ID CVE-2010-0307
Summary The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.
References
Vulnerable Configurations
  • Linux Kernel 2.6.32 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.32:rc2
  • Debian GNU/Linux 4.0
    cpe:2.3:o:debian:debian_linux:4.0
  • Debian GNU/Linux 5.0
    cpe:2.3:o:debian:debian_linux:5.0
  • Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:6.06:-:-:-:lts
  • Canonical Ubuntu Linux 8.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:8.04:-:-:-:lts
  • Canonical Ubuntu Linux 8.10
    cpe:2.3:o:canonical:ubuntu_linux:8.10
  • Canonical Ubuntu Linux 9.04
    cpe:2.3:o:canonical:ubuntu_linux:9.04
  • Canonical Ubuntu Linux 9.10
    cpe:2.3:o:canonical:ubuntu_linux:9.10
CVSS
Base: 4.7 (as of 18-02-2010 - 09:08)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
exploit-db via4
description Linux Kernel 2.6.x 64bit Personality Handling Local Denial of Service Vulnerability. CVE-2010-0307. Dos exploit for linux platform
id EDB-ID:33585
last seen 2016-02-03
modified 2010-02-01
published 2010-02-01
reporter Mathias Krause
source https://www.exploit-db.com/download/33585/
title Linux Kernel 2.6.x - 64 bit Personality Handling Local Denial of Service Vulnerability
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0146.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When '/proc/sys/kernel/print-fatal-signals' is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) This update also fixes the following bugs : * under some circumstances, a locking bug could have caused an online ext3 file system resize to deadlock, which may have, in turn, caused the file system or the entire system to become unresponsive. In either case, a reboot was required after the deadlock. With this update, using resize2fs to perform an online resize of an ext3 file system works as expected. (BZ#553135) * some ATA and SCSI devices were not honoring the barrier=1 mount option, which could result in data loss after a crash or power loss. This update applies a patch to the Linux SCSI driver to ensure ordered write caching. This solution does not provide cache flushes; however, it does provide data integrity on devices that have no write caching (or where write caching is disabled) and no command queuing. For systems that have command queuing or write cache enabled there is no guarantee of data integrity after a crash. (BZ#560563) * it was found that lpfc_find_target() could loop continuously when scanning a list of nodes due to a missing spinlock. This missing spinlock allowed the list to be changed after the list_empty() test, resulting in a NULL value, causing the loop. This update adds the spinlock, resolving the issue. (BZ#561453) * the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options : 'Cannot set new wake-on-lan settings: Operation not supported not setting wol' This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#565496) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45091
    published 2010-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45091
    title CentOS 4 : kernel (CESA-2010:0146)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0146.NASL
    description From Red Hat Security Advisory 2010:0146 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When '/proc/sys/kernel/print-fatal-signals' is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) This update also fixes the following bugs : * under some circumstances, a locking bug could have caused an online ext3 file system resize to deadlock, which may have, in turn, caused the file system or the entire system to become unresponsive. In either case, a reboot was required after the deadlock. With this update, using resize2fs to perform an online resize of an ext3 file system works as expected. (BZ#553135) * some ATA and SCSI devices were not honoring the barrier=1 mount option, which could result in data loss after a crash or power loss. This update applies a patch to the Linux SCSI driver to ensure ordered write caching. This solution does not provide cache flushes; however, it does provide data integrity on devices that have no write caching (or where write caching is disabled) and no command queuing. For systems that have command queuing or write cache enabled there is no guarantee of data integrity after a crash. (BZ#560563) * it was found that lpfc_find_target() could loop continuously when scanning a list of nodes due to a missing spinlock. This missing spinlock allowed the list to be changed after the list_empty() test, resulting in a NULL value, causing the loop. This update adds the spinlock, resolving the issue. (BZ#561453) * the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options : 'Cannot set new wake-on-lan settings: Operation not supported not setting wol' This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#565496) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68013
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68013
    title Oracle Linux 4 : kernel (ELSA-2010-0146)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0016.NASL
    description a. Service Console OS update for COS kernel This patch updates the service console kernel to fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0415, CVE-2010-0307, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1437, and CVE-2010-1088 to these issues. b. Likewise package updates Updates to the likewisekrb5, likewiseopenldap, likewiseopen, and pamkrb5 packages address several security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-4212, and CVE-2010-1321 to these issues.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 50611
    published 2010-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50611
    title VMSA-2010-0016 : VMware ESXi and ESX third-party updates for Service Console and Likewise components
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1996.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3939 Joseph Malicki reported that the dbg_lvl sysfs attribute for the megaraid_sas device driver had world-writable permissions, permitting local users to modify logging settings. - CVE-2009-4027 Lennert Buytenhek reported a race in the mac80211 subsystem that may allow remote users to cause a denial of service (system crash) on a system connected to the same wireless network. - CVE-2009-4536 CVE-2009-4538 Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames. - CVE-2010-0003 Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. - CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. - CVE-2010-0291 Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service (system panic) or obtain elevated privileges. - CVE-2010-0298 & CVE-2010-0306 Gleb Natapov discovered issues in the KVM subsystem where missing permission checks (CPL/IOPL) permit a user in a guest system to denial of service a guest (system crash) or gain escalated privileges with the guest. - CVE-2010-0307 Mathias Krause reported an issue with the load_elf_binary code on the amd64 flavor kernels that allows local users to cause a denial of service (system crash). - CVE-2010-0309 Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service (crash) of the host system. - CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory). - CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44860
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44860
    title Debian DSA-1996-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leak
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1500.NASL
    description Kernel security update for Fedora 11: CVE-2009-4141 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2010-0307 Bugs: 559100 kernel: tty->pgrp races 521265 oops in VIA padlock driver Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47258
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47258
    title Fedora 11 : kernel-2.6.30.10-105.2.13.fc11 (2010-1500)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-066.NASL
    description Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions. (CVE-2010-0727) The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set. (CVE-2010-0415) drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537. (CVE-2009-4538) The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. (CVE-2010-0307) Aditionally, it was added support for some backlight models used in Samsung laptops and fixes to detect Saitek X52 joysticks. To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48176
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48176
    title Mandriva Linux Security Advisory : kernel (MDVSA-2010:066)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0398.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) * a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) * a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) This update also fixes the following bugs : * in some cases, booting a system with the 'iommu=on' kernel parameter resulted in a Xen hypervisor panic. (BZ#580199) * the fnic driver flushed the Rx queue instead of the Tx queue after fabric login. This caused crashes in some cases. (BZ#580829) * 'kernel unaligned access' warnings were logged to the dmesg log on some systems. (BZ#580832) * the 'Northbridge Error, node 1, core: -1 K8 ECC error' error occurred on some systems using the amd64_edac driver. (BZ#580836) * in rare circumstances, when using kdump and booting a kernel with 'crashkernel=128M@16M', the kdump kernel did not boot after a crash. (BZ#580838) * TLB page table entry flushing was done incorrectly on IBM System z, possibly causing crashes, subtle data inconsistency, or other issues. (BZ#580839) * iSCSI failover times were slower than in Red Hat Enterprise Linux 5.3. (BZ#580840) * fixed floating point state corruption after signal. (BZ#580841) * in certain circumstances, under heavy load, certain network interface cards using the bnx2 driver and configured to use MSI-X, could stop processing interrupts and then network connectivity would cease. (BZ#587799) * cnic parts resets could cause a deadlock when the bnx2 device was enslaved in a bonding device and that device had an associated VLAN. (BZ#581148) * some BIOS implementations initialized interrupt remapping hardware in a way the Xen hypervisor implementation did not expect. This could have caused a system hang during boot. (BZ#581150) * AMD Magny-Cours systems panicked when booting a 32-bit kernel. (BZ#580846) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46307
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46307
    title RHEL 5 : kernel (RHSA-2010:0398)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100506_KERNEL_ON_SL_5_0.NASL
    description This kernel is already in SL 5.5 This updated contains all the security and bug fixes from the 2.6.18-194.el5 kernel. In additions this update fixes the following security issues : - a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) - on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) - a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) - a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) - a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) This update also fixes the following bugs : - in some cases, booting a system with the 'iommu=on' kernel parameter resulted in a Xen hypervisor panic. (BZ#580199) - the fnic driver flushed the Rx queue instead of the Tx queue after fabric login. This caused crashes in some cases. (BZ#580829) - 'kernel unaligned access' warnings were logged to the dmesg log on some systems. (BZ#580832) - the 'Northbridge Error, node 1, core: -1 K8 ECC error' error occurred on some systems using the amd64_edac driver. (BZ#580836) - in rare circumstances, when using kdump and booting a kernel with 'crashkernel=128M@16M', the kdump kernel did not boot after a crash. (BZ#580838) - TLB page table entry flushing was done incorrectly on IBM System z, possibly causing crashes, subtle data inconsistency, or other issues. (BZ#580839) - iSCSI failover times were slower than in Red Hat Enterprise Linux 5.3. (BZ#580840) - fixed floating point state corruption after signal. (BZ#580841) - in certain circumstances, under heavy load, certain network interface cards using the bnx2 driver and configured to use MSI-X, could stop processing interrupts and then network connectivity would cease. (BZ#587799) - cnic parts resets could cause a deadlock when the bnx2 device was enslaved in a bonding device and that device had an associated VLAN. (BZ#581148) - some BIOS implementations initialized interrupt remapping hardware in a way the Xen hypervisor implementation did not expect. This could have caused a system hang during boot. (BZ#581150) - AMD Magny-Cours systems panicked when booting a 32-bit kernel. (BZ#580846) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60788
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60788
    title Scientific Linux Security Update : kernel on SL 5.0-5.4 i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0398.NASL
    description From Red Hat Security Advisory 2010:0398 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) * a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) * a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) This update also fixes the following bugs : * in some cases, booting a system with the 'iommu=on' kernel parameter resulted in a Xen hypervisor panic. (BZ#580199) * the fnic driver flushed the Rx queue instead of the Tx queue after fabric login. This caused crashes in some cases. (BZ#580829) * 'kernel unaligned access' warnings were logged to the dmesg log on some systems. (BZ#580832) * the 'Northbridge Error, node 1, core: -1 K8 ECC error' error occurred on some systems using the amd64_edac driver. (BZ#580836) * in rare circumstances, when using kdump and booting a kernel with 'crashkernel=128M@16M', the kdump kernel did not boot after a crash. (BZ#580838) * TLB page table entry flushing was done incorrectly on IBM System z, possibly causing crashes, subtle data inconsistency, or other issues. (BZ#580839) * iSCSI failover times were slower than in Red Hat Enterprise Linux 5.3. (BZ#580840) * fixed floating point state corruption after signal. (BZ#580841) * in certain circumstances, under heavy load, certain network interface cards using the bnx2 driver and configured to use MSI-X, could stop processing interrupts and then network connectivity would cease. (BZ#587799) * cnic parts resets could cause a deadlock when the bnx2 device was enslaved in a bonding device and that device had an associated VLAN. (BZ#581148) * some BIOS implementations initialized interrupt remapping hardware in a way the Xen hypervisor implementation did not expect. This could have caused a system hang during boot. (BZ#581150) * AMD Magny-Cours systems panicked when booting a 32-bit kernel. (BZ#580846) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68037
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68037
    title Oracle Linux 5 : kernel (ELSA-2010-0398)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-914-1.NASL
    description Mathias Krause discovered that the Linux kernel did not correctly handle missing ELF interpreters. A local attacker could exploit this to cause the system to crash, leading to a denial of service. (CVE-2010-0307) Marcelo Tosatti discovered that the Linux kernel's hardware virtualization did not correctly handle reading the /dev/port special device. A local attacker in a guest operating system could issue a specific read that would cause the host system to crash, leading to a denial of service. (CVE-2010-0309) Sebastian Krahmer discovered that the Linux kernel did not correctly handle netlink connector messages. A local attacker could exploit this to consume kernel memory, leading to a denial of service. (CVE-2010-0410) Ramon de Carvalho Valle discovered that the Linux kernel did not correctly validate certain memory migration calls. A local attacker could exploit this to read arbitrary kernel memory or cause a system crash, leading to a denial of service. (CVE-2010-0415) Jermome Marchand and Mikael Pettersson discovered that the Linux kernel did not correctly handle certain futex operations. A local attacker could exploit this to cause a system crash, leading to a denial of service. (CVE-2010-0622, CVE-2010-0623). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 45081
    published 2010-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45081
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-914-1)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2011-0003.NASL
    description a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. f. vCenter Server third-party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. g. ESX third-party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. h. ESXi third-party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. i. ESX third-party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. j. ESX third-party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Notes : - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release. - The update also addresses CVE-2010-2240 for ESX 4.0.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 51971
    published 2011-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51971
    title VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_KERNEL-100301.NASL
    description The openSUSE 11.0 kernel was updated to fix following security issues : CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. CVE-2010-0307: The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. CVE-2010-0410: drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. CVE-2010-0415: The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 45010
    published 2010-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45010
    title openSUSE Security Update : kernel (kernel-2089)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0398.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) * a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) * a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) This update also fixes the following bugs : * in some cases, booting a system with the 'iommu=on' kernel parameter resulted in a Xen hypervisor panic. (BZ#580199) * the fnic driver flushed the Rx queue instead of the Tx queue after fabric login. This caused crashes in some cases. (BZ#580829) * 'kernel unaligned access' warnings were logged to the dmesg log on some systems. (BZ#580832) * the 'Northbridge Error, node 1, core: -1 K8 ECC error' error occurred on some systems using the amd64_edac driver. (BZ#580836) * in rare circumstances, when using kdump and booting a kernel with 'crashkernel=128M@16M', the kdump kernel did not boot after a crash. (BZ#580838) * TLB page table entry flushing was done incorrectly on IBM System z, possibly causing crashes, subtle data inconsistency, or other issues. (BZ#580839) * iSCSI failover times were slower than in Red Hat Enterprise Linux 5.3. (BZ#580840) * fixed floating point state corruption after signal. (BZ#580841) * in certain circumstances, under heavy load, certain network interface cards using the bnx2 driver and configured to use MSI-X, could stop processing interrupts and then network connectivity would cease. (BZ#587799) * cnic parts resets could cause a deadlock when the bnx2 device was enslaved in a bonding device and that device had an associated VLAN. (BZ#581148) * some BIOS implementations initialized interrupt remapping hardware in a way the Xen hypervisor implementation did not expect. This could have caused a system hang during boot. (BZ#581150) * AMD Magny-Cours systems panicked when booting a 32-bit kernel. (BZ#580846) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46759
    published 2010-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46759
    title CentOS 5 : kernel (CESA-2010:0398)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-100223.NASL
    description The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.45 fixing various bugs and security issues. - The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. (CVE-2010-0622) - The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. (CVE-2010-0307) - Users could send/allocate arbitrary amounts of NETLINK_CONNECTOR messages to the kernel, causing OOM condition, killing selected processes or halting the system. (CVE-2010-0410) - The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernels node set. (CVE-2010-0415) - net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. (CVE-2010-0007) - drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. (CVE-2009-4538) - The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. (CVE-2010-0003) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44966
    published 2010-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44966
    title SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 2040 / 2043 / 2044)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_KERNEL-100223.NASL
    description The openSUSE 11.1 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. CVE-2010-0307: The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. CVE-2010-0410: Users could send/allocate arbitrary amounts of NETLINK_CONNECTOR messages to the kernel, causing OOM condition, killing selected processes or halting the system. CVE-2010-0415: The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set. CVE-2010-0007: net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. CVE-2009-4538: drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. CVE-2010-0003: The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44964
    published 2010-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44964
    title openSUSE Security Update : kernel (kernel-2050)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-067.NASL
    description This update provides a fix to the correction of CVE-2010-0307, which resulted in crashes when running i586 applications on x86_64. To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48177
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48177
    title Mandriva Linux Security Advisory : kernel (MDVSA-2010:067)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0146.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When '/proc/sys/kernel/print-fatal-signals' is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) This update also fixes the following bugs : * under some circumstances, a locking bug could have caused an online ext3 file system resize to deadlock, which may have, in turn, caused the file system or the entire system to become unresponsive. In either case, a reboot was required after the deadlock. With this update, using resize2fs to perform an online resize of an ext3 file system works as expected. (BZ#553135) * some ATA and SCSI devices were not honoring the barrier=1 mount option, which could result in data loss after a crash or power loss. This update applies a patch to the Linux SCSI driver to ensure ordered write caching. This solution does not provide cache flushes; however, it does provide data integrity on devices that have no write caching (or where write caching is disabled) and no command queuing. For systems that have command queuing or write cache enabled there is no guarantee of data integrity after a crash. (BZ#560563) * it was found that lpfc_find_target() could loop continuously when scanning a list of nodes due to a missing spinlock. This missing spinlock allowed the list to be changed after the list_empty() test, resulting in a NULL value, causing the loop. This update adds the spinlock, resolving the issue. (BZ#561453) * the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options : 'Cannot set new wake-on-lan settings: Operation not supported not setting wol' This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#565496) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46269
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46269
    title RHEL 4 : kernel (RHSA-2010:0146)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1787.NASL
    description Kernel security update. Bugs fixed: #563091 #510823 #559100 #533087 CVE-2010-0307 CVE-2010-0410 CVE-2010-0415 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47270
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47270
    title Fedora 12 : kernel-2.6.31.12-174.2.19.fc12 (2010-1787)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100316_KERNEL_ON_SL4_X.NASL
    description This update fixes the following security issues : - a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) - a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) - an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When '/proc/sys/kernel/print-fatal-signals' is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) - on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) - missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) This update also fixes the following bugs : - under some circumstances, a locking bug could have caused an online ext3 file system resize to deadlock, which may have, in turn, caused the file system or the entire system to become unresponsive. In either case, a reboot was required after the deadlock. With this update, using resize2fs to perform an online resize of an ext3 file system works as expected. (BZ#553135) - some ATA and SCSI devices were not honoring the barrier=1 mount option, which could result in data loss after a crash or power loss. This update applies a patch to the Linux SCSI driver to ensure ordered write caching. This solution does not provide cache flushes; however, it does provide data integrity on devices that have no write caching (or where write caching is disabled) and no command queuing. For systems that have command queuing or write cache enabled there is no guarantee of data integrity after a crash. (BZ#560563) - it was found that lpfc_find_target() could loop continuously when scanning a list of nodes due to a missing spinlock. This missing spinlock allowed the list to be changed after the list_empty() test, resulting in a NULL value, causing the loop. This update adds the spinlock, resolving the issue. (BZ#561453) - the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options : 'Cannot set new wake-on-lan settings: Operation not supported not setting wol' This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#565496) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60748
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60748
    title Scientific Linux Security Update : kernel on SL4.x i386/x86_64
  • NASL family Misc.
    NASL id VMWARE_VMSA-2011-0003_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Apache Tomcat - Apache Tomcat Manager - cURL - Java Runtime Environment (JRE) - Kernel - Microsoft SQL Express - OpenSSL - pam_krb5
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89674
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89674
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)
oval via4
accepted 2013-04-29T04:09:30.724-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.
family unix
id oval:org.mitre.oval:def:10870
status accepted
submitted 2010-07-09T03:56:16-04:00
title The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.
version 24
redhat via4
advisories
  • bugzilla
    id 565496
    title e1000e: wol is broken in kernel 2.6.9-89.19 [rhel-4.8.z]
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.9-89.0.23.EL
          oval oval:com.redhat.rhsa:tst:20100146002
        • comment kernel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689003
      • AND
        • comment kernel-devel is earlier than 0:2.6.9-89.0.23.EL
          oval oval:com.redhat.rhsa:tst:20100146004
        • comment kernel-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689005
      • AND
        • comment kernel-doc is earlier than 0:2.6.9-89.0.23.EL
          oval oval:com.redhat.rhsa:tst:20100146022
        • comment kernel-doc is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689019
      • AND
        • comment kernel-hugemem is earlier than 0:2.6.9-89.0.23.EL
          oval oval:com.redhat.rhsa:tst:20100146020
        • comment kernel-hugemem is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689017
      • AND
        • comment kernel-hugemem-devel is earlier than 0:2.6.9-89.0.23.EL
          oval oval:com.redhat.rhsa:tst:20100146018
        • comment kernel-hugemem-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689015
      • AND
        • comment kernel-largesmp is earlier than 0:2.6.9-89.0.23.EL
          oval oval:com.redhat.rhsa:tst:20100146012
        • comment kernel-largesmp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689013
      • AND
        • comment kernel-largesmp-devel is earlier than 0:2.6.9-89.0.23.EL
          oval oval:com.redhat.rhsa:tst:20100146008
        • comment kernel-largesmp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689009
      • AND
        • comment kernel-smp is earlier than 0:2.6.9-89.0.23.EL
          oval oval:com.redhat.rhsa:tst:20100146014
        • comment kernel-smp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689011
      • AND
        • comment kernel-smp-devel is earlier than 0:2.6.9-89.0.23.EL
          oval oval:com.redhat.rhsa:tst:20100146010
        • comment kernel-smp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689007
      • AND
        • comment kernel-xenU is earlier than 0:2.6.9-89.0.23.EL
          oval oval:com.redhat.rhsa:tst:20100146016
        • comment kernel-xenU is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070488009
      • AND
        • comment kernel-xenU-devel is earlier than 0:2.6.9-89.0.23.EL
          oval oval:com.redhat.rhsa:tst:20100146006
        • comment kernel-xenU-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070488011
    rhsa
    id RHSA-2010:0146
    released 2010-03-16
    severity Important
    title RHSA-2010:0146: kernel security and bug fix update (Important)
  • rhsa
    id RHSA-2010:0398
  • rhsa
    id RHSA-2010:0771
rpms
  • kernel-0:2.6.9-89.0.23.EL
  • kernel-devel-0:2.6.9-89.0.23.EL
  • kernel-doc-0:2.6.9-89.0.23.EL
  • kernel-hugemem-0:2.6.9-89.0.23.EL
  • kernel-hugemem-devel-0:2.6.9-89.0.23.EL
  • kernel-largesmp-0:2.6.9-89.0.23.EL
  • kernel-largesmp-devel-0:2.6.9-89.0.23.EL
  • kernel-smp-0:2.6.9-89.0.23.EL
  • kernel-smp-devel-0:2.6.9-89.0.23.EL
  • kernel-xenU-0:2.6.9-89.0.23.EL
  • kernel-xenU-devel-0:2.6.9-89.0.23.EL
  • kernel-0:2.6.18-194.3.1.el5
  • kernel-PAE-0:2.6.18-194.3.1.el5
  • kernel-PAE-devel-0:2.6.18-194.3.1.el5
  • kernel-debug-0:2.6.18-194.3.1.el5
  • kernel-debug-devel-0:2.6.18-194.3.1.el5
  • kernel-devel-0:2.6.18-194.3.1.el5
  • kernel-doc-0:2.6.18-194.3.1.el5
  • kernel-headers-0:2.6.18-194.3.1.el5
  • kernel-kdump-0:2.6.18-194.3.1.el5
  • kernel-kdump-devel-0:2.6.18-194.3.1.el5
  • kernel-xen-0:2.6.18-194.3.1.el5
  • kernel-xen-devel-0:2.6.18-194.3.1.el5
refmap via4
bid 38027
bugtraq 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
confirm
debian DSA-1996
fedora FEDORA-2010-1787
mandriva MDVSA-2010:066
misc http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20100202,15754.html
mlist
  • [linux-mm] 20100128 DoS on x86_64
  • [oss-security] 20100201 CVE request - kernel: DoS on x86_64
  • [oss-security] 20100201 Re: CVE request - kernel: DoS on x86_64
  • [oss-security] 20100203 Re: CVE request - kernel: DoS on x86_64
  • [oss-security] 20100204 Re: CVE request - kernel: DoS on x86_64
secunia
  • 38492
  • 38779
  • 38922
  • 39649
  • 43315
suse SUSE-SA:2010:014
ubuntu USN-914-1
vupen ADV-2010-0638
statements via4
contributor Vincent Danen
lastmodified 2010-03-17
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-0307. This issue has been rated as having moderate security impact. This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0146.html. Future updates in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
Last major update 19-03-2012 - 00:00
Published 17-02-2010 - 13:30
Last modified 16-11-2018 - 11:08
Back to Top