Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:3402
[Eng]
Version
4
Class
patch
ALTXid
48941
Language
Russian
Severity
NotAvailable
Title
Обновление ELSA-2011:0004: устранение уязвимостей, ошибок и различные доработки в kernel
Description
Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c.
Family
unix
Platform
Oracle Linux 5
Product
kernel
Reference
VENDOR: ELSA-2011:0004-01
VENDOR: ELSA-2011:0004-01
Id:
ELSA-2011:0004-01
Reference:
http://linux.oracle.com/errata/ELSA-2011-0004.html
CVE: CVE-2010-3432
CVE: CVE-2010-3432
Id:
CVE-2010-3432
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3432
Comment
: The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE:
20 (Improper Input Validation)
References:
43480 (BID)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.6 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=637675 (CONFIRM)
[oss-security] 20100924 CVE Request -- Linux/SCTP DoS in sctp_packet_config() (MLIST)
[netdev] 20100915 [PATCH] net: SCTP remote/local Denial of Service vulnerability description and fix (MLIST)
[oss-security] 20100925 Re: CVE Request -- Linux/SCTP DoS in sctp_packet_config() (MLIST)
RHSA-2010:0936 (REDHAT)
42400 (SECUNIA)
USN-1000-1 (UBUNTU)
ADV-2010-3113 (VUPEN)
RHSA-2010:0842 (REDHAT)
SUSE-SA:2011:001 (SUSE)
RHSA-2011:0004 (REDHAT)
RHSA-2010:0958 (REDHAT)
DSA-2126 (DEBIAN)
ADV-2011-0012 (VUPEN)
42778 (SECUNIA)
ADV-2011-0024 (VUPEN)
42789 (SECUNIA)
SUSE-SA:2011:007 (SUSE)
ADV-2011-0298 (VUPEN)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4bdab43323b459900578b200a4b8cf9713ac8fab (MISC)
CVE: CVE-2010-3442
CVE: CVE-2010-3442
Id:
CVE-2010-3442
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3442
Comment
: Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
CVSSv2 Score:
4.7
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:C
CWE:
190 (Integer Overflow or Wraparound)
References:
[oss-security] 20100929 Re: CVE request - kernel: prevent heap corruption in snd_ctl_new() (MLIST)
[oss-security] 20100929 Re: CVE request - kernel: prevent heap corruption in snd_ctl_new() (MLIST)
[oss-security] 20100929 CVE request - kernel: prevent heap corruption in snd_ctl_new() (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=638478 (CONFIRM)
[oss-security] 20100929 Re: CVE request - kernel: prevent heap corruption in snd_ctl_new() (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc5-next-20100928.bz2 (CONFIRM)
42400 (SECUNIA)
RHSA-2010:0936 (REDHAT)
43787 (BID)
ADV-2010-3113 (VUPEN)
RHSA-2010:0842 (REDHAT)
USN-1000-1 (UBUNTU)
42745 (SECUNIA)
FEDORA-2010-18983 (FEDORA)
ADV-2010-3321 (VUPEN)
RHSA-2011:0004 (REDHAT)
RHSA-2010:0958 (REDHAT)
SUSE-SA:2011:002 (SUSE)
DSA-2126 (DEBIAN)
SUSE-SA:2011:001 (SUSE)
MDVSA-2010:257 (MANDRIVA)
ADV-2011-0012 (VUPEN)
42801 (SECUNIA)
42778 (SECUNIA)
ADV-2011-0024 (VUPEN)
42789 (SECUNIA)
SUSE-SA:2010:060 (SUSE)
43291 (SECUNIA)
SUSE-SA:2011:008 (SUSE)
ADV-2011-0375 (VUPEN)
ADV-2011-0298 (VUPEN)
SUSE-SA:2011:007 (SUSE)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=5591bf07225523600450edd9e6ad258bb877b779 (MISC)
CVE: CVE-2010-3699
CVE: CVE-2010-3699
Id:
CVE-2010-3699
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3699
Comment
: The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.
CVSSv2 Score:
2.7
Access vector:
ADJACENT_NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:A/AC:L/Au:S/C:N/I:N/A:P
CWE:
399 (Resource Management Errors)
References:
1024786 (SECTRACK)
http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/59f097ef181b (CONFIRM)
42372 (SECUNIA)
RHSA-2011:0004 (REDHAT)
ADV-2011-0024 (VUPEN)
42789 (SECUNIA)
ADV-2011-0213 (VUPEN)
45039 (BID)
SUSE-SA:2011:005 (SUSE)
43056 (SECUNIA)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
CVE: CVE-2010-3858
CVE: CVE-2010-3858
Id:
CVE-2010-3858
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3858
Comment
: The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
References:
44301 (BID)
https://bugzilla.redhat.com/show_bug.cgi?id=645222 (CONFIRM)
http://grsecurity.net/~spender/64bit_dos.c (MISC)
[oss-security] 20101022 Re: CVE request: kernel: setup_arg_pages: diagnose excessive argument size (MLIST)
15619 (EXPLOIT-DB)
[oss-security] 20101021 CVE request: kernel: setup_arg_pages: diagnose excessive argument size (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 (CONFIRM)
RHSA-2010:0958 (REDHAT)
DSA-2126 (DEBIAN)
RHSA-2011:0004 (REDHAT)
42758 (SECUNIA)
MDVSA-2010:257 (MANDRIVA)
ADV-2011-0070 (VUPEN)
USN-1041-1 (UBUNTU)
42789 (SECUNIA)
ADV-2011-0024 (VUPEN)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1b528181b2ffa14721fb28ad1bd539fe1732c583 (MISC)
CVE: CVE-2010-3859
CVE: CVE-2010-3859
Id:
CVE-2010-3859
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3859
Comment
: Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in net/core/iovec.c.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE:
787 (Out-of-bounds Write)
References:
[netdev] 20101027 Re: [PATCH 1/4] tipc: Fix bugs in tipc_msg_calc_data_size() (MLIST)
[netdev] 20101027 [PATCH 3/4] tipc: Update arguments to use size_t for iovec array sizes (MLIST)
[netdev] 20101027 [PATCH 1/4] tipc: Fix bugs in tipc_msg_calc_data_size() (MLIST)
[netdev] 20101027 [PATCH 2/4] tipc: Fix bugs in tipc_msg_build() (MLIST)
[netdev] 20101027 [PATCH 4/4] tipc: Fix bugs in sending of large amounts of byte-stream data (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=645867 (CONFIRM)
[oss-security] 20101022 CVE request: kernel: heap overflow in TIPC (MLIST)
[netdev] 20101028 Re: [PATCH 2/4] tipc: Fix bugs in tipc_msg_build() (MLIST)
[netdev] 20101027 [PATCH 0/4] RFC: tipc int vs size_t fixes (MLIST)
[oss-security] 20101022 Re: CVE request: kernel: heap overflow in TIPC (MLIST)
RHSA-2011:0004 (REDHAT)
DSA-2126 (DEBIAN)
ADV-2011-0024 (VUPEN)
42789 (SECUNIA)
44354 (BID)
42963 (SECUNIA)
RHSA-2011:0162 (REDHAT)
ADV-2011-0168 (VUPEN)
MDVSA-2011:029 (MANDRIVA)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
[netdev] 20101021 TIPC security issues (MLIST)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=253eacc070b114c2ec1f81b067d2fed7305467b0 (MISC)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8acfe468b0384e834a303f08ebc4953d72fb690a (MISC)
CVE: CVE-2010-3865
CVE: CVE-2010-3865
Id:
CVE-2010-3865
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3865
Comment
: Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE:
190 (Integer Overflow or Wraparound)
References:
44549 (BID)
[oss-security] 20101029 CVE request: kernel: iovec overflow in rds_rdma_pages() (MLIST)
[oss-security] 20101101 Re: CVE request: kernel: iovec overflow in rds_rdma_pages() (MLIST)
[netdev] 20101028 Re: [Security] TIPC security issues (MLIST)
[netdev] 20101028 Re: [Security] TIPC security issues (MLIST)
SUSE-SA:2010:057 (SUSE)
SUSE-SA:2011:002 (SUSE)
SUSE-SA:2011:001 (SUSE)
RHSA-2011:0004 (REDHAT)
42778 (SECUNIA)
ADV-2011-0012 (VUPEN)
42801 (SECUNIA)
ADV-2011-0024 (VUPEN)
42789 (SECUNIA)
42890 (SECUNIA)
RHSA-2011:0007 (REDHAT)
ADV-2011-0298 (VUPEN)
SUSE-SA:2011:007 (SUSE)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
kernel-rdsrdmapages-overflow(62881) (XF)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
CVE: CVE-2010-3876
CVE: CVE-2010-3876
Id:
CVE-2010-3876
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3876
Comment
: net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
909 ()
References:
[oss-security] 20101104 Re: CVE request: kernel stack infoleaks (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=649715 (CONFIRM)
[oss-security] 20101102 Re: CVE request: kernel stack infoleaks (MLIST)
[oss-security] 20101102 Re: CVE request: kernel stack infoleaks (MLIST)
[netdev] 20101031 [PATCH 2/3] net: packet: fix information leak to userland (MLIST)
[oss-security] 20101102 Re: CVE request: kernel stack infoleaks (MLIST)
[oss-security] 20101102 CVE request: kernel stack infoleaks (MLIST)
RHSA-2010:0958 (REDHAT)
RHSA-2011:0004 (REDHAT)
DSA-2126 (DEBIAN)
ADV-2011-0024 (VUPEN)
44630 (BID)
42789 (SECUNIA)
42963 (SECUNIA)
RHSA-2011:0162 (REDHAT)
ADV-2011-0168 (VUPEN)
42890 (SECUNIA)
RHSA-2011:0007 (REDHAT)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=67286640f638f5ad41a946b9a3dc75327950248f (MISC)
CVE: CVE-2010-3880
CVE: CVE-2010-3880
Id:
CVE-2010-3880
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3880
Comment
: net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
[oss-security] 20101104 CVE request: kernel: logic error in INET_DIAG bytecode auditing (MLIST)
[netdev] 20101103 [PATCH 2/2] inet_diag: Make sure we actually run the same bytecode we audited. (MLIST)
44665 (BID)
https://bugzilla.redhat.com/show_bug.cgi?id=651264 (CONFIRM)
[oss-security] 20101105 Re: CVE request: kernel: logic error in INET_DIAG bytecode auditing (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 (CONFIRM)
42126 (SECUNIA)
RHSA-2010:0958 (REDHAT)
RHSA-2011:0004 (REDHAT)
DSA-2126 (DEBIAN)
ADV-2011-0024 (VUPEN)
42789 (SECUNIA)
RHSA-2011:0007 (REDHAT)
42890 (SECUNIA)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22e76c849d505d87c5ecf3d3e6742a65f0ff4860 (MISC)
CVE: CVE-2010-4083
CVE: CVE-2010-4083
Id:
CVE-2010-4083
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4083
Comment
: The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE:
909 ()
References:
[oss-security] 20101025 Re: CVE request: multiple kernel stack memory disclosures (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=648673 (CONFIRM)
[oss-security] 20100925 CVE request: multiple kernel stack memory disclosures (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 (CONFIRM)
[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures (MLIST)
[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures (MLIST)
[mm-commits] 20100923 + sys_semctl-fix-kernel-stack-leakage.patch added to -mm tree (MLIST)
DSA-2126 (DEBIAN)
RHSA-2010:0958 (REDHAT)
RHSA-2011:0004 (REDHAT)
SUSE-SA:2011:001 (SUSE)
ADV-2011-0012 (VUPEN)
42778 (SECUNIA)
ADV-2011-0124 (VUPEN)
SUSE-SA:2010:060 (SUSE)
SUSE-SA:2011:004 (SUSE)
ADV-2011-0024 (VUPEN)
42932 (SECUNIA)
43809 (BID)
42789 (SECUNIA)
42963 (SECUNIA)
RHSA-2011:0162 (REDHAT)
ADV-2011-0168 (VUPEN)
42890 (SECUNIA)
RHSA-2011:0007 (REDHAT)
SUSE-SA:2011:007 (SUSE)
ADV-2011-0298 (VUPEN)
ADV-2011-0375 (VUPEN)
43291 (SECUNIA)
SUSE-SA:2011:008 (SUSE)
MDVSA-2011:051 (MANDRIVA)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=982f7c2b2e6a28f8f266e075d92e19c0dd4c6e56 ()
CVE: CVE-2010-4157
CVE: CVE-2010-4157
Id:
CVE-2010-4157
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4157
Comment
: Integer overflow in the ioc_general function in drivers/scsi/gdth.c in the Linux kernel before 2.6.36.1 on 64-bit platforms allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large argument in an ioctl call.
CVSSv2 Score:
6.2
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE:
190 (Integer Overflow or Wraparound)
References:
[linux-scsi] 20101008 [patch] gdth: integer overflow in ioctl (MLIST)
[oss-security] 20101108 Re: CVE request: kernel: gdth: integer overflow in ioc_general() (MLIST)
44648 (BID)
[oss-security] 20101109 Re: CVE request: kernel: gdth: integer overflow in ioc_general() (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=651147 (CONFIRM)
[oss-security] 20101109 Re: CVE request: kernel: gdth: integer overflow in ioc_general() (MLIST)
[oss-security] 20101110 Re: CVE request: kernel: gdth: integer overflow in ioc_general() (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.1 (CONFIRM)
[oss-security] 20101108 CVE request: kernel: gdth: integer overflow in ioc_general() (MLIST)
FEDORA-2010-18983 (FEDORA)
42745 (SECUNIA)
ADV-2010-3321 (VUPEN)
RHSA-2010:0958 (REDHAT)
RHSA-2011:0004 (REDHAT)
SUSE-SA:2011:001 (SUSE)
SUSE-SA:2011:002 (SUSE)
ADV-2011-0012 (VUPEN)
42801 (SECUNIA)
42778 (SECUNIA)
SUSE-SA:2011:004 (SUSE)
ADV-2011-0124 (VUPEN)
ADV-2011-0024 (VUPEN)
SUSE-SA:2010:060 (SUSE)
42789 (SECUNIA)
42932 (SECUNIA)
42963 (SECUNIA)
RHSA-2011:0162 (REDHAT)
ADV-2011-0168 (VUPEN)
SUSE-SA:2011:007 (SUSE)
43291 (SECUNIA)
SUSE-SA:2011:008 (SUSE)
ADV-2011-0375 (VUPEN)
ADV-2011-0298 (VUPEN)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f63ae56e4e97fb12053590e41a4fa59e7daa74a4 (MISC)
CVE: CVE-2010-4161
CVE: CVE-2010-4161
Id:
CVE-2010-4161
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4161
Comment
: The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
399 (Resource Management Errors)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=651698 (CONFIRM)
[netdev] 20101110 Re: [PATCH] Prevent reading uninitialized memory with socket filters (MLIST)
20101118 Re: Kernel 0-day (BUGTRAQ)
https://bugzilla.redhat.com/show_bug.cgi?id=652534 (CONFIRM)
RHSA-2011:0004 (REDHAT)
42789 (SECUNIA)
ADV-2011-0024 (VUPEN)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
kernel-udpqueuercvskb-dos(64497) (XF)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
CVE: CVE-2010-4242
CVE: CVE-2010-4242
Id:
CVE-2010-4242
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4242
Comment
: The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver.
CVSSv2 Score:
4
Access vector:
LOCAL
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:H/Au:N/C:N/I:N/A:C
CWE:
CWE-Other ()
References:
http://xorl.wordpress.com/2010/12/01/cve-2010-4242-linux-kernel-bluetooth-hci-uart-invalid-pointer-access/ (MISC)
http://git.kernel.org/linus/c19483cc5e56ac5e22dd19cf25ba210ab1537773 (CONFIRM)
[linux-kernel] 20101007 Peculiar stuff in hci_ath3k/badness in hci_uart (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=641410 (CONFIRM)
RHSA-2011:0004 (REDHAT)
45014 (BID)
ADV-2011-0024 (VUPEN)
42789 (SECUNIA)
42963 (SECUNIA)
RHSA-2011:0162 (REDHAT)
ADV-2011-0168 (VUPEN)
RHSA-2011:0007 (REDHAT)
42890 (SECUNIA)
43291 (SECUNIA)
ADV-2011-0375 (VUPEN)
SUSE-SA:2011:008 (SUSE)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
kernel-hciuartttyopen-dos(64617) (XF)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
CVE: CVE-2010-4247
CVE: CVE-2010-4247
Id:
CVE-2010-4247
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4247
Comment
: The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information.
CVSSv2 Score:
5.5
Access vector:
ADJACENT_NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:A/AC:L/Au:S/C:N/I:N/A:C
CWE:
20 (Improper Input Validation)
References:
http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c (MISC)
45029 (BID)
http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d (MISC)
[oss-security] 20101123 CVE request: xen: request-processing loop is unbounded in blkback (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=656206 (CONFIRM)
35093 (SECUNIA)
[oss-security] 20101124 Re: CVE request: xen: request-processing loop is unbounded in blkback (MLIST)
RHSA-2011:0004 (REDHAT)
ADV-2011-0024 (VUPEN)
42789 (SECUNIA)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
CVE: CVE-2010-4248
CVE: CVE-2010-4248
Id:
CVE-2010-4248
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4248
Comment
: Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
[oss-security] 20101124 Re: CVE request: kernel: posix-cpu-timers: workaround to suppress the problems with mt exec (MLIST)
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=656264 (CONFIRM)
[oss-security] 20101123 CVE request: kernel: posix-cpu-timers: workaround to suppress the problems with mt exec (MLIST)
45028 (BID)
RHSA-2011:0004 (REDHAT)
ADV-2011-0024 (VUPEN)
42789 (SECUNIA)
42890 (SECUNIA)
RHSA-2011:0007 (REDHAT)
MDVSA-2011:029 (MANDRIVA)
46397 (SECUNIA)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html (CONFIRM)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (BUGTRAQ)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0a70217107e6f9844628120412cb27bb4cea194 (MISC)
Content available only for registered users!
ovaldb@altx-soft.com