)
USN-1146-1 (UBUNTU)
20110223 [PRE-SA-2011-01] Multiple Linux kernel vulnerabilities in partition handling code of LDM and MAC partition tables (BUGTRAQ)
CVE: CVE-2011-0695
CVE: CVE-2011-0695
Id:
CVE-2011-0695
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695
Comment
: Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.
CVSSv2 Score:
5.7
Access vector:
ADJACENT_NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:A/AC:M/Au:N/C:N/I:N/A:C
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
[linux-rdma] 20110223 [PATCH 2/2] ib/cm: Bump reference count on cm_id before invoking callback (MLIST)
43693 (SECUNIA)
46839 (BID)
[linux-rdma] 20110223 [PATCH 1/2] rdma/cm: Fix crash in request handlers (MLIST)
[oss-security] 20110311 CVE-2011-0695 kernel: panic in ib_cm:cm_work_handler (MLIST)
USN-1146-1 (UBUNTU)
RHSA-2011:0927 (REDHAT)
kernel-infiniband-dos(66056) (XF)
CVE: CVE-2011-0521
CVE: CVE-2011-0521
Id:
CVE-2011-0521
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0521
Comment
: The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc2 (CONFIRM)
[oss-security] 20110125 Re: Linux kernel av7110 negative array offset (MLIST)
43009 (SECUNIA)
[oss-security] 20110125 Linux kernel av7110 negative array offset (MLIST)
45986 (BID)
1025195 (SECTRACK)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
kernel-av7110ca-privilege-escalation(64988) (XF)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cb26a24ee9706473f31d34cc259f4dcf45cd0644 (MISC)
CVE: CVE-2010-4529
CVE: CVE-2010-4529
Id:
CVE-2010-4529
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4529
Comment
: Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE:
191 (Integer Underflow (Wrap or Wraparound))
References:
[oss-security] 20110103 Re: CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES (MLIST)
42684 (SECUNIA)
[oss-security] 20101223 CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES (MLIST)
[netdev] 20101222 [PATCH] irda: prevent integer underflow in IRLMP_ENUMDEVICES (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 (CONFIRM)
45556 (BID)
SUSE-SA:2011:008 (SUSE)
43291 (SECUNIA)
ADV-2011-0375 (VUPEN)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdac1e0697356ac212259f2147aa60c72e334861 ()
CVE: CVE-2010-4527
CVE: CVE-2010-4527
Id:
CVE-2010-4527
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4527
Comment
: The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE:
120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))
References:
[oss-security] 20101230 CVE request: kernel: buffer overflow in OSS load_mixer_volumes (MLIST)
45629 (BID)
https://bugzilla.redhat.com/show_bug.cgi?id=667615 (CONFIRM)
http://xorl.wordpress.com/2011/01/09/cve-2010-4527-linux-kernel-oss-sound-card-driver-buffer-overflow/ (MISC)
[oss-security] 20101231 Re: CVE request: kernel: buffer overflow in OSS load_mixer_volumes (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 (CONFIRM)
42765 (SECUNIA)
SUSE-SA:2011:008 (SUSE)
43291 (SECUNIA)
ADV-2011-0375 (VUPEN)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d81a12bc29ae4038770e05dce4ab7f26fd5880fb (MISC)
CVE: CVE-2010-4342
CVE: CVE-2010-4342
Id:
CVE-2010-4342
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4342
Comment
: The aun_incoming function in net/econet/af_econet.c in the Linux kernel before 2.6.37-rc6, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE:
476 (NULL Pointer Dereference)
References:
[oss-security] 20101208 CVE request: kernel: NULL pointer dereference in AF_ECONET (MLIST)
[oss-security] 20101209 Re: CVE request: kernel: NULL pointer dereference in AF_ECONET (MLIST)
[netdev] 20101209 NULL dereference in econet AUN-over-UDP receive (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc6 (CONFIRM)
[netdev] 20101209 Re: NULL dereference in econet AUN-over-UDP receive (MLIST)
45321 (BID)
ADV-2011-0375 (VUPEN)
43291 (SECUNIA)
SUSE-SA:2011:008 (SUSE)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e085e76cbe558b79b54cbab772f61185879bc64 (MISC)
CVE: CVE-2010-4258
CVE: CVE-2010-4258
Id:
CVE-2010-4258
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4258
Comment
: The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.
CVSSv2 Score:
6.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE:
269 (Improper Privilege Management)
References:
[oss-security] 20101209 Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
[oss-security] 20101208 Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
[oss-security] 20101202 Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
20101207 Linux kernel exploit (FULLDISC)
[oss-security] 20101202 CVE request: kernel: failure to revert address limit override in OOPS error path (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=659567 (CONFIRM)
[linux-kernel] 20101201 [PATCH v2] do_exit(): Make sure we run with get_fs() == USER_DS. (MLIST)
http://blog.nelhage.com/2010/12/cve-2010-4258-from-dos-to-privesc/ (MISC)
[oss-security] 20101209 Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
[oss-security] 20101208 Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
[oss-security] 20101202 Re: CVE request: kernel: failure to revert address limit override in OOPS error path (MLIST)
[oss-security] 20101208 Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
[linux-kernel] 20101201 Re: [PATCH v2] do_exit(): Make sure we run with get_fs() == USER_DS. (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 (CONFIRM)
[oss-security] 20101202 kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (MLIST)
FEDORA-2010-18983 (FEDORA)
42745 (SECUNIA)
ADV-2010-3321 (VUPEN)
SUSE-SA:2011:002 (SUSE)
SUSE-SA:2011:001 (SUSE)
ADV-2011-0012 (VUPEN)
42778 (SECUNIA)
42801 (SECUNIA)
42932 (SECUNIA)
SUSE-SA:2011:004 (SUSE)
ADV-2011-0124 (VUPEN)
ADV-2011-0213 (VUPEN)
SUSE-SA:2011:005 (SUSE)
43056 (SECUNIA)
ADV-2011-0375 (VUPEN)
SUSE-SA:2011:008 (SUSE)
43291 (SECUNIA)
ADV-2011-0298 (VUPEN)
SUSE-SA:2011:007 (SUSE)
MDVSA-2011:029 (MANDRIVA)
http://googlechromereleases.blogspot.com/2011/01/chrome-os-beta-channel-update.html (CONFIRM)
http://code.google.com/p/chromium-os/issues/detail?id=10234 (CONFIRM)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177 (MISC)
CVE: CVE-2010-4249
CVE: CVE-2010-4249
Id:
CVE-2010-4249
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4249
Comment
: The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
[oss-security] 20101124 CVE request: kernel: unix socket local dos (MLIST)
[oss-security] 20101124 Re: CVE request: kernel: unix socket local dos (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.37-rc3-next-20101125.bz2 (CONFIRM)
[netdev] 20101124 [PATCH] af_unix: limit unix_tot_inflight (MLIST)
45037 (BID)
[linux-kernel] 20101124 [PATCH net-next-2.6] scm: lower SCM_MAX_FD (MLIST)
[linux-kernel] 20101125 Simple kernel attack using socketpair. easy, 100% reproductiblle, works under guest. no way to protect :( (MLIST)
15622 (EXPLOIT-DB)
https://bugzilla.redhat.com/show_bug.cgi?id=656756 (CONFIRM)
[linux-kernel] 20101123 Unix socket local DOS (OOM) (MLIST)
42354 (SECUNIA)
FEDORA-2010-18983 (FEDORA)
ADV-2010-3321 (VUPEN)
42745 (SECUNIA)
RHSA-2011:0162 (REDHAT)
42963 (SECUNIA)
ADV-2011-0168 (VUPEN)
42890 (SECUNIA)
RHSA-2011:0007 (REDHAT)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9915672d41273f5b77f1b3c29b391ffb7732b84b (MISC)
CVE: CVE-2010-4164
CVE: CVE-2010-4164
Id:
CVE-2010-4164
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4164
Comment
: Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE:
191 (Integer Underflow (Wrap or Wraparound))
References:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 (CONFIRM)
[oss-security] 20101112 Re: CVE request: kernel: remote DoS in X.25 (MLIST)
[netdev] 20101111 [SECURITY] [PATCH] Prevent crashing when parsing bad X.25 (MLIST)
[oss-security] 20101111 CVE request: kernel: remote DoS in X.25 (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=652517 (CONFIRM)
DSA-2126 (DEBIAN)
SUSE-SA:2011:001 (SUSE)
SUSE-SA:2011:002 (SUSE)
42778 (SECUNIA)
ADV-2011-0012 (VUPEN)
42801 (SECUNIA)
SUSE-SA:2010:060 (SUSE)
45055 (BID)
42932 (SECUNIA)
ADV-2011-0124 (VUPEN)
SUSE-SA:2011:004 (SUSE)
43291 (SECUNIA)
ADV-2011-0298 (VUPEN)
ADV-2011-0375 (VUPEN)
SUSE-SA:2011:007 (SUSE)
SUSE-SA:2011:008 (SUSE)
MDVSA-2011:029 (MANDRIVA)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f (MISC)
Content available only for registered users!
ovaldb@altx-soft.com