ID CVE-2010-0008
Summary The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6
    cpe:2.3:o:linux:linux_kernel:2.6
  • Linux Kernel 2.6.0
    cpe:2.3:o:linux:linux_kernel:2.6.0
  • Linux Kernel 2.6.1
    cpe:2.3:o:linux:linux_kernel:2.6.1
  • Linux Kernel 2.6.2
    cpe:2.3:o:linux:linux_kernel:2.6.2
  • Linux Kernel 2.6.10
    cpe:2.3:o:linux:linux_kernel:2.6.10
  • Linux Kernel 2.6.11
    cpe:2.3:o:linux:linux_kernel:2.6.11
  • Linux Kernel 2.6.11.1
    cpe:2.3:o:linux:linux_kernel:2.6.11.1
  • Linux Kernel 2.6.11.2
    cpe:2.3:o:linux:linux_kernel:2.6.11.2
  • Linux Kernel 2.6.11.3
    cpe:2.3:o:linux:linux_kernel:2.6.11.3
  • Linux Kernel 2.6.11.4
    cpe:2.3:o:linux:linux_kernel:2.6.11.4
  • Linux Kernel 2.6.11.5
    cpe:2.3:o:linux:linux_kernel:2.6.11.5
  • Linux Kernel 2.6.11.6
    cpe:2.3:o:linux:linux_kernel:2.6.11.6
  • Linux Kernel 2.6.11.7
    cpe:2.3:o:linux:linux_kernel:2.6.11.7
  • Linux Kernel 2.6.11.8
    cpe:2.3:o:linux:linux_kernel:2.6.11.8
  • Linux Kernel 2.6.11.9
    cpe:2.3:o:linux:linux_kernel:2.6.11.9
  • Linux Kernel 2.6.11.10
    cpe:2.3:o:linux:linux_kernel:2.6.11.10
  • Linux Kernel 2.6.11.11
    cpe:2.3:o:linux:linux_kernel:2.6.11.11
  • Linux Kernel 2.6.11.12
    cpe:2.3:o:linux:linux_kernel:2.6.11.12
  • Linux Kernel 2.6.12
    cpe:2.3:o:linux:linux_kernel:2.6.12
  • Linux Kernel 2.6.12.1
    cpe:2.3:o:linux:linux_kernel:2.6.12.1
  • Linux Kernel 2.6.12.2
    cpe:2.3:o:linux:linux_kernel:2.6.12.2
  • Linux Kernel 2.6.12.3
    cpe:2.3:o:linux:linux_kernel:2.6.12.3
  • Linux Kernel 2.6.12.4
    cpe:2.3:o:linux:linux_kernel:2.6.12.4
  • Linux Kernel 2.6.12.5
    cpe:2.3:o:linux:linux_kernel:2.6.12.5
  • Linux Kernel 2.6.12.6
    cpe:2.3:o:linux:linux_kernel:2.6.12.6
  • Linux Kernel 2.6.13
    cpe:2.3:o:linux:linux_kernel:2.6.13
  • Linux Kernel 2.6.13.1
    cpe:2.3:o:linux:linux_kernel:2.6.13.1
  • Linux Kernel 2.6.13.2
    cpe:2.3:o:linux:linux_kernel:2.6.13.2
  • Linux Kernel 2.6.13.3
    cpe:2.3:o:linux:linux_kernel:2.6.13.3
  • Linux Kernel 2.6.13.4
    cpe:2.3:o:linux:linux_kernel:2.6.13.4
  • Linux Kernel 2.6.13.5
    cpe:2.3:o:linux:linux_kernel:2.6.13.5
  • Linux Kernel 2.6.14
    cpe:2.3:o:linux:linux_kernel:2.6.14
  • Linux Kernel 2.6.14.1
    cpe:2.3:o:linux:linux_kernel:2.6.14.1
  • Linux Kernel 2.6.14.2
    cpe:2.3:o:linux:linux_kernel:2.6.14.2
  • Linux Kernel 2.6.14.3
    cpe:2.3:o:linux:linux_kernel:2.6.14.3
  • Linux Kernel 2.6.14.4
    cpe:2.3:o:linux:linux_kernel:2.6.14.4
  • Linux Kernel 2.6.14.5
    cpe:2.3:o:linux:linux_kernel:2.6.14.5
  • Linux Kernel 2.6.14.6
    cpe:2.3:o:linux:linux_kernel:2.6.14.6
  • Linux Kernel 2.6.14.7
    cpe:2.3:o:linux:linux_kernel:2.6.14.7
  • Linux Kernel 2.6.15
    cpe:2.3:o:linux:linux_kernel:2.6.15
  • Linux Kernel 2.6.15.1
    cpe:2.3:o:linux:linux_kernel:2.6.15.1
  • Linux Kernel 2.6.15.2
    cpe:2.3:o:linux:linux_kernel:2.6.15.2
  • Linux Kernel 2.6.15.3
    cpe:2.3:o:linux:linux_kernel:2.6.15.3
  • Linux Kernel 2.6.15.4
    cpe:2.3:o:linux:linux_kernel:2.6.15.4
  • Linux Kernel 2.6.15.5
    cpe:2.3:o:linux:linux_kernel:2.6.15.5
  • Linux Kernel 2.6.15.6
    cpe:2.3:o:linux:linux_kernel:2.6.15.6
  • Linux Kernel 2.6.15.7
    cpe:2.3:o:linux:linux_kernel:2.6.15.7
  • Linux Kernel 2.6.16
    cpe:2.3:o:linux:linux_kernel:2.6.16
  • Linux Kernel 2.6.16.1
    cpe:2.3:o:linux:linux_kernel:2.6.16.1
  • Linux Kernel 2.6.16.2
    cpe:2.3:o:linux:linux_kernel:2.6.16.2
  • Linux Kernel 2.6.16.3
    cpe:2.3:o:linux:linux_kernel:2.6.16.3
  • Linux Kernel 2.6.16.4
    cpe:2.3:o:linux:linux_kernel:2.6.16.4
  • Linux Kernel 2.6.16.5
    cpe:2.3:o:linux:linux_kernel:2.6.16.5
  • Linux Kernel 2.6.16.6
    cpe:2.3:o:linux:linux_kernel:2.6.16.6
  • Linux Kernel 2.6.16.7
    cpe:2.3:o:linux:linux_kernel:2.6.16.7
  • Linux Kernel 2.6.16.8
    cpe:2.3:o:linux:linux_kernel:2.6.16.8
  • Linux Kernel 2.6.16.9
    cpe:2.3:o:linux:linux_kernel:2.6.16.9
  • Linux Kernel 2.6.16.10
    cpe:2.3:o:linux:linux_kernel:2.6.16.10
  • Linux Kernel 2.6.16.11
    cpe:2.3:o:linux:linux_kernel:2.6.16.11
  • Linux Kernel 2.6.16.12
    cpe:2.3:o:linux:linux_kernel:2.6.16.12
  • Linux Kernel 2.6.16.13
    cpe:2.3:o:linux:linux_kernel:2.6.16.13
  • Linux Kernel 2.6.16.14
    cpe:2.3:o:linux:linux_kernel:2.6.16.14
  • Linux Kernel 2.6.16.15
    cpe:2.3:o:linux:linux_kernel:2.6.16.15
  • Linux Kernel 2.6.16.16
    cpe:2.3:o:linux:linux_kernel:2.6.16.16
  • Linux Kernel 2.6.16.17
    cpe:2.3:o:linux:linux_kernel:2.6.16.17
  • Linux Kernel 2.6.16.18
    cpe:2.3:o:linux:linux_kernel:2.6.16.18
  • Linux Kernel 2.6.16.19
    cpe:2.3:o:linux:linux_kernel:2.6.16.19
  • Linux Kernel 2.6.16.20
    cpe:2.3:o:linux:linux_kernel:2.6.16.20
  • Linux Kernel 2.6.16.21
    cpe:2.3:o:linux:linux_kernel:2.6.16.21
  • Linux Kernel 2.6.16.22
    cpe:2.3:o:linux:linux_kernel:2.6.16.22
  • Linux Kernel 2.6.16.23
    cpe:2.3:o:linux:linux_kernel:2.6.16.23
  • Linux Kernel 2.6.16.24
    cpe:2.3:o:linux:linux_kernel:2.6.16.24
  • Linux Kernel 2.6.16.25
    cpe:2.3:o:linux:linux_kernel:2.6.16.25
  • Linux Kernel 2.6.16.26
    cpe:2.3:o:linux:linux_kernel:2.6.16.26
  • Linux Kernel 2.6.16.27
    cpe:2.3:o:linux:linux_kernel:2.6.16.27
  • Linux Kernel 2.6.16.28
    cpe:2.3:o:linux:linux_kernel:2.6.16.28
  • Linux Kernel 2.6.16.29
    cpe:2.3:o:linux:linux_kernel:2.6.16.29
  • Linux Kernel 2.6.16.30
    cpe:2.3:o:linux:linux_kernel:2.6.16.30
  • Linux Kernel 2.6.16.31
    cpe:2.3:o:linux:linux_kernel:2.6.16.31
  • Linux Kernel 2.6.16.32
    cpe:2.3:o:linux:linux_kernel:2.6.16.32
  • Linux Kernel 2.6.16.33
    cpe:2.3:o:linux:linux_kernel:2.6.16.33
  • Linux Kernel 2.6.16.34
    cpe:2.3:o:linux:linux_kernel:2.6.16.34
  • Linux Kernel 2.6.16.35
    cpe:2.3:o:linux:linux_kernel:2.6.16.35
  • Linux Kernel 2.6.16.36
    cpe:2.3:o:linux:linux_kernel:2.6.16.36
  • Linux Kernel 2.6.16.37
    cpe:2.3:o:linux:linux_kernel:2.6.16.37
  • Linux Kernel 2.6.16.38
    cpe:2.3:o:linux:linux_kernel:2.6.16.38
  • Linux Kernel 2.6.16.39
    cpe:2.3:o:linux:linux_kernel:2.6.16.39
  • Linux Kernel 2.6.16.40
    cpe:2.3:o:linux:linux_kernel:2.6.16.40
  • Linux Kernel 2.6.16.41
    cpe:2.3:o:linux:linux_kernel:2.6.16.41
  • Linux Kernel 2.6.16.42
    cpe:2.3:o:linux:linux_kernel:2.6.16.42
  • Linux Kernel 2.6.16.43
    cpe:2.3:o:linux:linux_kernel:2.6.16.43
  • Linux Kernel 2.6.16.44
    cpe:2.3:o:linux:linux_kernel:2.6.16.44
  • Linux Kernel 2.6.16.45
    cpe:2.3:o:linux:linux_kernel:2.6.16.45
  • Linux Kernel 2.6.16.46
    cpe:2.3:o:linux:linux_kernel:2.6.16.46
  • Linux Kernel 2.6.16.47
    cpe:2.3:o:linux:linux_kernel:2.6.16.47
  • Linux Kernel 2.6.16.48
    cpe:2.3:o:linux:linux_kernel:2.6.16.48
  • Linux Kernel 2.6.16.49
    cpe:2.3:o:linux:linux_kernel:2.6.16.49
  • Linux Kernel 2.6.16.50
    cpe:2.3:o:linux:linux_kernel:2.6.16.50
  • Linux Kernel 2.6.16.51
    cpe:2.3:o:linux:linux_kernel:2.6.16.51
  • Linux Kernel 2.6.16.52
    cpe:2.3:o:linux:linux_kernel:2.6.16.52
  • Linux Kernel 2.6.16.53
    cpe:2.3:o:linux:linux_kernel:2.6.16.53
  • Linux Kernel 2.6.16.54
    cpe:2.3:o:linux:linux_kernel:2.6.16.54
  • Linux Kernel 2.16.55
    cpe:2.3:o:linux:linux_kernel:2.6.16.55
  • Linux Kernel 2.6.16.56
    cpe:2.3:o:linux:linux_kernel:2.6.16.56
  • Linux Kernel 2.6.16.57
    cpe:2.3:o:linux:linux_kernel:2.6.16.57
  • Linux Kernel 2.6.16.58
    cpe:2.3:o:linux:linux_kernel:2.6.16.58
  • Linux Kernel 2.6.16.59
    cpe:2.3:o:linux:linux_kernel:2.6.16.59
  • Linux Kernel 2.6.16.60
    cpe:2.3:o:linux:linux_kernel:2.6.16.60
  • Linux Kernel 2.6.16.61
    cpe:2.3:o:linux:linux_kernel:2.6.16.61
  • Linux Kernel 2.6.16.62
    cpe:2.3:o:linux:linux_kernel:2.6.16.62
  • Linux Kernel 2.6.17
    cpe:2.3:o:linux:linux_kernel:2.6.17
  • Linux Kernel 2.6.17.1
    cpe:2.3:o:linux:linux_kernel:2.6.17.1
  • Linux Kernel 2.6.17.2
    cpe:2.3:o:linux:linux_kernel:2.6.17.2
  • Linux Kernel 2.6.17.3
    cpe:2.3:o:linux:linux_kernel:2.6.17.3
  • Linux Kernel 2.6.17.4
    cpe:2.3:o:linux:linux_kernel:2.6.17.4
  • Linux Kernel 2.6.17.5
    cpe:2.3:o:linux:linux_kernel:2.6.17.5
  • Linux Kernel 2.6.17.6
    cpe:2.3:o:linux:linux_kernel:2.6.17.6
  • Linux Kernel 2.6.17.7
    cpe:2.3:o:linux:linux_kernel:2.6.17.7
  • Linux Kernel 2.6.17.8
    cpe:2.3:o:linux:linux_kernel:2.6.17.8
  • Linux Kernel 2.6.17.9
    cpe:2.3:o:linux:linux_kernel:2.6.17.9
  • Linux Kernel 2.6.17.10
    cpe:2.3:o:linux:linux_kernel:2.6.17.10
  • Linux Kernel 2.6.17.11
    cpe:2.3:o:linux:linux_kernel:2.6.17.11
  • Linux Kernel 2.6.17.12
    cpe:2.3:o:linux:linux_kernel:2.6.17.12
  • Linux Kernel 2.6.17.13
    cpe:2.3:o:linux:linux_kernel:2.6.17.13
  • Linux Kernel 2.6.17.14
    cpe:2.3:o:linux:linux_kernel:2.6.17.14
  • Linux Kernel 2.6.18
    cpe:2.3:o:linux:linux_kernel:2.6.18
  • Linux Kernel 2.6.18 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc1
  • Linux Kernel 2.6.18 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc2
  • Linux Kernel 2.6.18 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc3
  • Linux Kernel 2.6.18 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc4
  • Linux Kernel 2.6.18 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc5
  • Linux Kernel 2.6.18 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc6
  • Linux Kernel 2.6.18 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc7
  • Linux Kernel 2.6.18.1
    cpe:2.3:o:linux:linux_kernel:2.6.18.1
  • Linux Kernel 2.6.18.2
    cpe:2.3:o:linux:linux_kernel:2.6.18.2
  • Linux Kernel 2.6.18.3
    cpe:2.3:o:linux:linux_kernel:2.6.18.3
  • Linux Kernel 2.6.18.4
    cpe:2.3:o:linux:linux_kernel:2.6.18.4
  • Linux Kernel 2.6.18.5
    cpe:2.3:o:linux:linux_kernel:2.6.18.5
  • Linux Kernel 2.6.18.6
    cpe:2.3:o:linux:linux_kernel:2.6.18.6
  • Linux Kernel 2.6.18.7
    cpe:2.3:o:linux:linux_kernel:2.6.18.7
  • Linux Kernel 2.6.18.8
    cpe:2.3:o:linux:linux_kernel:2.6.18.8
  • Linux Kernel 2.6.19
    cpe:2.3:o:linux:linux_kernel:2.6.19
  • Linux Kernel 2.6.19.1
    cpe:2.3:o:linux:linux_kernel:2.6.19.1
  • Linux Kernel 2.6.19.2
    cpe:2.3:o:linux:linux_kernel:2.6.19.2
  • Linux Kernel 2.6.19.3
    cpe:2.3:o:linux:linux_kernel:2.6.19.3
  • Linux Kernel 2.6.19.4
    cpe:2.3:o:linux:linux_kernel:2.6.19.4
  • Linux Kernel 2.6.19.5
    cpe:2.3:o:linux:linux_kernel:2.6.19.5
  • Linux Kernel 2.6.19.6
    cpe:2.3:o:linux:linux_kernel:2.6.19.6
  • Linux Kernel 2.6.19.7
    cpe:2.3:o:linux:linux_kernel:2.6.19.7
  • Linux Kernel 2.6.20
    cpe:2.3:o:linux:linux_kernel:2.6.20
  • Linux Kernel 2.6.20.1
    cpe:2.3:o:linux:linux_kernel:2.6.20.1
  • Linux Kernel 2.6.20.2
    cpe:2.3:o:linux:linux_kernel:2.6.20.2
  • Linux Kernel 2.6.20.3
    cpe:2.3:o:linux:linux_kernel:2.6.20.3
  • Linux Kernel 2.6.20.4
    cpe:2.3:o:linux:linux_kernel:2.6.20.4
  • Linux Kernel 2.6.20.5
    cpe:2.3:o:linux:linux_kernel:2.6.20.5
  • Linux Kernel 2.6.20.6
    cpe:2.3:o:linux:linux_kernel:2.6.20.6
  • Linux Kernel 2.6.20.7
    cpe:2.3:o:linux:linux_kernel:2.6.20.7
  • Linux Kernel 2.6.20.8
    cpe:2.3:o:linux:linux_kernel:2.6.20.8
  • Linux Kernel 2.6.20.9
    cpe:2.3:o:linux:linux_kernel:2.6.20.9
  • Linux Kernel 2.6.20.10
    cpe:2.3:o:linux:linux_kernel:2.6.20.10
  • Linux Kernel 2.6.20.11
    cpe:2.3:o:linux:linux_kernel:2.6.20.11
  • Linux Kernel 2.6.20.12
    cpe:2.3:o:linux:linux_kernel:2.6.20.12
  • Linux Kernel 2.6.20.13
    cpe:2.3:o:linux:linux_kernel:2.6.20.13
  • Linux Kernel 2.6.20.14
    cpe:2.3:o:linux:linux_kernel:2.6.20.14
  • Linux Kernel 2.6.20.15
    cpe:2.3:o:linux:linux_kernel:2.6.20.15
  • Linux Kernel 2.6.20.16
    cpe:2.3:o:linux:linux_kernel:2.6.20.16
  • Linux Kernel 2.6.20.17
    cpe:2.3:o:linux:linux_kernel:2.6.20.17
  • Linux Kernel 2.6.20.18
    cpe:2.3:o:linux:linux_kernel:2.6.20.18
  • Linux Kernel 2.6.20.19
    cpe:2.3:o:linux:linux_kernel:2.6.20.19
  • Linux Kernel 2.6.20.20
    cpe:2.3:o:linux:linux_kernel:2.6.20.20
  • Linux Kernel 2.6.20.21
    cpe:2.3:o:linux:linux_kernel:2.6.20.21
  • Linux Kernel 2.6.21
    cpe:2.3:o:linux:linux_kernel:2.6.21
  • Linux Kernel 2.6.21.1
    cpe:2.3:o:linux:linux_kernel:2.6.21.1
  • Linux Kernel 2.6.21.2
    cpe:2.3:o:linux:linux_kernel:2.6.21.2
  • Linux Kernel 2.6.21.3
    cpe:2.3:o:linux:linux_kernel:2.6.21.3
  • Linux Kernel 2.6.21.4
    cpe:2.3:o:linux:linux_kernel:2.6.21.4
  • Linux Kernel 2.6.21.5
    cpe:2.3:o:linux:linux_kernel:2.6.21.5
  • Linux Kernel 2.6.21.6
    cpe:2.3:o:linux:linux_kernel:2.6.21.6
  • Linux Kernel 2.6.21.7
    cpe:2.3:o:linux:linux_kernel:2.6.21.7
  • Linux Kernel 2.6.22
    cpe:2.3:o:linux:linux_kernel:2.6.22
  • Linux Kernel 2.6.22.1
    cpe:2.3:o:linux:linux_kernel:2.6.22.1
  • Linux Kernel 2.6.22.2
    cpe:2.3:o:linux:linux_kernel:2.6.22.2
  • Linux Kernel 2.6.22.3
    cpe:2.3:o:linux:linux_kernel:2.6.22.3
  • Linux Kernel 2.6.22.4
    cpe:2.3:o:linux:linux_kernel:2.6.22.4
  • Linux Kernel 2.6.22.5
    cpe:2.3:o:linux:linux_kernel:2.6.22.5
  • Linux Kernel 2.6.22.6
    cpe:2.3:o:linux:linux_kernel:2.6.22.6
  • Linux Kernel 2.6.22.7
    cpe:2.3:o:linux:linux_kernel:2.6.22.7
  • Linux Kernel 2.6.22.8
    cpe:2.3:o:linux:linux_kernel:2.6.22.8
  • Linux Kernel 2.6.22.9
    cpe:2.3:o:linux:linux_kernel:2.6.22.9
  • Linux Kernel 2.6.22.10
    cpe:2.3:o:linux:linux_kernel:2.6.22.10
  • Linux Kernel 2.6.22.11
    cpe:2.3:o:linux:linux_kernel:2.6.22.11
  • Linux Kernel 2.6.22.12
    cpe:2.3:o:linux:linux_kernel:2.6.22.12
  • Linux Kernel 2.6.22.13
    cpe:2.3:o:linux:linux_kernel:2.6.22.13
  • Linux Kernel 2.6.22.14
    cpe:2.3:o:linux:linux_kernel:2.6.22.14
  • Linux Kernel 2.6.22.15
    cpe:2.3:o:linux:linux_kernel:2.6.22.15
  • Linux Kernel 2.6.22.16
    cpe:2.3:o:linux:linux_kernel:2.6.22.16
  • Linux Kernel 2.6.22.17
    cpe:2.3:o:linux:linux_kernel:2.6.22.17
  • Linux Kernel 2.6.22.18
    cpe:2.3:o:linux:linux_kernel:2.6.22.18
  • Linux Kernel 2.6.22.19
    cpe:2.3:o:linux:linux_kernel:2.6.22.19
CVSS
Base: 7.8 (as of 22-03-2010 - 15:44)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0146.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When '/proc/sys/kernel/print-fatal-signals' is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) This update also fixes the following bugs : * under some circumstances, a locking bug could have caused an online ext3 file system resize to deadlock, which may have, in turn, caused the file system or the entire system to become unresponsive. In either case, a reboot was required after the deadlock. With this update, using resize2fs to perform an online resize of an ext3 file system works as expected. (BZ#553135) * some ATA and SCSI devices were not honoring the barrier=1 mount option, which could result in data loss after a crash or power loss. This update applies a patch to the Linux SCSI driver to ensure ordered write caching. This solution does not provide cache flushes; however, it does provide data integrity on devices that have no write caching (or where write caching is disabled) and no command queuing. For systems that have command queuing or write cache enabled there is no guarantee of data integrity after a crash. (BZ#560563) * it was found that lpfc_find_target() could loop continuously when scanning a list of nodes due to a missing spinlock. This missing spinlock allowed the list to be changed after the list_empty() test, resulting in a NULL value, causing the loop. This update adds the spinlock, resolving the issue. (BZ#561453) * the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options : 'Cannot set new wake-on-lan settings: Operation not supported not setting wol' This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#565496) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45091
    published 2010-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45091
    title CentOS 4 : kernel (CESA-2010:0146)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0146.NASL
    description From Red Hat Security Advisory 2010:0146 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When '/proc/sys/kernel/print-fatal-signals' is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) This update also fixes the following bugs : * under some circumstances, a locking bug could have caused an online ext3 file system resize to deadlock, which may have, in turn, caused the file system or the entire system to become unresponsive. In either case, a reboot was required after the deadlock. With this update, using resize2fs to perform an online resize of an ext3 file system works as expected. (BZ#553135) * some ATA and SCSI devices were not honoring the barrier=1 mount option, which could result in data loss after a crash or power loss. This update applies a patch to the Linux SCSI driver to ensure ordered write caching. This solution does not provide cache flushes; however, it does provide data integrity on devices that have no write caching (or where write caching is disabled) and no command queuing. For systems that have command queuing or write cache enabled there is no guarantee of data integrity after a crash. (BZ#560563) * it was found that lpfc_find_target() could loop continuously when scanning a list of nodes due to a missing spinlock. This missing spinlock allowed the list to be changed after the list_empty() test, resulting in a NULL value, causing the loop. This update adds the spinlock, resolving the issue. (BZ#561453) * the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options : 'Cannot set new wake-on-lan settings: Operation not supported not setting wol' This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#565496) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68013
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68013
    title Oracle Linux 4 : kernel (ELSA-2010-0146)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0147.NASL
    description From Red Hat Security Advisory 2010:0147 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a missing boundary check was found in the do_move_pages() function in the memory migration functionality in the Linux kernel. A local user could use this flaw to cause a local denial of service or an information leak. (CVE-2010-0415, Important) * a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important) * a NULL pointer dereference flaw was found in the ext4 file system code in the Linux kernel. A local attacker could use this flaw to trigger a local denial of service by mounting a specially crafted, journal-less ext4 file system, if that file system forced an EROFS error. (CVE-2009-4308, Moderate) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When '/proc/sys/kernel/print-fatal-signals' is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) Bug fixes : * a bug prevented Wake on LAN (WoL) being enabled on certain Intel hardware. (BZ#543449) * a race issue in the Journaling Block Device. (BZ#553132) * programs compiled on x86, and that also call sched_rr_get_interval(), were silently corrupted when run on 64-bit systems. (BZ#557684) * the RHSA-2010:0019 update introduced a regression, preventing WoL from working for network devices using the e1000e driver. (BZ#559335) * adding a bonding interface in mode balance-alb to a bridge was not functional. (BZ#560588) * some KVM (Kernel-based Virtual Machine) guests experienced slow performance (and possibly a crash) after suspend/resume. (BZ#560640) * on some systems, VF cannot be enabled in dom0. (BZ#560665) * on systems with certain network cards, a system crash occurred after enabling GRO. (BZ#561417) * for x86 KVM guests with pvclock enabled, the boot clocks were registered twice, possibly causing KVM to write data to a random memory area during the guest's life. (BZ#561454) * serious performance degradation for 32-bit applications, that map (mmap) thousands of small files, when run on a 64-bit system. (BZ#562746) * improved kexec/kdump handling. Previously, on some systems under heavy load, kexec/kdump was not functional. (BZ#562772) * dom0 was unable to boot when using the Xen hypervisor on a system with a large number of logical CPUs. (BZ#562777) * a fix for a bug that could potentially cause file system corruption. (BZ#564281) * a bug caused infrequent cluster issues for users of GFS2. (BZ#564288) * gfs2_delete_inode failed on read-only file systems. (BZ#564290) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68014
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68014
    title Oracle Linux 5 : kernel (ELSA-2010-0147)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0148.NASL
    description Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important) This update also fixes the following bugs : * programs compiled on x86, and that also call sched_rr_get_interval(), were silently corrupted when run on 64-bit systems. With this update, when such programs attempt to call sched_rr_get_interval() on 64-bit systems, sys32_sched_rr_get_interval() is called instead, which resolves this issue. (BZ#557682) * the fix for CVE-2009-4538 provided by RHSA-2010:0079 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options : 'Cannot set new wake-on-lan settings: Operation not supported not setting wol' This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#559333) * a number of bugs have been fixed in the copy_user routines for Intel 64 and AMD64 systems, one of which could have possibly led to data corruption. (BZ#568305) * on some systems, a race condition in the inode-based file event notifications implementation caused soft lockups and the following messages : 'BUG: warning at fs/inotify.c:181/set_dentry_child_flags()' 'BUG: soft lockup - CPU#[x] stuck for 10s!' This update resolves this race condition, and also removes the inotify debugging code from the kernel, due to race conditions in that code. (BZ#568662) * if a program that calls posix_fadvise() were compiled on x86, and then run on a 64-bit system, that program could experience various problems, including performance issues and the call to posix_fadvise() failing, causing the program to not run as expected or even abort. With this update, when such programs attempt to call posix_fadvise() on 64-bit systems, sys32_fadvise64() is called instead, which resolves this issue. This update also fixes other 32-bit system calls that were mistakenly called on 64-bit systems (including systems running the kernel-xen kernel). (BZ#569595) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2014-08-18
    plugin id 63921
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63921
    title RHEL 5 : kernel (RHSA-2010:0148)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100316_KERNEL_ON_SL5_X.NASL
    description Security fixes : - a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) - a missing boundary check was found in the do_move_pages() function in the memory migration functionality in the Linux kernel. A local user could use this flaw to cause a local denial of service or an information leak. (CVE-2010-0415, Important) - a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important) - a NULL pointer dereference flaw was found in the ext4 file system code in the Linux kernel. A local attacker could use this flaw to trigger a local denial of service by mounting a specially crafted, journal-less ext4 file system, if that file system forced an EROFS error. (CVE-2009-4308, Moderate) - an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When '/proc/sys/kernel/print-fatal-signals' is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) - missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) Bug fixes : - a bug prevented Wake on LAN (WoL) being enabled on certain Intel hardware. (BZ#543449) - a race issue in the Journaling Block Device. (BZ#553132) - programs compiled on x86, and that also call sched_rr_get_interval(), were silently corrupted when run on 64-bit systems. (BZ#557684) - the RHSA-2010:0019 update introduced a regression, preventing WoL from working for network devices using the e1000e driver. (BZ#559335) - adding a bonding interface in mode balance-alb to a bridge was not functional. (BZ#560588) - some KVM (Kernel-based Virtual Machine) guests experienced slow performance (and possibly a crash) after suspend/resume. (BZ#560640) - on some systems, VF cannot be enabled in dom0. (BZ#560665) - on systems with certain network cards, a system crash occurred after enabling GRO. (BZ#561417) - for x86 KVM guests with pvclock enabled, the boot clocks were registered twice, possibly causing KVM to write data to a random memory area during the guest's life. (BZ#561454) - serious performance degradation for 32-bit applications, that map (mmap) thousands of small files, when run on a 64-bit system. (BZ#562746) - improved kexec/kdump handling. Previously, on some systems under heavy load, kexec/kdump was not functional. (BZ#562772) - dom0 was unable to boot when using the Xen hypervisor on a system with a large number of logical CPUs. (BZ#562777) - a fix for a bug that could potentially cause file system corruption. (BZ#564281) - a bug caused infrequent cluster issues for users of GFS2. (BZ#564288) - gfs2_delete_inode failed on read-only file systems. (BZ#564290) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60749
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60749
    title Scientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0147.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a missing boundary check was found in the do_move_pages() function in the memory migration functionality in the Linux kernel. A local user could use this flaw to cause a local denial of service or an information leak. (CVE-2010-0415, Important) * a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important) * a NULL pointer dereference flaw was found in the ext4 file system code in the Linux kernel. A local attacker could use this flaw to trigger a local denial of service by mounting a specially crafted, journal-less ext4 file system, if that file system forced an EROFS error. (CVE-2009-4308, Moderate) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When '/proc/sys/kernel/print-fatal-signals' is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) Bug fixes : * a bug prevented Wake on LAN (WoL) being enabled on certain Intel hardware. (BZ#543449) * a race issue in the Journaling Block Device. (BZ#553132) * programs compiled on x86, and that also call sched_rr_get_interval(), were silently corrupted when run on 64-bit systems. (BZ#557684) * the RHSA-2010:0019 update introduced a regression, preventing WoL from working for network devices using the e1000e driver. (BZ#559335) * adding a bonding interface in mode balance-alb to a bridge was not functional. (BZ#560588) * some KVM (Kernel-based Virtual Machine) guests experienced slow performance (and possibly a crash) after suspend/resume. (BZ#560640) * on some systems, VF cannot be enabled in dom0. (BZ#560665) * on systems with certain network cards, a system crash occurred after enabling GRO. (BZ#561417) * for x86 KVM guests with pvclock enabled, the boot clocks were registered twice, possibly causing KVM to write data to a random memory area during the guest's life. (BZ#561454) * serious performance degradation for 32-bit applications, that map (mmap) thousands of small files, when run on a 64-bit system. (BZ#562746) * improved kexec/kdump handling. Previously, on some systems under heavy load, kexec/kdump was not functional. (BZ#562772) * dom0 was unable to boot when using the Xen hypervisor on a system with a large number of logical CPUs. (BZ#562777) * a fix for a bug that could potentially cause file system corruption. (BZ#564281) * a bug caused infrequent cluster issues for users of GFS2. (BZ#564288) * gfs2_delete_inode failed on read-only file systems. (BZ#564290) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45092
    published 2010-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45092
    title CentOS 5 : kernel (CESA-2010:0147)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0149.NASL
    description Updated kernel packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a deficiency was found in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important) * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important) This update also fixes the following bugs : * programs compiled on x86, and that also call sched_rr_get_interval(), were silently corrupted when run on 64-bit systems. With this update, when such programs attempt to call sched_rr_get_interval() on 64-bit systems, sys32_sched_rr_get_interval() is called instead, which resolves this issue. (BZ#557683) * the fix for CVE-2009-4538 provided by RHSA-2010:0053 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options : 'Cannot set new wake-on-lan settings: Operation not supported not setting wol' This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#559334) * a number of bugs have been fixed in the copy_user routines for Intel 64 and AMD64 systems, one of which could have possibly led to data corruption. (BZ#568307) * on some systems, a race condition in the inode-based file event notifications implementation caused soft lockups and the following messages : 'BUG: warning at fs/inotify.c:181/set_dentry_child_flags()' 'BUG: soft lockup - CPU#[x] stuck for 10s!' This update resolves this race condition, and also removes the inotify debugging code from the kernel, due to race conditions in that code. (BZ#568663) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2015-10-18
    plugin id 63922
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63922
    title RHEL 5 : kernel (RHSA-2010:0149)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-947-2.NASL
    description USN-947-1 fixed vulnerabilities in the Linux kernel. Fixes for CVE-2010-0419 caused failures when using KVM in certain situations. This update reverts that fix until a better solution can be found. We apologize for the inconvenience. It was discovered that the Linux kernel did not correctly handle memory protection of the Virtual Dynamic Shared Object page when running a 32-bit application on a 64-bit kernel. A local attacker could exploit this to cause a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2009-4271) It was discovered that the r8169 network driver did not correctly check the size of Ethernet frames. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2009-4537) Wei Yongjun discovered that SCTP did not correctly validate certain chunks. A remote attacker could send specially crafted traffic to monopolize CPU resources, leading to a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2010-0008) It was discovered that KVM did not correctly limit certain privileged IO accesses on x86. Processes in the guest OS with access to IO regions could gain further privileges within the guest OS. (Did not affect Ubuntu 6.06 LTS.) (CVE-2010-0298, CVE-2010-0306, CVE-2010-0419) Evgeniy Polyakov discovered that IPv6 did not correctly handle certain TUN packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0437) Sachin Prabhu discovered that GFS2 did not correctly handle certain locks. A local attacker with write access to a GFS2 filesystem could exploit this to crash the system, leading to a denial of service. (CVE-2010-0727) Jamie Strandboge discovered that network virtio in KVM did not correctly handle certain high-traffic conditions. A remote attacker could exploit this by sending specially crafted traffic to a guest OS, causing the guest to crash, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0741) Marcus Meissner discovered that the USB subsystem did not correctly handle certain error conditions. A local attacker with access to a USB device could exploit this to read recently used kernel memory, leading to a loss of privacy and potentially root privilege escalation. (CVE-2010-1083) Neil Brown discovered that the Bluetooth subsystem did not correctly handle large amounts of traffic. A physically proximate remote attacker could exploit this by sending specially crafted traffic that would consume all available system memory, leading to a denial of service. (Ubuntu 6.06 LTS and 10.04 LTS were not affected.) (CVE-2010-1084) Jody Bruchon discovered that the sound driver for the AMD780V did not correctly handle certain conditions. A local attacker with access to this hardward could exploit the flaw to cause a system crash, leading to a denial of service. (CVE-2010-1085) Ang Way Chuang discovered that the DVB driver did not correctly handle certain MPEG2-TS frames. An attacker could exploit this by delivering specially crafted frames to monopolize CPU resources, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1086) Trond Myklebust discovered that NFS did not correctly handle truncation under certain conditions. A local attacker with write access to an NFS share could exploit this to crash the system, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1087) Al Viro discovered that automount of NFS did not correctly handle symlinks under certain conditions. A local attacker could exploit this to crash the system, leading to a denial of service. (Ubuntu 6.06 LTS and Ubuntu 10.04 LTS were not affected.) (CVE-2010-1088) Matt McCutchen discovered that ReiserFS did not correctly protect xattr files in the .reiserfs_priv directory. A local attacker could exploit this to gain root privileges or crash the system, leading to a denial of service. (CVE-2010-1146) Eugene Teo discovered that CIFS did not correctly validate arguments when creating new files. A local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges if mmap_min_addr was not set. (CVE-2010-1148) Catalin Marinas and Tetsuo Handa discovered that the TTY layer did not correctly release process IDs. A local attacker could exploit this to consume kernel resources, leading to a denial of service. (CVE-2010-1162) Neil Horman discovered that TIPC did not correctly check its internal state. A local attacker could send specially crafted packets via AF_TIPC that would cause the system to crash, leading to a denial of service. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1187) Masayuki Nakagawa discovered that IPv6 did not correctly handle certain settings when listening. If a socket were listening with the IPV6_RECVPKTINFO flag, a remote attacker could send specially crafted traffic that would cause the system to crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2010-1188) Oleg Nesterov discovered that the Out-Of-Memory handler did not correctly handle certain arrangements of processes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-1488). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46811
    published 2010-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46811
    title Ubuntu 10.04 LTS : linux regression (USN-947-2)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0147.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a missing boundary check was found in the do_move_pages() function in the memory migration functionality in the Linux kernel. A local user could use this flaw to cause a local denial of service or an information leak. (CVE-2010-0415, Important) * a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important) * a NULL pointer dereference flaw was found in the ext4 file system code in the Linux kernel. A local attacker could use this flaw to trigger a local denial of service by mounting a specially crafted, journal-less ext4 file system, if that file system forced an EROFS error. (CVE-2009-4308, Moderate) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When '/proc/sys/kernel/print-fatal-signals' is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) Bug fixes : * a bug prevented Wake on LAN (WoL) being enabled on certain Intel hardware. (BZ#543449) * a race issue in the Journaling Block Device. (BZ#553132) * programs compiled on x86, and that also call sched_rr_get_interval(), were silently corrupted when run on 64-bit systems. (BZ#557684) * the RHSA-2010:0019 update introduced a regression, preventing WoL from working for network devices using the e1000e driver. (BZ#559335) * adding a bonding interface in mode balance-alb to a bridge was not functional. (BZ#560588) * some KVM (Kernel-based Virtual Machine) guests experienced slow performance (and possibly a crash) after suspend/resume. (BZ#560640) * on some systems, VF cannot be enabled in dom0. (BZ#560665) * on systems with certain network cards, a system crash occurred after enabling GRO. (BZ#561417) * for x86 KVM guests with pvclock enabled, the boot clocks were registered twice, possibly causing KVM to write data to a random memory area during the guest's life. (BZ#561454) * serious performance degradation for 32-bit applications, that map (mmap) thousands of small files, when run on a 64-bit system. (BZ#562746) * improved kexec/kdump handling. Previously, on some systems under heavy load, kexec/kdump was not functional. (BZ#562772) * dom0 was unable to boot when using the Xen hypervisor on a system with a large number of logical CPUs. (BZ#562777) * a fix for a bug that could potentially cause file system corruption. (BZ#564281) * a bug caused infrequent cluster issues for users of GFS2. (BZ#564288) * gfs2_delete_inode failed on read-only file systems. (BZ#564290) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46270
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46270
    title RHEL 5 : kernel (RHSA-2010:0147)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2011-0003.NASL
    description a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. f. vCenter Server third-party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. g. ESX third-party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. h. ESXi third-party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. i. ESX third-party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. j. ESX third-party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Notes : - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release. - The update also addresses CVE-2010-2240 for ESX 4.0.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 51971
    published 2011-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51971
    title VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-7516.NASL
    description This kernel update for the SUSE Linux Enterprise 10 SP4 kernel fixes several security issues and bugs. The following security issues were fixed : - The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. (CVE-2011-1017 / CVE-2011-1012) - Boundschecking was missing in AARESOLVE_OFFSET, which allowed local attackers to overwrite kernel memory and so escalate privileges or crash the kernel. (CVE-2011-1573) - When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. (CVE-2011-1585) - Kernel information via the TPM devices could by used by local attackers to read kernel memory. (CVE-2011-1160) - The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code. (CVE-2011-1577) - In the IrDA module, length fields provided by a peer for names and attributes may be longer than the destination array sizes and were not checked, this allowed local attackers (close to the irda port) to potentially corrupt memory. (CVE-2011-1180) - A system out of memory condition (denial of service) could be triggered with a large socket backlog, exploitable by local users. This has been addressed by backlog limiting. (CVE-2010-4251) - The Radeon GPU drivers in the Linux kernel did not properly validate data related to the AA resolve registers, which allowed local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. (CVE-2011-1016) - When parsing the FAC_NATIONAL_DIGIS facilities field, it was possible for a remote host to provide more digipeaters than expected, resulting in heap corruption. (CVE-2011-1493) - Local attackers could send signals to their programs that looked like coming from the kernel, potentially gaining privileges in the context of setuid programs. (CVE-2011-1182) - The code for evaluating Mac partitions (in fs/partitions/mac.c) contained a bug that could crash the kernel for certain corrupted Mac partitions. (CVE-2011-1010) - The code for evaluating OSF partitions (in fs/partitions/osf.c) contained a bug that leaks data from kernel heap memory to userspace for certain corrupted OSF partitions. (CVE-2011-1163) - Specially crafted requests may be written to /dev/sequencer resulting in an underflow when calculating a size for a copy_from_user() operation in the driver for MIDI interfaces. On x86, this just returns an error, but it could have caused memory corruption on other architectures. Other malformed requests could have resulted in the use of uninitialized variables. (CVE-2011-1476) - Due to a failure to validate user-supplied indexes in the driver for Yamaha YM3812 and OPL-3 chips, a specially crafted ioctl request could have been sent to /dev/sequencer, resulting in reading and writing beyond the bounds of heap buffers, and potentially allowing privilege escalation. (CVE-2011-1477) - A information leak in the XFS geometry calls could be used by local attackers to gain access to kernel information. (CVE-2011-0191) - The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length. (CVE-2010-0008)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 57212
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57212
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7516)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-947-1.NASL
    description It was discovered that the Linux kernel did not correctly handle memory protection of the Virtual Dynamic Shared Object page when running a 32-bit application on a 64-bit kernel. A local attacker could exploit this to cause a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2009-4271) It was discovered that the r8169 network driver did not correctly check the size of Ethernet frames. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2009-4537) Wei Yongjun discovered that SCTP did not correctly validate certain chunks. A remote attacker could send specially crafted traffic to monopolize CPU resources, leading to a denial of service. (Only affected Ubuntu 6.06 LTS.) (CVE-2010-0008) It was discovered that KVM did not correctly limit certain privileged IO accesses on x86. Processes in the guest OS with access to IO regions could gain further privileges within the guest OS. (Did not affect Ubuntu 6.06 LTS.) (CVE-2010-0298, CVE-2010-0306, CVE-2010-0419) Evgeniy Polyakov discovered that IPv6 did not correctly handle certain TUN packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0437) Sachin Prabhu discovered that GFS2 did not correctly handle certain locks. A local attacker with write access to a GFS2 filesystem could exploit this to crash the system, leading to a denial of service. (CVE-2010-0727) Jamie Strandboge discovered that network virtio in KVM did not correctly handle certain high-traffic conditions. A remote attacker could exploit this by sending specially crafted traffic to a guest OS, causing the guest to crash, leading to a denial of service. (Only affected Ubuntu 8.04 LTS.) (CVE-2010-0741) Marcus Meissner discovered that the USB subsystem did not correctly handle certain error conditions. A local attacker with access to a USB device could exploit this to read recently used kernel memory, leading to a loss of privacy and potentially root privilege escalation. (CVE-2010-1083) Neil Brown discovered that the Bluetooth subsystem did not correctly handle large amounts of traffic. A physically proximate remote attacker could exploit this by sending specially crafted traffic that would consume all available system memory, leading to a denial of service. (Ubuntu 6.06 LTS and 10.04 LTS were not affected.) (CVE-2010-1084) Jody Bruchon discovered that the sound driver for the AMD780V did not correctly handle certain conditions. A local attacker with access to this hardward could exploit the flaw to cause a system crash, leading to a denial of service. (CVE-2010-1085) Ang Way Chuang discovered that the DVB driver did not correctly handle certain MPEG2-TS frames. An attacker could exploit this by delivering specially crafted frames to monopolize CPU resources, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1086) Trond Myklebust discovered that NFS did not correctly handle truncation under certain conditions. A local attacker with write access to an NFS share could exploit this to crash the system, leading to a denial of service. (Ubuntu 10.04 LTS was not affected.) (CVE-2010-1087) Al Viro discovered that automount of NFS did not correctly handle symlinks under certain conditions. A local attacker could exploit this to crash the system, leading to a denial of service. (Ubuntu 6.06 LTS and Ubuntu 10.04 LTS were not affected.) (CVE-2010-1088) Matt McCutchen discovered that ReiserFS did not correctly protect xattr files in the .reiserfs_priv directory. A local attacker could exploit this to gain root privileges or crash the system, leading to a denial of service. (CVE-2010-1146) Eugene Teo discovered that CIFS did not correctly validate arguments when creating new files. A local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges if mmap_min_addr was not set. (CVE-2010-1148) Catalin Marinas and Tetsuo Handa discovered that the TTY layer did not correctly release process IDs. A local attacker could exploit this to consume kernel resources, leading to a denial of service. (CVE-2010-1162) Neil Horman discovered that TIPC did not correctly check its internal state. A local attacker could send specially crafted packets via AF_TIPC that would cause the system to crash, leading to a denial of service. (Ubuntu 6.06 LTS was not affected.) (CVE-2010-1187) Masayuki Nakagawa discovered that IPv6 did not correctly handle certain settings when listening. If a socket were listening with the IPV6_RECVPKTINFO flag, a remote attacker could send specially crafted traffic that would cause the system to crash, leading to a denial of service. (Only Ubuntu 6.06 LTS was affected.) (CVE-2010-1188) Oleg Nesterov discovered that the Out-Of-Memory handler did not correctly handle certain arrangements of processes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-1488). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 46810
    published 2010-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46810
    title Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : linux, linux-source-2.6.15 vulnerabilities (USN-947-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0342.NASL
    description Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * a flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) This update also fixes the following bug : * the fix for CVE-2009-4538 provided by RHSA-2010:0111 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options : 'Cannot set new wake-on-lan settings: Operation not supported not setting wol' This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#565495) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2016-05-13
    plugin id 63926
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63926
    title RHEL 4 : kernel (RHSA-2010:0342)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0146.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When '/proc/sys/kernel/print-fatal-signals' is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) This update also fixes the following bugs : * under some circumstances, a locking bug could have caused an online ext3 file system resize to deadlock, which may have, in turn, caused the file system or the entire system to become unresponsive. In either case, a reboot was required after the deadlock. With this update, using resize2fs to perform an online resize of an ext3 file system works as expected. (BZ#553135) * some ATA and SCSI devices were not honoring the barrier=1 mount option, which could result in data loss after a crash or power loss. This update applies a patch to the Linux SCSI driver to ensure ordered write caching. This solution does not provide cache flushes; however, it does provide data integrity on devices that have no write caching (or where write caching is disabled) and no command queuing. For systems that have command queuing or write cache enabled there is no guarantee of data integrity after a crash. (BZ#560563) * it was found that lpfc_find_target() could loop continuously when scanning a list of nodes due to a missing spinlock. This missing spinlock allowed the list to be changed after the list_empty() test, resulting in a NULL value, causing the loop. This update adds the spinlock, resolving the issue. (BZ#561453) * the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options : 'Cannot set new wake-on-lan settings: Operation not supported not setting wol' This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#565496) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46269
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46269
    title RHEL 4 : kernel (RHSA-2010:0146)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100316_KERNEL_ON_SL4_X.NASL
    description This update fixes the following security issues : - a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) - a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) - an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When '/proc/sys/kernel/print-fatal-signals' is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) - on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) - missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) This update also fixes the following bugs : - under some circumstances, a locking bug could have caused an online ext3 file system resize to deadlock, which may have, in turn, caused the file system or the entire system to become unresponsive. In either case, a reboot was required after the deadlock. With this update, using resize2fs to perform an online resize of an ext3 file system works as expected. (BZ#553135) - some ATA and SCSI devices were not honoring the barrier=1 mount option, which could result in data loss after a crash or power loss. This update applies a patch to the Linux SCSI driver to ensure ordered write caching. This solution does not provide cache flushes; however, it does provide data integrity on devices that have no write caching (or where write caching is disabled) and no command queuing. For systems that have command queuing or write cache enabled there is no guarantee of data integrity after a crash. (BZ#560563) - it was found that lpfc_find_target() could loop continuously when scanning a list of nodes due to a missing spinlock. This missing spinlock allowed the list to be changed after the list_empty() test, resulting in a NULL value, causing the loop. This update adds the spinlock, resolving the issue. (BZ#561453) - the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options : 'Cannot set new wake-on-lan settings: Operation not supported not setting wol' This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#565496) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60748
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60748
    title Scientific Linux Security Update : kernel on SL4.x i386/x86_64
  • NASL family Misc.
    NASL id VMWARE_VMSA-2011-0003_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Apache Tomcat - Apache Tomcat Manager - cURL - Java Runtime Environment (JRE) - Kernel - Microsoft SQL Express - OpenSSL - pam_krb5
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89674
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89674
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-7515.NASL
    description This kernel update for the SUSE Linux Enterprise 10 SP4 kernel fixes several security issues and bugs. The following security issues were fixed : - The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. (CVE-2011-1017 / CVE-2011-1012) - Boundschecking was missing in AARESOLVE_OFFSET, which allowed local attackers to overwrite kernel memory and so escalate privileges or crash the kernel. (CVE-2011-1573) - When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. (CVE-2011-1585) - Kernel information via the TPM devices could by used by local attackers to read kernel memory. (CVE-2011-1160) - The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code. (CVE-2011-1577) - In the IrDA module, length fields provided by a peer for names and attributes may be longer than the destination array sizes and were not checked, this allowed local attackers (close to the irda port) to potentially corrupt memory. (CVE-2011-1180) - A system out of memory condition (denial of service) could be triggered with a large socket backlog, exploitable by local users. This has been addressed by backlog limiting. (CVE-2010-4251) - The Radeon GPU drivers in the Linux kernel did not properly validate data related to the AA resolve registers, which allowed local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. (CVE-2011-1016) - When parsing the FAC_NATIONAL_DIGIS facilities field, it was possible for a remote host to provide more digipeaters than expected, resulting in heap corruption. (CVE-2011-1493) - Local attackers could send signals to their programs that looked like coming from the kernel, potentially gaining privileges in the context of setuid programs. (CVE-2011-1182) - The code for evaluating Mac partitions (in fs/partitions/mac.c) contained a bug that could crash the kernel for certain corrupted Mac partitions. (CVE-2011-1010) - The code for evaluating OSF partitions (in fs/partitions/osf.c) contained a bug that leaks data from kernel heap memory to userspace for certain corrupted OSF partitions. (CVE-2011-1163) - Specially crafted requests may be written to /dev/sequencer resulting in an underflow when calculating a size for a copy_from_user() operation in the driver for MIDI interfaces. On x86, this just returns an error, but it could have caused memory corruption on other architectures. Other malformed requests could have resulted in the use of uninitialized variables. (CVE-2011-1476) - Due to a failure to validate user-supplied indexes in the driver for Yamaha YM3812 and OPL-3 chips, a specially crafted ioctl request could have been sent to /dev/sequencer, resulting in reading and writing beyond the bounds of heap buffers, and potentially allowing privilege escalation. (CVE-2011-1477) - A information leak in the XFS geometry calls could be used by local attackers to gain access to kernel information. (CVE-2011-0191) - The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length. (CVE-2010-0008)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 59156
    published 2012-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59156
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7515)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-7568.NASL
    description This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs. The following security issues were fixed : - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. (CVE-2011-1593) - Only half of the fix for this vulnerability was only applied, the fix was completed now. Original text: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel handled Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - Boundschecking was missing in AARESOLVE_OFFSET in the SCTP protocol, which allowed local attackers to overwrite kernel memory and so escalate privileges or crash the kernel. (CVE-2011-1573) - Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel might have allowed local users to gain privileges or obtain sensitive information via a crafted LDM partition table. (CVE-2011-1017) - When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. (CVE-2011-1585) - Kernel information via the TPM devices could by used by local attackers to read kernel memory. (CVE-2011-1160) - The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code. (CVE-2011-1577) - In the IrDA module, length fields provided by a peer for names and attributes may be longer than the destination array sizes and were not checked, this allowed local attackers (close to the irda port) to potentially corrupt memory. (CVE-2011-1180) - A system out of memory condition (denial of service) could be triggered with a large socket backlog, exploitable by local users. This has been addressed by backlog limiting. (CVE-2010-4251) - The Radeon GPU drivers in the Linux kernel did not properly validate data related to the AA resolve registers, which allowed local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. (CVE-2011-1016) - When parsing the FAC_NATIONAL_DIGIS facilities field, it was possible for a remote host to provide more digipeaters than expected, resulting in heap corruption. (CVE-2011-1493) - Local attackers could send signals to their programs that looked like coming from the kernel, potentially gaining privileges in the context of setuid programs. (CVE-2011-1182) - The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. (CVE-2011-1017 / CVE-2011-1012) - The code for evaluating Mac partitions (in fs/partitions/mac.c) contained a bug that could crash the kernel for certain corrupted Mac partitions. (CVE-2011-1010) - The code for evaluating OSF partitions (in fs/partitions/osf.c) contained a bug that leaks data from kernel heap memory to userspace for certain corrupted OSF partitions. (CVE-2011-1163) - Specially crafted requests may be written to /dev/sequencer resulting in an underflow when calculating a size for a copy_from_user() operation in the driver for MIDI interfaces. On x86, this just returns an error, but it could have caused memory corruption on other architectures. Other malformed requests could have resulted in the use of uninitialized variables. (CVE-2011-1476) - Due to a failure to validate user-supplied indexes in the driver for Yamaha YM3812 and OPL-3 chips, a specially crafted ioctl request could have been sent to /dev/sequencer, resulting in reading and writing beyond the bounds of heap buffers, and potentially allowing privilege escalation. (CVE-2011-1477) - A information leak in the XFS geometry calls could be used by local attackers to gain access to kernel information. (CVE-2011-0191) - The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length. (CVE-2010-0008)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 55468
    published 2011-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55468
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7568)
oval via4
accepted 2013-04-29T04:11:58.012-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.
family unix
id oval:org.mitre.oval:def:11160
status accepted
submitted 2010-07-09T03:56:16-04:00
title The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2010:0146
  • rhsa
    id RHSA-2010:0147
  • rhsa
    id RHSA-2010:0342
rpms
  • kernel-0:2.6.9-89.0.23.EL
  • kernel-devel-0:2.6.9-89.0.23.EL
  • kernel-doc-0:2.6.9-89.0.23.EL
  • kernel-hugemem-0:2.6.9-89.0.23.EL
  • kernel-hugemem-devel-0:2.6.9-89.0.23.EL
  • kernel-largesmp-0:2.6.9-89.0.23.EL
  • kernel-largesmp-devel-0:2.6.9-89.0.23.EL
  • kernel-smp-0:2.6.9-89.0.23.EL
  • kernel-smp-devel-0:2.6.9-89.0.23.EL
  • kernel-xenU-0:2.6.9-89.0.23.EL
  • kernel-xenU-devel-0:2.6.9-89.0.23.EL
  • kernel-0:2.6.18-164.15.1.el5
  • kernel-PAE-0:2.6.18-164.15.1.el5
  • kernel-PAE-devel-0:2.6.18-164.15.1.el5
  • kernel-debug-0:2.6.18-164.15.1.el5
  • kernel-debug-devel-0:2.6.18-164.15.1.el5
  • kernel-devel-0:2.6.18-164.15.1.el5
  • kernel-doc-0:2.6.18-164.15.1.el5
  • kernel-headers-0:2.6.18-164.15.1.el5
  • kernel-kdump-0:2.6.18-164.15.1.el5
  • kernel-kdump-devel-0:2.6.18-164.15.1.el5
  • kernel-xen-0:2.6.18-164.15.1.el5
  • kernel-xen-devel-0:2.6.18-164.15.1.el5
refmap via4
bugtraq 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
confirm
mlist [oss-security] 20100317 CVE-2010-0008 kernel: sctp remote denial of service
secunia
  • 39295
  • 43315
statements via4
contributor Vincent Danen
lastmodified 2010-03-22
organization Red Hat
statement This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. It did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG as it has already had the fix to this issue. This was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0146.html and https://rhn.redhat.com/errata/RHSA-2010-9419.html respectively.
Last major update 19-03-2012 - 00:00
Published 19-03-2010 - 15:30
Last modified 10-10-2018 - 15:49
Back to Top