ID CVE-2010-0410
Summary drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages.
References
Vulnerable Configurations
  • Linux Kernel 2.6.32 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.32:rc2
  • Debian GNU/Linux 4.0
    cpe:2.3:o:debian:debian_linux:4.0
  • Debian GNU/Linux 5.0
    cpe:2.3:o:debian:debian_linux:5.0
  • Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:6.06:-:-:-:lts
  • Canonical Ubuntu Linux 8.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:8.04:-:-:-:lts
  • Canonical Ubuntu Linux 8.10
    cpe:2.3:o:canonical:ubuntu_linux:8.10
  • Canonical Ubuntu Linux 9.04
    cpe:2.3:o:canonical:ubuntu_linux:9.04
  • Canonical Ubuntu Linux 9.10
    cpe:2.3:o:canonical:ubuntu_linux:9.10
CVSS
Base: 4.9 (as of 23-02-2010 - 08:20)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1804.NASL
    description Security bugs: CVE-2010-0410 CVE-2010-0415 #563091 Also fixes: xfs: xfs_swap_extents needs to handle dynamic fork offsets (F12#510823) Possible system lockups caused by the fix for bug #559100 in the previous updates. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47271
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47271
    title Fedora 11 : kernel-2.6.30.10-105.2.23.fc11 (2010-1804)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2003.NASL
    description NOTE: This kernel update marks the final planned kernel security update for the 2.6.18 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date. A final update that includes fixes for these issues in the 2.6.24 kernel is also in preparation and will be released shortly. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3080 Dave Jones reported an issue in the gdth SCSI driver. A missing check for negative offsets in an ioctl call could be exploited by local users to create a denial of service or potentially gain elevated privileges. - CVE-2009-3726 Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call. - CVE-2009-4005 Roel Kluin discovered an issue in the hfc_usb driver, an ISDN driver for Colognechip HFC-S USB chip. A potential read overflow exists which may allow remote users to cause a denial of service condition (oops). - CVE-2009-4020 Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem. - CVE-2009-4021 Anana V. Avati discovered an issue in the fuse subsystem. If the system is sufficiently low on memory, a local user can cause the kernel to dereference an invalid pointer resulting in a denial of service (oops) and potentially an escalation of privileges. - CVE-2009-4536 Fabian Yamaguchi reported an issue in the e1000 driver for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames. - CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. - CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory). - CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory. - CVE-2010-0622 Jerome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service (oops). This update also fixes a regression introduced by a previous security update that caused problems booting on certain s390 systems.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44867
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44867
    title Debian DSA-2003-1 : linux-2.6 - privilege escalation/denial of service
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_KERNEL-100317.NASL
    description This update of the openSUSE 11.2 kernel contains a lot of bug and security fixes. Following security issues were fixed: CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the Linux kernel does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. CVE-2010-0623: The futex_lock_pi function in kernel/futex.c in the Linux kernel does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem. CVE-2010-0415: The do_pages_move function in mm/migrate.c in the Linux kernel does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set. CVE-2010-0410: drivers/connector/connector.c in the Linux kernel allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. CVE-2009-4031: The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support. This update also contains a large rollup of fixes for the rt2860 and rt3090 wireless drivers from the mainline kernel.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 45128
    published 2010-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45128
    title openSUSE Security Update : kernel (kernel-2146)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1996.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3939 Joseph Malicki reported that the dbg_lvl sysfs attribute for the megaraid_sas device driver had world-writable permissions, permitting local users to modify logging settings. - CVE-2009-4027 Lennert Buytenhek reported a race in the mac80211 subsystem that may allow remote users to cause a denial of service (system crash) on a system connected to the same wireless network. - CVE-2009-4536 CVE-2009-4538 Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames. - CVE-2010-0003 Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. - CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. - CVE-2010-0291 Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service (system panic) or obtain elevated privileges. - CVE-2010-0298 & CVE-2010-0306 Gleb Natapov discovered issues in the KVM subsystem where missing permission checks (CPL/IOPL) permit a user in a guest system to denial of service a guest (system crash) or gain escalated privileges with the guest. - CVE-2010-0307 Mathias Krause reported an issue with the load_elf_binary code on the amd64 flavor kernels that allows local users to cause a denial of service (system crash). - CVE-2010-0309 Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service (crash) of the host system. - CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory). - CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44860
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44860
    title Debian DSA-1996-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leak
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-6925.NASL
    description This update fixes lots of bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel. - A stack-based buffer overflow in the HFS subsystem of the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir() function in fs/hfs/dir.c. CVE-2010-0410: The connector netlink driver (drivers/connector/connector.c) of the Linux kernel allows local users to cause a denial of service (memory consumption or system crash) by sending the kernel many NETLINK_CONNECTOR messages. CVE-2009-3556: A configuration value in the qla2xxx driver of the Linux kernel when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the vport_create and vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. (CVE-2009-4020)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 49870
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49870
    title SuSE 10 Security Update : Linux kernel (x86) (ZYPP Patch Number 6925)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0398.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) * a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) * a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) This update also fixes the following bugs : * in some cases, booting a system with the 'iommu=on' kernel parameter resulted in a Xen hypervisor panic. (BZ#580199) * the fnic driver flushed the Rx queue instead of the Tx queue after fabric login. This caused crashes in some cases. (BZ#580829) * 'kernel unaligned access' warnings were logged to the dmesg log on some systems. (BZ#580832) * the 'Northbridge Error, node 1, core: -1 K8 ECC error' error occurred on some systems using the amd64_edac driver. (BZ#580836) * in rare circumstances, when using kdump and booting a kernel with 'crashkernel=128M@16M', the kdump kernel did not boot after a crash. (BZ#580838) * TLB page table entry flushing was done incorrectly on IBM System z, possibly causing crashes, subtle data inconsistency, or other issues. (BZ#580839) * iSCSI failover times were slower than in Red Hat Enterprise Linux 5.3. (BZ#580840) * fixed floating point state corruption after signal. (BZ#580841) * in certain circumstances, under heavy load, certain network interface cards using the bnx2 driver and configured to use MSI-X, could stop processing interrupts and then network connectivity would cease. (BZ#587799) * cnic parts resets could cause a deadlock when the bnx2 device was enslaved in a bonding device and that device had an associated VLAN. (BZ#581148) * some BIOS implementations initialized interrupt remapping hardware in a way the Xen hypervisor implementation did not expect. This could have caused a system hang during boot. (BZ#581150) * AMD Magny-Cours systems panicked when booting a 32-bit kernel. (BZ#580846) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46307
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46307
    title RHEL 5 : kernel (RHSA-2010:0398)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100506_KERNEL_ON_SL_5_0.NASL
    description This kernel is already in SL 5.5 This updated contains all the security and bug fixes from the 2.6.18-194.el5 kernel. In additions this update fixes the following security issues : - a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) - on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) - a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) - a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) - a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) This update also fixes the following bugs : - in some cases, booting a system with the 'iommu=on' kernel parameter resulted in a Xen hypervisor panic. (BZ#580199) - the fnic driver flushed the Rx queue instead of the Tx queue after fabric login. This caused crashes in some cases. (BZ#580829) - 'kernel unaligned access' warnings were logged to the dmesg log on some systems. (BZ#580832) - the 'Northbridge Error, node 1, core: -1 K8 ECC error' error occurred on some systems using the amd64_edac driver. (BZ#580836) - in rare circumstances, when using kdump and booting a kernel with 'crashkernel=128M@16M', the kdump kernel did not boot after a crash. (BZ#580838) - TLB page table entry flushing was done incorrectly on IBM System z, possibly causing crashes, subtle data inconsistency, or other issues. (BZ#580839) - iSCSI failover times were slower than in Red Hat Enterprise Linux 5.3. (BZ#580840) - fixed floating point state corruption after signal. (BZ#580841) - in certain circumstances, under heavy load, certain network interface cards using the bnx2 driver and configured to use MSI-X, could stop processing interrupts and then network connectivity would cease. (BZ#587799) - cnic parts resets could cause a deadlock when the bnx2 device was enslaved in a bonding device and that device had an associated VLAN. (BZ#581148) - some BIOS implementations initialized interrupt remapping hardware in a way the Xen hypervisor implementation did not expect. This could have caused a system hang during boot. (BZ#581150) - AMD Magny-Cours systems panicked when booting a 32-bit kernel. (BZ#580846) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60788
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60788
    title Scientific Linux Security Update : kernel on SL 5.0-5.4 i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0398.NASL
    description From Red Hat Security Advisory 2010:0398 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) * a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) * a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) This update also fixes the following bugs : * in some cases, booting a system with the 'iommu=on' kernel parameter resulted in a Xen hypervisor panic. (BZ#580199) * the fnic driver flushed the Rx queue instead of the Tx queue after fabric login. This caused crashes in some cases. (BZ#580829) * 'kernel unaligned access' warnings were logged to the dmesg log on some systems. (BZ#580832) * the 'Northbridge Error, node 1, core: -1 K8 ECC error' error occurred on some systems using the amd64_edac driver. (BZ#580836) * in rare circumstances, when using kdump and booting a kernel with 'crashkernel=128M@16M', the kdump kernel did not boot after a crash. (BZ#580838) * TLB page table entry flushing was done incorrectly on IBM System z, possibly causing crashes, subtle data inconsistency, or other issues. (BZ#580839) * iSCSI failover times were slower than in Red Hat Enterprise Linux 5.3. (BZ#580840) * fixed floating point state corruption after signal. (BZ#580841) * in certain circumstances, under heavy load, certain network interface cards using the bnx2 driver and configured to use MSI-X, could stop processing interrupts and then network connectivity would cease. (BZ#587799) * cnic parts resets could cause a deadlock when the bnx2 device was enslaved in a bonding device and that device had an associated VLAN. (BZ#581148) * some BIOS implementations initialized interrupt remapping hardware in a way the Xen hypervisor implementation did not expect. This could have caused a system hang during boot. (BZ#581150) * AMD Magny-Cours systems panicked when booting a 32-bit kernel. (BZ#580846) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68037
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68037
    title Oracle Linux 5 : kernel (ELSA-2010-0398)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-914-1.NASL
    description Mathias Krause discovered that the Linux kernel did not correctly handle missing ELF interpreters. A local attacker could exploit this to cause the system to crash, leading to a denial of service. (CVE-2010-0307) Marcelo Tosatti discovered that the Linux kernel's hardware virtualization did not correctly handle reading the /dev/port special device. A local attacker in a guest operating system could issue a specific read that would cause the host system to crash, leading to a denial of service. (CVE-2010-0309) Sebastian Krahmer discovered that the Linux kernel did not correctly handle netlink connector messages. A local attacker could exploit this to consume kernel memory, leading to a denial of service. (CVE-2010-0410) Ramon de Carvalho Valle discovered that the Linux kernel did not correctly validate certain memory migration calls. A local attacker could exploit this to read arbitrary kernel memory or cause a system crash, leading to a denial of service. (CVE-2010-0415) Jermome Marchand and Mikael Pettersson discovered that the Linux kernel did not correctly handle certain futex operations. A local attacker could exploit this to cause a system crash, leading to a denial of service. (CVE-2010-0622, CVE-2010-0623). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 45081
    published 2010-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45081
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-914-1)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2011-0003.NASL
    description a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. f. vCenter Server third-party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. g. ESX third-party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. h. ESXi third-party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. i. ESX third-party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. j. ESX third-party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Notes : - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release. - The update also addresses CVE-2010-2240 for ESX 4.0.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 51971
    published 2011-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51971
    title VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_KERNEL-100301.NASL
    description The openSUSE 11.0 kernel was updated to fix following security issues : CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. CVE-2010-0307: The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. CVE-2010-0410: drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. CVE-2010-0415: The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 45010
    published 2010-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45010
    title openSUSE Security Update : kernel (kernel-2089)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0398.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) * a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) * a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) This update also fixes the following bugs : * in some cases, booting a system with the 'iommu=on' kernel parameter resulted in a Xen hypervisor panic. (BZ#580199) * the fnic driver flushed the Rx queue instead of the Tx queue after fabric login. This caused crashes in some cases. (BZ#580829) * 'kernel unaligned access' warnings were logged to the dmesg log on some systems. (BZ#580832) * the 'Northbridge Error, node 1, core: -1 K8 ECC error' error occurred on some systems using the amd64_edac driver. (BZ#580836) * in rare circumstances, when using kdump and booting a kernel with 'crashkernel=128M@16M', the kdump kernel did not boot after a crash. (BZ#580838) * TLB page table entry flushing was done incorrectly on IBM System z, possibly causing crashes, subtle data inconsistency, or other issues. (BZ#580839) * iSCSI failover times were slower than in Red Hat Enterprise Linux 5.3. (BZ#580840) * fixed floating point state corruption after signal. (BZ#580841) * in certain circumstances, under heavy load, certain network interface cards using the bnx2 driver and configured to use MSI-X, could stop processing interrupts and then network connectivity would cease. (BZ#587799) * cnic parts resets could cause a deadlock when the bnx2 device was enslaved in a bonding device and that device had an associated VLAN. (BZ#581148) * some BIOS implementations initialized interrupt remapping hardware in a way the Xen hypervisor implementation did not expect. This could have caused a system hang during boot. (BZ#581150) * AMD Magny-Cours systems panicked when booting a 32-bit kernel. (BZ#580846) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46759
    published 2010-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46759
    title CentOS 5 : kernel (CESA-2010:0398)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2005.NASL
    description NOTE: This kernel update marks the final planned kernel security update for the 2.6.24 kernel in the Debian release 'etch'. Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date. Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2691 Steve Beattie and Kees Cook reported an information leak in the maps and smaps files available under /proc. Local users may be able to read this data for setuid processes while the ELF binary is being loaded. - CVE-2009-2695 Eric Paris provided several fixes to increase the protection provided by the mmap_min_addr tunable against NULL pointer dereference vulnerabilities. - CVE-2009-3080 Dave Jones reported an issue in the gdth SCSI driver. A missing check for negative offsets in an ioctl call could be exploited by local users to create a denial of service or potentially gain elevated privileges. - CVE-2009-3726 Trond Myklebust reported an issue where a malicious NFS server could cause a denial of service condition on its clients by returning incorrect attributes during an open call. - CVE-2009-3889 Joe Malicki discovered an issue in the megaraid_sas driver. Insufficient permissions on the sysfs dbg_lvl interface allow local users to modify the debug logging behavior. - CVE-2009-4005 Roel Kluin discovered an issue in the hfc_usb driver, an ISDN driver for Colognechip HFC-S USB chip. A potential read overflow exists which may allow remote users to cause a denial of service condition (oops). - CVE-2009-4020 Amerigo Wang discovered an issue in the HFS filesystem that would allow a denial of service by a local user who has sufficient privileges to mount a specially crafted filesystem. - CVE-2009-4021 Anana V. Avati discovered an issue in the fuse subsystem. If the system is sufficiently low on memory, a local user can cause the kernel to dereference an invalid pointer resulting in a denial of service (oops) and potentially an escalation of privileges. - CVE-2009-4138 Jay Fenlason discovered an issue in the firewire stack that allows local users to cause a denial of service (oops or crash) by making a specially crafted ioctl call. - CVE-2009-4308 Ted Ts'o discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (NULL pointer dereference). For this to be exploitable, the local user must have sufficient privileges to mount a filesystem. - CVE-2009-4536 CVE-2009-4538 Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted Ethernet frames. - CVE-2010-0003 Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. - CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. - CVE-2010-0291 Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service (system panic) or obtain elevated privileges. - CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory). - CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory. - CVE-2010-0622 Jerome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service (oops).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44951
    published 2010-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44951
    title Debian DSA-2005-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-6929.NASL
    description This update fixes lots of bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel. - A stack-based buffer overflow in the HFS subsystem of the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir() function in fs/hfs/dir.c. CVE-2010-0410: The connector netlink driver (drivers/connector/connector.c) of the Linux kernel allows local users to cause a denial of service (memory consumption or system crash) by sending the kernel many NETLINK_CONNECTOR messages. CVE-2009-3556: A configuration value in the qla2xxx driver of the Linux kernel when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the vport_create and vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. (CVE-2009-4020)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 59146
    published 2012-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59146
    title SuSE 10 Security Update : Linux kernel (x86_64) (ZYPP Patch Number 6929)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-088.NASL
    description Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. (CVE-2009-3620) fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount symlinks, which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088) The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. (CVE-2010-0622) drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. (CVE-2010-0410) The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem. (CVE-2010-0623) Aditionally, the kernel was updated to the 2.6.31.13 stable release, it was added support for Cirrus Logic CS420x HDA codec, Wacom driver was updated to version 0.8.5-12 and there is a fix in the driver for backlight on Eee PC 1201HA. To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48181
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48181
    title Mandriva Linux Security Advisory : kernel (MDVSA-2010:088)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-100223.NASL
    description The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.45 fixing various bugs and security issues. - The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. (CVE-2010-0622) - The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. (CVE-2010-0307) - Users could send/allocate arbitrary amounts of NETLINK_CONNECTOR messages to the kernel, causing OOM condition, killing selected processes or halting the system. (CVE-2010-0410) - The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernels node set. (CVE-2010-0415) - net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. (CVE-2010-0007) - drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. (CVE-2009-4538) - The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. (CVE-2010-0003) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44966
    published 2010-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44966
    title SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 2040 / 2043 / 2044)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_KERNEL-100223.NASL
    description The openSUSE 11.1 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. CVE-2010-0307: The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. CVE-2010-0410: Users could send/allocate arbitrary amounts of NETLINK_CONNECTOR messages to the kernel, causing OOM condition, killing selected processes or halting the system. CVE-2010-0415: The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set. CVE-2010-0007: net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. CVE-2009-4538: drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. CVE-2010-0003: The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 44964
    published 2010-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44964
    title openSUSE Security Update : kernel (kernel-2050)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1787.NASL
    description Kernel security update. Bugs fixed: #563091 #510823 #559100 #533087 CVE-2010-0307 CVE-2010-0410 CVE-2010-0415 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47270
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47270
    title Fedora 12 : kernel-2.6.31.12-174.2.19.fc12 (2010-1787)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-7011.NASL
    description This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The bugs fixed include a serious data corruption regression in NFS. The following security issues were fixed : - drivers/net/r8169.c in the r8169 driver in the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. (CVE-2009-4537) - The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in the Linux kernel arlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE. (CVE-2010-1086) - fs/namei.c in Linux kernel does not always follow NFS automount 'symlinks,' which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088) - Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020) - The processcompl_compat function in drivers/usb/core/devio.c in the Linux kernel does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory). (CVE-2010-1083) - drivers/connector/connector.c in the Linux kernel allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. (CVE-2010-0410)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 46252
    published 2010-05-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46252
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7011)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2011-0003_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Apache Tomcat - Apache Tomcat Manager - cURL - Java Runtime Environment (JRE) - Kernel - Microsoft SQL Express - OpenSSL - pam_krb5
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89674
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89674
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-7015.NASL
    description This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The bugs fixed include a serious data corruption regression in NFS. The following security issues were fixed : - drivers/net/r8169.c in the r8169 driver in the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. (CVE-2009-4537) - The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in the Linux kernel arlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE. (CVE-2010-1086) - fs/namei.c in Linux kernel does not always follow NFS automount 'symlinks,' which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. (CVE-2010-1088) - Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020) - The processcompl_compat function in drivers/usb/core/devio.c in the Linux kernel does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitive information (kernel memory). (CVE-2010-1083) - drivers/connector/connector.c in the Linux kernel allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. (CVE-2010-0410)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 59148
    published 2012-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59148
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7015)
oval via4
accepted 2013-04-29T04:09:51.869-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages.
family unix
id oval:org.mitre.oval:def:10903
status accepted
submitted 2010-07-09T03:56:16-04:00
title drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages.
version 18
redhat via4
advisories
  • rhsa
    id RHSA-2010:0161
  • rhsa
    id RHSA-2010:0398
rpms
  • kernel-0:2.6.18-194.3.1.el5
  • kernel-PAE-0:2.6.18-194.3.1.el5
  • kernel-PAE-devel-0:2.6.18-194.3.1.el5
  • kernel-debug-0:2.6.18-194.3.1.el5
  • kernel-debug-devel-0:2.6.18-194.3.1.el5
  • kernel-devel-0:2.6.18-194.3.1.el5
  • kernel-doc-0:2.6.18-194.3.1.el5
  • kernel-headers-0:2.6.18-194.3.1.el5
  • kernel-kdump-0:2.6.18-194.3.1.el5
  • kernel-kdump-devel-0:2.6.18-194.3.1.el5
  • kernel-xen-0:2.6.18-194.3.1.el5
  • kernel-xen-devel-0:2.6.18-194.3.1.el5
refmap via4
bid 38058
bugtraq 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
confirm
debian
  • DSA-1996
  • DSA-2005
fedora
  • FEDORA-2010-1787
  • FEDORA-2010-1804
mandriva MDVSA-2010:088
mlist
  • [oss-security] 20100203 CVE request: kernel OOM/crash in drivers/connector
  • [oss-security] 20100203 Re: CVE request: kernel OOM/crash in drivers/connector
secunia
  • 38492
  • 38557
  • 38779
  • 38922
  • 39033
  • 39649
  • 39742
  • 43315
suse
  • SUSE-SA:2010:014
  • SUSE-SA:2010:018
  • SUSE-SA:2010:019
  • SUSE-SA:2010:023
ubuntu USN-914-1
vupen ADV-2010-0638
statements via4
contributor Vincent Danen
lastmodified 2010-03-12
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-0410. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for kernel connectors. Future updates in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw.
Last major update 19-03-2012 - 00:00
Published 22-02-2010 - 08:00
Last modified 16-11-2018 - 11:06
Back to Top