ID CVE-2009-4536
Summary drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
References
Vulnerable Configurations
  • Linux Kernel 2.6.32.3
    cpe:2.3:o:linux:linux_kernel:2.6.32.3
  • Debian GNU/Linux 4.0
    cpe:2.3:o:debian:debian_linux:4.0
  • Debian GNU/Linux 5.0
    cpe:2.3:o:debian:debian_linux:5.0
CVSS
Base: 7.8 (as of 12-01-2010 - 12:59)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2013-0039.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79507
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79507
    title OracleVM 2.2 : kernel (OVMSA-2013-0039)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0019.NASL
    description Updated kernel packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the IPv6 Extension Header (EH) handling implementation in the Linux kernel. The skb->dst data structure was not properly validated in the ipv6_hop_jumbo() function. This could possibly lead to a remote denial of service. (CVE-2007-4567, Important) * a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43820
    published 2010-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43820
    title RHEL 5 : kernel (RHSA-2010:0019)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2003.NASL
    description NOTE: This kernel update marks the final planned kernel security update for the 2.6.18 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date. A final update that includes fixes for these issues in the 2.6.24 kernel is also in preparation and will be released shortly. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3080 Dave Jones reported an issue in the gdth SCSI driver. A missing check for negative offsets in an ioctl call could be exploited by local users to create a denial of service or potentially gain elevated privileges. - CVE-2009-3726 Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call. - CVE-2009-4005 Roel Kluin discovered an issue in the hfc_usb driver, an ISDN driver for Colognechip HFC-S USB chip. A potential read overflow exists which may allow remote users to cause a denial of service condition (oops). - CVE-2009-4020 Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem. - CVE-2009-4021 Anana V. Avati discovered an issue in the fuse subsystem. If the system is sufficiently low on memory, a local user can cause the kernel to dereference an invalid pointer resulting in a denial of service (oops) and potentially an escalation of privileges. - CVE-2009-4536 Fabian Yamaguchi reported an issue in the e1000 driver for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames. - CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. - CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory). - CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory. - CVE-2010-0622 Jerome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service (oops). This update also fixes a regression introduced by a previous security update that caused problems booting on certain s390 systems.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44867
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44867
    title Debian DSA-2003-1 : linux-2.6 - privilege escalation/denial of service
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0009_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - libpng - VMnc Codec - vmrun - VMware Remote Console (VMrc) - VMware Tools - vmware-authd
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89740
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89740
    title VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12578.NASL
    description This update fixes various security issues and some bugs in the SUSE Linux Enterprise 9 kernel. - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. (CVE-2009-3080) - Missing CAP_NET_ADMIN checks in the ebtables netfilter code might have allowed local attackers to modify bridge firewall settings. (CVE-2010-0007) - drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - The dbg_lvl file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. (CVE-2009-3889) - The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage. (CVE-2009-1883) - Memory leak in the appletalk subsystem in the Linux kernel, when the appletalk and ipddp modules are loaded but the ipddp'N' device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams. (CVE-2009-2903) - net/1/af_unix.c in the Linux kernel allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. (CVE-2009-3621) - The ATI Rage 128 (aka r128) driver in the Linux kernel does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. (CVE-2009-3620)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 44654
    published 2010-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44654
    title SuSE9 Security Update : the Linux kernel (YOU Patch Number 12578)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1996.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3939 Joseph Malicki reported that the dbg_lvl sysfs attribute for the megaraid_sas device driver had world-writable permissions, permitting local users to modify logging settings. - CVE-2009-4027 Lennert Buytenhek reported a race in the mac80211 subsystem that may allow remote users to cause a denial of service (system crash) on a system connected to the same wireless network. - CVE-2009-4536 CVE-2009-4538 Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames. - CVE-2010-0003 Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. - CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. - CVE-2010-0291 Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service (system panic) or obtain elevated privileges. - CVE-2010-0298 & CVE-2010-0306 Gleb Natapov discovered issues in the KVM subsystem where missing permission checks (CPL/IOPL) permit a user in a guest system to denial of service a guest (system crash) or gain escalated privileges with the guest. - CVE-2010-0307 Mathias Krause reported an issue with the load_elf_binary code on the amd64 flavor kernels that allows local users to cause a denial of service (system crash). - CVE-2010-0309 Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service (crash) of the host system. - CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory). - CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44860
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44860
    title Debian DSA-1996-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leak
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0009.NASL
    description a. Service Console update for COS kernel Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1. b. ESXi userworld update for ntp The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source. A vulnerability in ntpd could allow a remote attacker to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue. c. Service Console package openssl updated to 0.9.8e-12.el5_4.1 OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide. A memory leak in the zlib could allow a remote attacker to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4355 to this issue. A vulnerability was discovered which may allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2409 to this issue. This update also includes security fixes that were first addressed in version openssl-0.9.8e-12.el5.i386.rpm. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues. d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to 2.2.14-15. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Multiple integer underflows in the AES and RC4 functionality in the crypto library could allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4212 to this issue. The service console package for pam_krb5 is updated to version pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In some non-default configurations (specifically, where pam_krb5 would be the first module to prompt for a password), a remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1384 to this issue. e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2 BIND (Berkeley Internet Name Daemon) is by far the most widely used Domain Name System (DNS) software on the Internet. A vulnerability was discovered which could allow remote attacker to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0097 to this issue. A vulnerability was discovered which could allow remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains CNAME or DNAME records, which do not have the intended validation before caching. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0290 to this issue. A vulnerability was found in the way that bind handles out-of- bailiwick data accompanying a secure response without re-fetching from the original source, which could allow remote attackers to have an unspecified impact via a crafted response. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0382 to this issue. NOTE: ESX does not use the BIND name service daemon by default. f. Service Console package gcc updated to 3.2.3-60 The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Java, and Ada, as well as libraries for these languages GNU Libtool's ltdl.c attempts to open .la library files in the current working directory. This could allow a local user to gain privileges via a Trojan horse file. The GNU C Compiler collection (gcc) provided in ESX contains a statically linked version of the vulnerable code, and is being replaced. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3736 to this issue. g. Service Console package gzip update to 1.3.3-15.rhel3 gzip is a software application used for file compression An integer underflow in gzip's unlzw function on 64-bit platforms may allow a remote attacker to trigger an array index error leading to a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW compressed file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0001 to this issue. h. Service Console package sudo updated to 1.6.9p17-6.el5_4 Sudo (su 'do') allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. When a pseudo-command is enabled, sudo permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0426 to this issue. When the runas_default option is used, sudo does not properly set group memberships, which allows local users to gain privileges via a sudo command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0427 to this issue.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 46765
    published 2010-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46765
    title VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-6779.NASL
    description This update fixes various bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel. The following security issues were fixed : - drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. (CVE-2009-4538) - Missing CAP_NET_ADMIN checks in the ebtables netfilter code might have allowed local attackers to modify bridge firewall settings. (CVE-2010-0007)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 49869
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49869
    title SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 6779)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_KERNEL-100203.NASL
    description This kernel update for openSUSE 11.0 fixes some bugs and several security problems. The following security issues are fixed: CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. CVE-2009-4538: drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. CVE-2010-0007: Missing CAP_NET_ADMIN checks in the ebtables netfilter code might have allowed local attackers to modify bridge firewall settings. CVE-2010-0003: An information leakage on fatal signals on x86_64 machines was fixed. CVE-2009-4138: drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. CVE-2009-4308: The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. CVE-2009-4021: The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. CVE-2009-3547: A race condition in the pipe(2) systemcall could be used by local attackers to hang the machine. The kernel in Moblin 2.0 uses NULL ptr protection which avoids code execution possbilities. CVE-2009-2903: Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp'N' device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams. CVE-2009-3621: net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. CVE-2009-3612: The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. CVE-2009-3620: The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. CVE-2009-3726: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state. CVE-2009-3286: NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails. CVE-2009-2910: arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. CVE-2009-3238: The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to 'return the same value over and over again for long stretches of time.' CVE-2009-2848: The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. CVE-2009-3002: The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c. CVE-2009-1633: Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44621
    published 2010-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44621
    title openSUSE Security Update : kernel (kernel-1908)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2011-0009_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Linux Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. An attacker can exploit this to execute arbitrary code. (CVE-2010-2240) - A packet filter bypass exists in the Linux Kernel e1000 driver due to processing trailing payload data as a complete frame. A remote attacker can exploit this to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - A use-after-free error exists in the Linux Kernel when IPV6_RECVPKTINFO is set on a listening socket. A remote attacker can exploit this, via a SYN packet while the socket is in a listening (TCP_LISTEN) state, to cause a kernel panic, resulting in a denial of service condition. (CVE-2010-1188) - An array index error exists in the Linux Kernel in the gdth_read_event() function. A local attacker can exploit this, via a negative event index in an IOCTL request, to cause a denial of service condition. (CVE-2009-3080) - A race condition exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to gain privileges by mounting a filesystem on top of an arbitrary directory. (CVE-2011-1787) - A flaw exists in the VMware Host Guest File System (HGFS) that allows a Solaris or FreeBSD guest operating system user to modify arbitrary guest operating system files. (CVE-2011-2145) - A flaw exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to disclose host operating system files and directories. (CVE-2011-2146) - A flaw exists in the bundled Tom Sawyer GET Extension Factory that allows a remote attacker to cause a denial of service condition or the execution of arbitrary code via a crafted HTML document. (CVE-2011-2217)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89678
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89678
    title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0009) (remote check)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100107_KERNEL_ON_SL5_X.NASL
    description CVE-2007-4567 kernel: ipv6_hop_jumbo remote system crash CVE-2009-4537 kernel: r8169 issue reported at 26c3 CVE-2009-4538 kernel: e1000e frame fragment issue CVE-2009-4536 kernel: e1000 issue reported at 26c3 This update fixes the following security issues : - a flaw was found in the IPv6 Extension Header (EH) handling implementation in the Linux kernel. The skb->dst data structure was not properly validated in the ipv6_hop_jumbo() function. This could possibly lead to a remote denial of service. (CVE-2007-4567, Important) - a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) - a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) The system must be rebooted for this update to take effect. Note1: Due to the fuse kernel module now being part of the kernel, we are updating fuse on the older releases to match the fuse that was released by The Upstream Vendor. Note2: xfs is now part of the kernel in x86_64. Because of this there is no kernel-module-xfs for x86_64. Note3: ipw3945 support has been changed to iwlwifi3945 in SL 54, and is in the kernel. Because of this there is no kernel-module-ipw3945 for SL54. Note4: Support for the Atheros chipset in now in the kernel. We are not sure if the infrastructure is in place for SL 50-53, so we are still providing the madwifi kernel modules for SL 50-53.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60717
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60717
    title Scientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0111.NASL
    description Updated kernel packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with a certain revision of the network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 63919
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63919
    title RHEL 4 : kernel (RHSA-2010:0111)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1500.NASL
    description Kernel security update for Fedora 11: CVE-2009-4141 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2010-0307 Bugs: 559100 kernel: tty->pgrp races 521265 oops in VIA padlock driver Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47258
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47258
    title Fedora 11 : kernel-2.6.30.10-105.2.13.fc11 (2010-1500)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-894-1.NASL
    description Amerigo Wang and Eric Sesterhenn discovered that the HFS and ext4 filesystems did not correctly check certain disk structures. If a user were tricked into mounting a specially crafted filesystem, a remote attacker could crash the system or gain root privileges. (CVE-2009-4020, CVE-2009-4308) It was discovered that FUSE did not correctly check certain requests. A local attacker with access to FUSE mounts could exploit this to crash the system or possibly gain root privileges. Ubuntu 9.10 was not affected. (CVE-2009-4021) It was discovered that KVM did not correctly decode certain guest instructions. A local attacker in a guest could exploit this to trigger high scheduling latency in the host, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-4031) It was discovered that the OHCI fireware driver did not correctly handle certain ioctls. A local attacker could exploit this to crash the system, or possibly gain root privileges. Ubuntu 6.06 was not affected. (CVE-2009-4138) Tavis Ormandy discovered that the kernel did not correctly handle O_ASYNC on locked files. A local attacker could exploit this to gain root privileges. Only Ubuntu 9.04 and 9.10 were affected. (CVE-2009-4141) Neil Horman and Eugene Teo discovered that the e1000 and e1000e network drivers did not correctly check the size of Ethernet frames. An attacker on the local network could send specially crafted traffic to bypass packet filters, crash the system, or possibly gain root privileges. (CVE-2009-4536, CVE-2009-4538) It was discovered that 'print-fatal-signals' reporting could show arbitrary kernel memory contents. A local attacker could exploit this, leading to a loss of privacy. By default this is disabled in Ubuntu and did not affect Ubuntu 6.06. (CVE-2010-0003) Olli Jarva and Tuomo Untinen discovered that IPv6 did not correctly handle jumbo frames. A remote attacker could exploit this to crash the system, leading to a denial of service. Only Ubuntu 9.04 and 9.10 were affected. (CVE-2010-0006) Florian Westphal discovered that bridging netfilter rules could be modified by unprivileged users. A local attacker could disrupt network traffic, leading to a denial of service. (CVE-2010-0007) Al Viro discovered that certain mremap operations could leak kernel memory. A local attacker could exploit this to consume all available memory, leading to a denial of service. (CVE-2010-0291). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44399
    published 2010-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44399
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-894-1)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2011-0009.NASL
    description a. VMware vmkernel third-party e1000(e) Driver Packet Filter Bypass There is an issue in the e1000(e) Linux driver for Intel PRO/1000 adapters that allows a remote attacker to bypass packet filters. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-4536 to this issue. b. ESX third-party update for Service Console kernel This update for the console OS kernel package resolves four security issues. 1) IPv4 Remote Denial of Service An remote attacker can achieve a denial of service via an issue in the kernel IPv4 code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1188 to this issue. 2) SCSI Driver Denial of Service / Possible Privilege Escalation A local attacker can achieve a denial of service and possibly a privilege escalation via a vulnerability in the Linux SCSI drivers. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3080 to this issue. 3) Kernel Memory Management Arbitrary Code Execution A context-dependent attacker can execute arbitrary code via a vulnerability in a kernel memory handling function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2240 to this issue. 4) e1000 Driver Packet Filter Bypass There is an issue in the Service Console e1000 Linux driver for Intel PRO/1000 adapters that allows a remote attacker to bypass packet filters. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-4536 to this issue. c. Multiple vulnerabilities in mount.vmhgfs This patch provides a fix for the following three security issues in the VMware Host Guest File System (HGFS). None of these issues affect Windows based Guest Operating Systems. 1) Mount.vmhgfs Information Disclosure Information disclosure via a vulnerability that allows an attacker with access to the Guest to determine if a path exists in the Host filesystem and whether it is a file or directory regardless of permissions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2146 to this issue. 2) Mount.vmhgfs Race Condition Privilege escalation via a race condition that allows an attacker with access to the guest to mount on arbitrary directories in the Guest filesystem and achieve privilege escalation if they can control the contents of the mounted directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-1787 to this issue. 3) Mount.vmhgfs Privilege Escalation Privilege escalation via a procedural error that allows an attacker with access to the guest operating system to gain write access to an arbitrary file in the Guest filesystem. This issue only affects Solaris and FreeBSD Guest Operating Systems. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2145 to this issue. VMware would like to thank Dan Rosenberg for reporting these issues. d. VI Client ActiveX vulnerabilities VI Client COM objects can be instantiated in Internet Explorer which may cause memory corruption. An attacker who succeeded in making the VI Client user visit a malicious Web site could execute code on the user's system within the security context of that user. VMware would like to thank Elazar Broad and iDefense for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-2217 to this issue. Affected versions. The vSphere Client which comes with vSphere 4.0 and vSphere 4.1 is not affected. This is any build of vSphere Client Version 4.0.0 and vSphere Client Version 4.1.0. VI Clients bundled with VMware Infrastructure 3 that are not affected are : - VI Client 2.0.2 Build 230598 and higher - VI Client 2.5 Build 204931 and higher The issue can be remediated by replacing an affected VI Client with the VI Client bundled with VirtualCenter 2.5 Update 6 or VirtualCenter 2.5 Update 6a.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 54968
    published 2011-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54968
    title VMSA-2011-0009 : VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0053.NASL
    description Updated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the IPv6 Extension Header (EH) handling implementation in the Linux kernel. The skb->dst data structure was not properly validated in the ipv6_hop_jumbo() function. This could possibly lead to a remote denial of service. (CVE-2007-4567, Important) * a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with a certain revision of the network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) This update also fixes the following bugs : * on certain hardware, the igb driver was unable to detect link statuses correctly for Serializer-Deserializer (SERDES) interface Ethernet ports. This may have caused problems for network interface bonding, such as failover not occurring. (BZ#548023) * in certain situations, kdump occasionally dumped a vmcore file with no registers on Intel Itanium systems that were under high disk I/O load. In these cases, this prevented the kernel stack backtrace in the vmcore from being viewed with the crash utility. (BZ#542581) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 63913
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63913
    title RHEL 5 : kernel (RHSA-2010:0053)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0019.NASL
    description Updated kernel packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the IPv6 Extension Header (EH) handling implementation in the Linux kernel. The skb->dst data structure was not properly validated in the ipv6_hop_jumbo() function. This could possibly lead to a remote denial of service. (CVE-2007-4567, Important) * a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43832
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43832
    title CentOS 5 : kernel (CESA-2010:0019)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0019.NASL
    description From Red Hat Security Advisory 2010:0019 : Updated kernel packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the IPv6 Extension Header (EH) handling implementation in the Linux kernel. The skb->dst data structure was not properly validated in the ipv6_hop_jumbo() function. This could possibly lead to a remote denial of service. (CVE-2007-4567, Important) * a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 67982
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67982
    title Oracle Linux 5 : kernel (ELSA-2010-0019)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-6778.NASL
    description This update fixes various bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel. The following security issues were fixed : - drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. (CVE-2009-4538) - Missing CAP_NET_ADMIN checks in the ebtables netfilter code might have allowed local attackers to modify bridge firewall settings. (CVE-2010-0007)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 59144
    published 2012-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59144
    title SuSE 10 Security Update : the debug kernel (ZYPP Patch Number 6778)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0020.NASL
    description Updated kernel packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43821
    published 2010-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43821
    title RHEL 4 : kernel (RHSA-2010:0020)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2005.NASL
    description NOTE: This kernel update marks the final planned kernel security update for the 2.6.24 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2691 Steve Beattie and Kees Cook reported an information leak in the maps and smaps files available under /proc. Local users may be able to read this data for setuid processes while the ELF binary is being loaded. - CVE-2009-2695 Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. - CVE-2009-3080 Dave Jones reported an issue in the gdth SCSI driver. A missing check for negative offsets in an ioctl call could be exploited by local users to create a denial of service or potentially gain elevated privileges. - CVE-2009-3726 Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call. - CVE-2009-3889 Joe Malicki discovered an issue in the megaraid_sas driver. Insufficient permissions on the sysfs dbg_lvl interface allow local users to modify the debug logging behavior. - CVE-2009-4005 Roel Kluin discovered an issue in the hfc_usb driver, an ISDN driver for Colognechip HFC-S USB chip. A potential read overflow exists which may allow remote users to cause a denial of service condition (oops). - CVE-2009-4020 Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem. - CVE-2009-4021 Anana V. Avati discovered an issue in the fuse subsystem. If the system is sufficiently low on memory, a local user can cause the kernel to dereference an invalid pointer resulting in a denial of service (oops) and potentially an escalation of privileges. - CVE-2009-4138 Jay Fenlason discovered an issue in the firewire stack that allows local users to cause a denial of service (oops or crash) by making a specially crafted ioctl call. - CVE-2009-4308 Ted Ts'o discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (NULL pointer dereference). For this to be exploitable, the local user must have sufficient privileges to mount a filesystem. - CVE-2009-4536 CVE-2009-4538 Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted Ethernet frames. - CVE-2010-0003 Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. - CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. - CVE-2010-0291 Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service (system panic) or obtain elevated privileges. - CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory). - CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory. - CVE-2010-0622 Jerome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service (oops).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44951
    published 2010-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44951
    title Debian DSA-2005-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-6806.NASL
    description This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The following security issues were fixed : - Two sysfs filers in the qla2xxx driver were worldwriteable, so users could change SCSI attributes of the qla2xxx driver. CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-3556) (The e1000e driver is not included in the SLES 10 SP2 kernel, so CVE-2009-4538 does not affect this kernel.)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 44398
    published 2010-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44398
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6806)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0020.NASL
    description Updated kernel packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44026
    published 2010-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44026
    title CentOS 4 : kernel (CESA-2010:0020)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0079.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the IPv6 Extension Header (EH) handling implementation in the Linux kernel. The skb->dst data structure was not properly validated in the ipv6_hop_jumbo() function. This could possibly lead to a remote denial of service. (CVE-2007-4567, Important) * the possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service (kernel panic). (CVE-2007-5966, Important) * memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease. (CVE-2009-0778, Important) * a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the 'syscall' number or arguments. (CVE-2009-0834, Important) * a flaw was found in the Intel PRO/1000 Linux driver (e1000) in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially crafted packet that would cause a denial of service or code execution. (CVE-2009-1385, Important) * the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2009-1895, Important) * a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with a certain revision of the network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) Note: This update also fixes several bugs. Documentation for these bug fixes will be available shortly from www.redhat.com/docs/en-US/errata/RHSA-2010-0079/Kernel_Security_Update / index.html Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 63915
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63915
    title RHEL 5 : kernel (RHSA-2010:0079)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-100223.NASL
    description The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.45 fixing various bugs and security issues. - The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. (CVE-2010-0622) - The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. (CVE-2010-0307) - Users could send/allocate arbitrary amounts of NETLINK_CONNECTOR messages to the kernel, causing OOM condition, killing selected processes or halting the system. (CVE-2010-0410) - The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernels node set. (CVE-2010-0415) - net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. (CVE-2010-0007) - drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. (CVE-2009-4538) - The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. (CVE-2010-0003) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44966
    published 2010-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44966
    title SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 2040 / 2043 / 2044)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100107_KERNEL_ON_SL4_X.NASL
    description CVE-2009-4537 kernel: r8169 issue reported at 26c3 CVE-2009-4538 kernel: e1000e frame fragment issue CVE-2009-4536 kernel: e1000 issue reported at 26c3 This update fixes the following security issues : - a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) - a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60716
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60716
    title Scientific Linux Security Update : kernel on SL4.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_KERNEL-100223.NASL
    description The openSUSE 11.1 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. CVE-2010-0307: The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. CVE-2010-0410: Users could send/allocate arbitrary amounts of NETLINK_CONNECTOR messages to the kernel, causing OOM condition, killing selected processes or halting the system. CVE-2010-0415: The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set. CVE-2010-0007: net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. CVE-2009-4538: drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. CVE-2010-0003: The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44964
    published 2010-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44964
    title openSUSE Security Update : kernel (kernel-2050)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_KERNEL-100128.NASL
    description The Linux kernel for openSUSE 11.2 was updated to 2.6.31.12 to fix the following bugs and security issues : - The permission of the devtmpfs root directory was incorrectly 1777 (instead of 755). If it was used, local attackers could escalate privileges. (openSUSE 11.2 does not use this filesystem by default). (CVE-2010-0299) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939) - ebtables was lacking a CAP_NET_ADMIN check, making it possible for local unprivileged attackers to modify the network bridge management. (CVE-2010-0007) - An information leakage on fatal signals on x86_64 machines was fixed. (CVE-2010-0003) - A race condition in fasync handling could be used by local attackers to crash the machine or potentially execute code. (CVE-2009-4141) - The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram. (CVE-2010-0006) - drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. (CVE-2009-4538)
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 44411
    published 2010-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44411
    title SuSE 11.2 Security Update: kernel (2010-01-28)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_0_BUILD_515841_REMOTE.NASL
    description The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities : - A security bypass vulnerability exists in the e1000 driver in the Linux kernel due to improper handling of Ethernet frames that exceed the MTU. An unauthenticated, remote attacker can exploit this, via trailing payload data, to bypass packet filters. (CVE-2009-4536) - An error exists in the file misc/mntent_r.c that could allow a local attacker to cause denial of service conditions. (CVE-2010-0296) - An error exists related to glibc, the dynamic linker and '$ORIGIN' substitution that could allow privilege escalation. (CVE-2011-0536) - An error exists in the function 'fnmatch' in the file posix/fnmatch.c that could allow arbitrary code execution. (CVE-2011-1071) - An error exists in the file locale/programs/locale.c related to localization environment variables that could allow privilege escalation. (CVE-2011-1095) - An error exists related to glibc, the dynamic linker and 'RPATH' that could allow privilege escalation. (CVE-2011-1658) - An error exists in the function 'fnmatch' related to UTF-8 string handling that could allow privilege escalation. (CVE-2011-1659)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70880
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70880
    title ESXi 5.0 < Build 515841 Multiple Vulnerabilities (remote check)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1787.NASL
    description Kernel security update. Bugs fixed: #563091 #510823 #559100 #533087 CVE-2010-0307 CVE-2010-0410 CVE-2010-0415 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47270
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47270
    title Fedora 12 : kernel-2.6.31.12-174.2.19.fc12 (2010-1787)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-100108.NASL
    description Indications Everyone using the Linux Kernel on x86_64 architecture should update. Contraindications None. Problem description The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. The following security issues were fixed : - A underflow in the e1000 jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4536) - A underflow in the e1000e jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4538) - drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. (CVE-2009-4138) - The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). (CVE-2009-4307) - The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. (CVE-2009-4308) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939) - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080) - Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020) For a complete list of changes, please look at the RPM changelog. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as a set of RPM packages that can easily be installed onto a running system by using the YaST online update module.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44037
    published 2010-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44037
    title SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1754 / 1760)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_KERNEL-100107.NASL
    description The openSUSE 11.1 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. Following security issues were fixed: CVE-2009-4536: A underflow in the e1000 jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. CVE-2009-4538: A underflow in the e1000e jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. CVE-2009-4138: drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. CVE-2009-4307: The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). CVE-2009-4308: The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. CVE-2009-4005: The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. CVE-2009-3080: A negative offset in a ioctl in the GDTH RAID driver was fixed. CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. For a complete list of changes, please look at the RPM changelog.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44034
    published 2010-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44034
    title openSUSE Security Update : kernel (kernel-1749)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-100109.NASL
    description Indications Everyone using the Linux Kernel on s390x architecture should update. Contraindications None. Problem description The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. The following security issues were fixed : - A underflow in the e1000 jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4536) - A underflow in the e1000e jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4538) - drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. (CVE-2009-4138) - The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). (CVE-2009-4307) - The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. (CVE-2009-4308) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939) - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080) - Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020) For a complete list of changes, please look at the RPM changelog. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as a set of RPM packages that can easily be installed onto a running system by using the YaST online update module.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 52685
    published 2011-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52685
    title SuSE 11 Security Update : Linux kernel (SAT Patch Number 1753)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0020.NASL
    description From Red Hat Security Advisory 2010:0020 : Updated kernel packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67983
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67983
    title Oracle Linux 4 : kernel (ELSA-2010-0020)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-6810.NASL
    description This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The following security issues were fixed : - Two sysfs filers in the qla2xxx driver were worldwriteable, so users could change SCSI attributes of the qla2xxx driver. CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-3556) (The e1000e driver is not included in the SLES 10 SP2 kernel, so CVE-2009-4538 does not affect this kernel.)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 59145
    published 2012-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59145
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6810)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-7568.NASL
    description This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. The following security issues were fixed : - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. (CVE-2011-1593) - Only half of the fix for this vulnerability was only applied, the fix was completed now. Original text: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel handled Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - Boundschecking was missing in AARESOLVE_OFFSET in the SCTP protocol, which allowed local attackers to overwrite kernel memory and so escalate privileges or crash the kernel. (CVE-2011-1573) - Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel might have allowed local users to gain privileges or obtain sensitive information via a crafted LDM partition table. (CVE-2011-1017) - When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. (CVE-2011-1585) - Kernel information via the TPM devices could by used by local attackers to read kernel memory. (CVE-2011-1160) - The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code. (CVE-2011-1577) - In the IrDA module, length fields provided by a peer for names and attributes may be longer than the destination array sizes and were not checked, this allowed local attackers (close to the irda port) to potentially corrupt memory. (CVE-2011-1180) - A system out of memory condition (denial of service) could be triggered with a large socket backlog, exploitable by local users. This has been addressed by backlog limiting. (CVE-2010-4251) - The Radeon GPU drivers in the Linux kernel did not properly validate data related to the AA resolve registers, which allowed local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. (CVE-2011-1016) - When parsing the FAC_NATIONAL_DIGIS facilities field, it was possible for a remote host to provide more digipeaters than expected, resulting in heap corruption. (CVE-2011-1493) - Local attackers could send signals to their programs that looked like coming from the kernel, potentially gaining privileges in the context of setuid programs. (CVE-2011-1182) - The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. (CVE-2011-1017 / CVE-2011-1012) - The code for evaluating Mac partitions (in fs/partitions/mac.c) contained a bug that could crash the kernel for certain corrupted Mac partitions. (CVE-2011-1010) - The code for evaluating OSF partitions (in fs/partitions/osf.c) contained a bug that leaks data from kernel heap memory to userspace for certain corrupted OSF partitions. (CVE-2011-1163) - Specially crafted requests may be written to /dev/sequencer resulting in an underflow when calculating a size for a copy_from_user() operation in the driver for MIDI interfaces. On x86, this just returns an error, but it could have caused memory corruption on other architectures. Other malformed requests could have resulted in the use of uninitialized variables. (CVE-2011-1476) - Due to a failure to validate user-supplied indexes in the driver for Yamaha YM3812 and OPL-3 chips, a specially crafted ioctl request could have been sent to /dev/sequencer, resulting in reading and writing beyond the bounds of heap buffers, and potentially allowing privilege escalation. (CVE-2011-1477) - A information leak in the XFS geometry calls could be used by local attackers to gain access to kernel information. (CVE-2011-0191) - The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length. (CVE-2010-0008)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 55468
    published 2011-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55468
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7568)
oval via4
  • accepted 2013-04-29T04:07:03.493-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
    family unix
    id oval:org.mitre.oval:def:10607
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
    version 24
  • accepted 2011-12-05T04:00:06.322-05:00
    class vulnerability
    contributors
    name Aslesha Nargolkar
    organization Hewlett-Packard
    definition_extensions
    comment VMware ESX Server 3.5.0 is installed
    oval oval:org.mitre.oval:def:5887
    description drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
    family unix
    id oval:org.mitre.oval:def:12440
    status accepted
    submitted 2011-09-30T10:20:58.000-05:00
    title VMware vmkernel third party e1000 Driver Packet Filter Bypass
    version 6
  • accepted 2011-12-05T04:00:14.454-05:00
    class vulnerability
    contributors
    name Aslesha Nargolkar
    organization Hewlett-Packard
    definition_extensions
    comment VMware ESX Server 3.5.0 is installed
    oval oval:org.mitre.oval:def:5887
    description drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
    family unix
    id oval:org.mitre.oval:def:13226
    status accepted
    submitted 2011-09-30T10:46:17.000-05:00
    title ESX third party update for Service Console kernel
    version 6
  • accepted 2014-01-20T04:01:35.002-05:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
    family unix
    id oval:org.mitre.oval:def:7453
    status accepted
    submitted 2010-06-01T17:30:00.000-05:00
    title Linux e1000 Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
    version 8
redhat via4
advisories
  • rhsa
    id RHSA-2010:0019
  • rhsa
    id RHSA-2010:0020
  • rhsa
    id RHSA-2010:0041
  • rhsa
    id RHSA-2010:0053
  • rhsa
    id RHSA-2010:0095
  • rhsa
    id RHSA-2010:0111
  • rhsa
    id RHSA-2010:0882
rpms
  • kernel-0:2.6.18-164.10.1.el5
  • kernel-PAE-0:2.6.18-164.10.1.el5
  • kernel-PAE-devel-0:2.6.18-164.10.1.el5
  • kernel-debug-0:2.6.18-164.10.1.el5
  • kernel-debug-devel-0:2.6.18-164.10.1.el5
  • kernel-devel-0:2.6.18-164.10.1.el5
  • kernel-doc-0:2.6.18-164.10.1.el5
  • kernel-headers-0:2.6.18-164.10.1.el5
  • kernel-kdump-0:2.6.18-164.10.1.el5
  • kernel-kdump-devel-0:2.6.18-164.10.1.el5
  • kernel-xen-0:2.6.18-164.10.1.el5
  • kernel-xen-devel-0:2.6.18-164.10.1.el5
  • kernel-0:2.6.9-89.0.19.EL
  • kernel-devel-0:2.6.9-89.0.19.EL
  • kernel-doc-0:2.6.9-89.0.19.EL
  • kernel-hugemem-0:2.6.9-89.0.19.EL
  • kernel-hugemem-devel-0:2.6.9-89.0.19.EL
  • kernel-largesmp-0:2.6.9-89.0.19.EL
  • kernel-largesmp-devel-0:2.6.9-89.0.19.EL
  • kernel-smp-0:2.6.9-89.0.19.EL
  • kernel-smp-devel-0:2.6.9-89.0.19.EL
  • kernel-xenU-0:2.6.9-89.0.19.EL
  • kernel-xenU-devel-0:2.6.9-89.0.19.EL
refmap via4
bid 37519
confirm
debian
  • DSA-1996
  • DSA-2005
fedora FEDORA-2010-1787
misc
mlist
  • [oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389
  • [oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389
  • [oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389
sectrack 1023420
secunia
  • 35265
  • 38031
  • 38276
  • 38296
  • 38492
  • 38610
  • 38779
suse
  • SUSE-SA:2010:005
  • SUSE-SA:2010:007
  • SUSE-SA:2010:010
  • SUSE-SA:2010:012
  • SUSE-SA:2010:013
  • SUSE-SA:2010:014
xf kernel-e1000main-security-bypass(55648)
Last major update 19-03-2012 - 00:00
Published 12-01-2010 - 12:30
Last modified 16-11-2018 - 10:51
Back to Top