Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:12434
[Eng]
Version
10
Class
patch
ALTXid
27622
Language
Russian
Severity
NotAvailable
Title
Обновление USN-947-1 -- уязвимости linux, linux-source-2.6.15
Description
It was discovered that the Linux kernel did not correctly handle memory
protection of the Virtual Dynamic Shared Object page when running
a 32-bit application on a 64-bit kernel. A local attacker could
exploit this to cause a denial of service.
Family
unix
Platform
Ubuntu 10.04
Ubuntu 6.06
Ubuntu 8.04
Ubuntu 9.04
Ubuntu 9.10
Product
linux
linux-source-2.6.15
Reference
VENDOR: USN-947-1
VENDOR: USN-947-1
Id:
USN-947-1
Reference:
https://usn.ubuntu.com/usn/usn-947-1
CVE: CVE-2010-1488
CVE: CVE-2010-1488
Id:
CVE-2010-1488
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1488
Comment
: The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE:
399 (Resource Management Errors)
References:
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.34-rc4 (CONFIRM)
[oss-security] 20100414 Couple of kernel issues (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=582068 (CONFIRM)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b95c35e76b29ba812e5dabdd91592e25ec640e93 ()
CVE: CVE-2010-1188
CVE: CVE-2010-1188
Id:
CVE-2010-1188
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1188
Comment
: Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled and causes the skb structure to be freed.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE:
399 (Resource Management Errors)
References:
http://git.kernel.org/linus/fb7e2399ec17f1004c0e0ccfd17439f8759ede01 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20 (CONFIRM)
[oss-security] 20100329 CVE request: kernel: ipv6: skb is unexpectedly freed (remote DoS) (MLIST)
RHSA-2010:0424 (REDHAT)
RHSA-2010:0394 (REDHAT)
RHSA-2010:0380 (REDHAT)
39652 (SECUNIA)
1023992 (SECTRACK)
RHSA-2010:0439 (REDHAT)
39016 (BID)
http://support.avaya.com/css/P8/documents/100090459 (CONFIRM)
RHSA-2010:0882 (REDHAT)
http://www.vmware.com/security/advisories/VMSA-2011-0009.html (CONFIRM)
oval:org.mitre.oval:def:9878 (OVAL)
CVE: CVE-2010-1187
CVE: CVE-2010-1187
Id:
CVE-2010-1187
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187
Comment
: The Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) by sending datagrams through AF_TIPC before entering network mode, which triggers a NULL pointer dereference.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
476 (NULL Pointer Dereference)
References:
[oss-security] 20100330 CVE request: kernel: tipc: Fix oops on send prior to entering networked mode (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=578057 (CONFIRM)
[oss-security] 20100331 Re: CVE request: kernel: tipc: Fix oops on send prior to entering networked mode (MLIST)
39120 (BID)
39830 (SECUNIA)
DSA-2053 (DEBIAN)
MDVSA-2010:198 (MANDRIVA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43315 (SECUNIA)
oval:org.mitre.oval:def:9832 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commitdiff%3Bh=d0021b252eaf65ca07ed14f0d66425dd9ccab9a6%3Bhp=6d55cb91a0020ac0d78edcad61efd6c8cf5785a3 ()
CVE: CVE-2010-1162
CVE: CVE-2010-1162
Id:
CVE-2010-1162
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1162
Comment
: The release_one_tty function in drivers/char/tty_io.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
[oss-security] 20100415 Re: CVE request: kernel: tty: release_one_tty() forgets to put pids (MLIST)
[oss-security] 20100415 CVE request: kernel: tty: release_one_tty() forgets to put pids (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.34-rc4 (CONFIRM)
[oss-security] 20100414 Couple of kernel issues (MLIST)
[oss-security] 20100414 Re: Couple of kernel issues (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=582076 (CONFIRM)
39830 (SECUNIA)
DSA-2053 (DEBIAN)
ADV-2010-1857 (VUPEN)
SUSE-SA:2010:031 (SUSE)
40645 (SECUNIA)
MDVSA-2010:198 (MANDRIVA)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6da8d866d0d39e9509ff826660f6a86a6757c966 (MISC)
CVE: CVE-2010-1148
CVE: CVE-2010-1148
Id:
CVE-2010-1148
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1148
Comment
: The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
476 (NULL Pointer Dereference)
References:
39344 (SECUNIA)
https://bugzilla.redhat.com/show_bug.cgi?id=579445 (CONFIRM)
[linux-cifs-client] 20100402 [patch] skip posix open if nameidata is null (MLIST)
39186 (BID)
[oss-security] 20100405 CVE request: kernel: cifs: cifs_create() NULL pointer dereference (MLIST)
[linux-cifs-client] 20100402 [patch] skip posix open if nameidata is null (MLIST)
http://xorl.wordpress.com/2010/04/05/linux-kernel-unix-extensions-cifs-null-pointer-dereference/ (MISC)
[linux-cifs-client] 20100404 [patch] skip posix open if nameidata is null (MLIST)
[oss-security] 20100405 Re: CVE request: kernel: cifs: cifs_create() NULL pointer dereference (MLIST)
[oss-security] 20100405 Re: CVE request: kernel: cifs: cifs_create() NULL pointer dereference (MLIST)
[linux-cifs-client] 20100402 [patch] skip posix open if nameidata is null (MLIST)
linux-kernel-cifscreate-dos(57561) (XF)
CVE: CVE-2010-1146
CVE: CVE-2010-1146
Id:
CVE-2010-1146
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1146
Comment
: The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=568041 (CONFIRM)
[linux-kernel] 20100408 [PATCH #3] reiserfs: Fix permissions on .reiserfs_priv (MLIST)
39316 (SECUNIA)
39344 (BID)
12130 (EXPLOIT-DB)
63601 (OSVDB)
kernel-reiserfs-privilege-escalation(57782) (XF)
CVE: CVE-2010-1088
CVE: CVE-2010-1088
Id:
CVE-2010-1088
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088
Comment
: fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW.
CVSSv2 Score:
5.4
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:N/I:N/A:C
References:
[oss-security] 20100224 CVE request: kernel: NFS DoS related to "automount" symlinks (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=567813 (CONFIRM)
SUSE-SA:2010:019 (SUSE)
39044 (BID)
39742 (SECUNIA)
SUSE-SA:2010:023 (SUSE)
MDVSA-2010:088 (MANDRIVA)
39830 (SECUNIA)
DSA-2053 (DEBIAN)
MDVSA-2010:198 (MANDRIVA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43315 (SECUNIA)
oval:org.mitre.oval:def:10093 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=ac278a9c505092dd82077a2446af8f9fc0d9c095 ()
CVE: CVE-2010-1087
CVE: CVE-2010-1087
Id:
CVE-2010-1087
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087
Comment
: The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
[oss-security] 20100303 CVE request: kernel: NFS: Fix an Oops when truncating a file (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=567184 (CONFIRM)
39569 (BID)
DSA-2053 (DEBIAN)
39830 (SECUNIA)
SUSE-SA:2010:031 (SUSE)
ADV-2010-1857 (VUPEN)
40645 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43315 (SECUNIA)
oval:org.mitre.oval:def:10442 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=9f557cd8073104b39528794d44e129331ded649f ()
CVE: CVE-2010-1086
CVE: CVE-2010-1086
Id:
CVE-2010-1086
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086
Comment
: The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE:
399 (Resource Management Errors)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=569237 (CONFIRM)
[oss-security] 20100301 CVE request: kernel: dvb-core: ULE decapsulation DoS (MLIST)
SUSE-SA:2010:019 (SUSE)
RHSA-2010:0398 (REDHAT)
39649 (SECUNIA)
39742 (SECUNIA)
SUSE-SA:2010:023 (SUSE)
RHSA-2010:0394 (REDHAT)
38479 (BID)
39830 (SECUNIA)
DSA-2053 (DEBIAN)
http://support.avaya.com/css/P8/documents/100088287 (CONFIRM)
http://support.avaya.com/css/P8/documents/100090459 (CONFIRM)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43315 (SECUNIA)
oval:org.mitre.oval:def:10569 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=29e1fa3565a7951cc415c634eb2b78dbdbee151d ()
CVE: CVE-2010-1085
CVE: CVE-2010-1085
Id:
CVE-2010-1085
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085
Comment
: The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 and earlier, when running on the AMD780V chip set, allows context-dependent attackers to cause a denial of service (crash) via unknown manipulations that trigger a divide-by-zero error.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE:
189 (Numeric Errors)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=567168 (CONFIRM)
[linux-kernel] 20100205 PROBLEM: hda-intel divide by zero kernel crash in azx_position_ok() (MLIST)
http://nctritech.net/bugreport.txt (MISC)
[oss-security] 20100222 CVE request: kernel: ALSA: hda-intel: Avoid divide by zero crash (MLIST)
39649 (SECUNIA)
RHSA-2010:0398 (REDHAT)
RHSA-2010:0394 (REDHAT)
38348 (BID)
http://support.avaya.com/css/P8/documents/100088287 (CONFIRM)
http://support.avaya.com/css/P8/documents/100090459 (CONFIRM)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43315 (SECUNIA)
oval:org.mitre.oval:def:10027 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
CVE: CVE-2010-1084
CVE: CVE-2010-1084
Id:
CVE-2010-1084
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084
Comment
: Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
[oss-security] 20100323 CVE request: kernel: bluetooth: potential bad memory access with sysfs files (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=576018 (CONFIRM)
http://security-tracker.debian.org/tracker/CVE-2010-1084 (MISC)
38898 (BID)
DSA-2053 (DEBIAN)
39830 (SECUNIA)
RHSA-2010:0610 (REDHAT)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43315 (SECUNIA)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=101545f6fef4a0a3ea8daf0b5b880df2c6a92a69 ()
CVE: CVE-2010-1083
CVE: CVE-2010-1083
Id:
CVE-2010-1083
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1083
Comment
: The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory).
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:N/A:N
CWE:
399 (Resource Management Errors)
References:
[linux-kernel] 20100221 [80/93] USB: usbfs: properly clean up the as structure on error paths (MLIST)
[oss-security] 20100217 additional memory leak in USB userspace handling (MLIST)
[oss-security] 20100217 CVE request: kernel information leak via userspace USB interface (MLIST)
[linux-kernel] 20100330 [48/89] USB: usbfs: properly clean up the as structure on error paths (MLIST)
[oss-security] 20100218 Re: CVE request: kernel information leak via userspace USB interface (MLIST)
[oss-security] 20100219 Re: CVE request: kernel information leak via userspace USB interface (MLIST)
[oss-security] 20100219 Re: additional memory leak in USB userspace handling (MLIST)
SUSE-SA:2010:019 (SUSE)
SUSE-SA:2010:023 (SUSE)
39742 (SECUNIA)
RHSA-2010:0394 (REDHAT)
DSA-2053 (DEBIAN)
39830 (SECUNIA)
http://support.avaya.com/css/P8/documents/100090459 (CONFIRM)
RHSA-2010:0723 (REDHAT)
http://support.avaya.com/css/P8/documents/100113326 (CONFIRM)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
oval:org.mitre.oval:def:10831 (OVAL)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
CVE: CVE-2010-0741
CVE: CVE-2010-0741
Id:
CVE-2010-0741
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0741
Comment
: The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO).
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE:
20 (Improper Input Validation)
References:
[qemu-devel] 20091029 [PATCH] whitelist host virtio networking features [was Re: qemu-kvm-0.11 regression, crashes on older ...] (MLIST)
https://bugs.edge.launchpad.net/ubuntu/+source/qemu-kvm/+bug/458521 (CONFIRM)
RHSA-2010:0271 (REDHAT)
[qemu-devel] 20091029 Re: qemu-kvm-0.11 regression, crashes on older guests with virtio network (MLIST)
[oss-security] 20100329 CVE-2010-0741 qemu: Improper handling of erroneous data provided by Linux virtio-net driver (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=577218 (CONFIRM)
ADV-2010-0760 (VUPEN)
https://patchwork.kernel.org/patch/56479/ (CONFIRM)
1023798 (SECTRACK)
RHSA-2010:0476 (REDHAT)
oval:org.mitre.oval:def:11143 (OVAL)
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=184bd0484533b725194fa517ddc271ffd74da7c9 (MISC)
CVE: CVE-2010-0727
CVE: CVE-2010-0727
Id:
CVE-2010-0727
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0727
Comment
: The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
399 (Resource Management Errors)
References:
[oss-security] 20100312 CVE-2010-0727 kernel: gfs/gfs2 locking code DoS flaw (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=570863 (CONFIRM)
[linux-kernel] 20100311 [PATCH 3/3] GFS2: Skip check for mandatory locks when unlocking (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2 (CONFIRM)
MDVSA-2010:066 (MANDRIVA)
RHSA-2010:0330 (REDHAT)
1023809 (SECTRACK)
RHSA-2010:0380 (REDHAT)
39830 (SECUNIA)
DSA-2053 (DEBIAN)
RHSA-2010:0521 (REDHAT)
oval:org.mitre.oval:def:11392 (OVAL)
CVE: CVE-2010-0437
CVE: CVE-2010-0437
Id:
CVE-2010-0437
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437
Comment
: The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE:
CWE-Other ()
References:
[oss-security] 20100211 CVE request - kernel: ip6_dst_lookup_tail() NULL pointer dereference (MLIST)
http://bugzilla.kernel.org/show_bug.cgi?id=11469 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=563781 (CONFIRM)
[oss-security] 20100304 Re: CVE request - kernel: ip6_dst_lookup_tail() NULL pointer dereference (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27 (CONFIRM)
RHSA-2010:0161 (REDHAT)
RHSA-2010:0147 (REDHAT)
39033 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43315 (SECUNIA)
oval:org.mitre.oval:def:10061 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e550dfb0c2c31b6363aa463a035fc9f8dcaa3c9b (MISC)
CVE: CVE-2010-0419
CVE: CVE-2010-0419
Id:
CVE-2010-0419
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0419
Comment
: The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
CVSSv2 Score:
4.4
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
RHSA-2010:0126 (REDHAT)
38467 (BID)
https://bugzilla.redhat.com/show_bug.cgi?id=563463 (CONFIRM)
1023663 (SECTRACK)
kernel-selectors-privilege-escalation(56662) (XF)
oval:org.mitre.oval:def:10139 (OVAL)
CVE: CVE-2010-0306
CVE: CVE-2010-0306
Id:
CVE-2010-0306
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0306
Comment
: The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.
CVSSv2 Score:
4.1
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:M/Au:S/C:P/I:P/A:P
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
38499 (SECUNIA)
RHSA-2010:0095 (REDHAT)
RHSA-2010:0088 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=560654 (CONFIRM)
38158 (BID)
DSA-1996 (DEBIAN)
38492 (SECUNIA)
oval:org.mitre.oval:def:10953 (OVAL)
CVE: CVE-2010-0298
CVE: CVE-2010-0298
Id:
CVE-2010-0298
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0298
Comment
: The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.
CVSSv2 Score:
6.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
38158 (BID)
https://bugzilla.redhat.com/show_bug.cgi?id=559091 (CONFIRM)
RHSA-2010:0095 (REDHAT)
RHSA-2010:0088 (REDHAT)
DSA-1996 (DEBIAN)
38492 (SECUNIA)
oval:org.mitre.oval:def:11335 (OVAL)
CVE: CVE-2010-0008
CVE: CVE-2010-0008
Id:
CVE-2010-0008
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008
Comment
: The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE:
399 (Resource Management Errors)
References:
RHSA-2010:0146 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=555658 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23 (CONFIRM)
[oss-security] 20100317 CVE-2010-0008 kernel: sctp remote denial of service (MLIST)
RHSA-2010:0147 (REDHAT)
RHSA-2010:0342 (REDHAT)
39295 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0003.html (CONFIRM)
43315 (SECUNIA)
oval:org.mitre.oval:def:11160 (OVAL)
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ece25dfa0991f65c4e1d26beb1c3c45bda4239b8 (MISC)
CVE: CVE-2009-4537
CVE: CVE-2009-4537
Id:
CVE-2009-4537
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4537
Comment
: drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE:
20 (Improper Input Validation)
References:
http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/ (MISC)
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html (MISC)
FEDORA-2010-1787 (FEDORA)
SUSE-SA:2010:031 (SUSE)
[linux-netdev] 20091228 [PATCH RFC] r8169: straighten out overlength frame detection (MLIST)
http://marc.info/?t=126202986900002&r=1&w=2 (CONFIRM)
38031 (SECUNIA)
38610 (SECUNIA)
39742 (SECUNIA)
39830 (SECUNIA)
40645 (SECUNIA)
1023419 (SECTRACK)
http://twitter.com/dakami/statuses/7104238406 (MISC)
DSA-2053 (DEBIAN)
SUSE-SA:2010:023 (SUSE)
[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389 (MLIST)
[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389 (MLIST)
[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389 (MLIST)
RHSA-2010:0019 (REDHAT)
RHSA-2010:0020 (REDHAT)
RHSA-2010:0041 (REDHAT)
RHSA-2010:0053 (REDHAT)
RHSA-2010:0111 (REDHAT)
37521 (BID)
ADV-2010-1857 (VUPEN)
https://bugzilla.redhat.com/show_bug.cgi?id=550907 (CONFIRM)
kernel-r8169-dos(55647) (XF)
oval:org.mitre.oval:def:7443 (OVAL)
oval:org.mitre.oval:def:9439 (OVAL)
RHSA-2010:0095 (REDHAT)
CVE: CVE-2009-4271
CVE: CVE-2009-4271
Id:
CVE-2009-4271
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4271
Comment
: The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platforms allows local users to cause a denial of service (panic) via a 32-bit application that calls mprotect on its Virtual Dynamic Shared Object (VDSO) page and then triggers a segmentation fault.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
CWE-Other ()
References:
[oss-security] 20100317 CVE-2009-4271 kernel: 32bit process on 64bit system DoS (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=548876 (CONFIRM)
oval:org.mitre.oval:def:10248 (OVAL)
RHSA-2010:0146 (REDHAT)
Content available only for registered users!
ovaldb@altx-soft.com