ID CVE-2011-1020
Summary The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
References
Vulnerable Configurations
  • Linux Kernel 2.6.21.6
    cpe:2.3:o:linux:linux_kernel:2.6.21.6
  • Linux Kernel 2.6.21.3
    cpe:2.3:o:linux:linux_kernel:2.6.21.3
  • Linux Kernel 2.6.21.7
    cpe:2.3:o:linux:linux_kernel:2.6.21.7
  • Linux Kernel 2.6.21.5
    cpe:2.3:o:linux:linux_kernel:2.6.21.5
  • Linux Kernel 2.6.21
    cpe:2.3:o:linux:linux_kernel:2.6.21
  • Linux Kernel 2.6.21.2
    cpe:2.3:o:linux:linux_kernel:2.6.21.2
  • Linux Kernel 2.6.20.3
    cpe:2.3:o:linux:linux_kernel:2.6.20.3
  • Linux Kernel 2.6.20.16
    cpe:2.3:o:linux:linux_kernel:2.6.20.16
  • Linux Kernel 2.6.20.4
    cpe:2.3:o:linux:linux_kernel:2.6.20.4
  • Linux Kernel 2.6.20.5
    cpe:2.3:o:linux:linux_kernel:2.6.20.5
  • Linux Kernel 2.6.20.6
    cpe:2.3:o:linux:linux_kernel:2.6.20.6
  • Linux Kernel 2.6.20.7
    cpe:2.3:o:linux:linux_kernel:2.6.20.7
  • Linux Kernel 2.6.20.8
    cpe:2.3:o:linux:linux_kernel:2.6.20.8
  • Linux Kernel 2.6.20.9
    cpe:2.3:o:linux:linux_kernel:2.6.20.9
  • Linux Kernel 2.6.20.10
    cpe:2.3:o:linux:linux_kernel:2.6.20.10
  • Linux Kernel 2.6.20.11
    cpe:2.3:o:linux:linux_kernel:2.6.20.11
  • Linux Kernel 2.6.20.12
    cpe:2.3:o:linux:linux_kernel:2.6.20.12
  • Linux Kernel 2.6.20.13
    cpe:2.3:o:linux:linux_kernel:2.6.20.13
  • Linux Kernel 2.6.20.14
    cpe:2.3:o:linux:linux_kernel:2.6.20.14
  • Linux Kernel 2.6.20.15
    cpe:2.3:o:linux:linux_kernel:2.6.20.15
  • Linux Kernel 2.6.20.21
    cpe:2.3:o:linux:linux_kernel:2.6.20.21
  • Linux Kernel 2.6.20.18
    cpe:2.3:o:linux:linux_kernel:2.6.20.18
  • Linux Kernel 2.6.20
    cpe:2.3:o:linux:linux_kernel:2.6.20
  • Linux Kernel 2.6.20.17
    cpe:2.3:o:linux:linux_kernel:2.6.20.17
  • Linux Kernel 2.6.20.2
    cpe:2.3:o:linux:linux_kernel:2.6.20.2
  • Linux Kernel 2.6.20.20
    cpe:2.3:o:linux:linux_kernel:2.6.20.20
  • Linux Kernel 2.6.20.19
    cpe:2.3:o:linux:linux_kernel:2.6.20.19
  • Linux Kernel 2.6.20.1
    cpe:2.3:o:linux:linux_kernel:2.6.20.1
  • Linux Kernel 2.6.19.7
    cpe:2.3:o:linux:linux_kernel:2.6.19.7
  • Linux Kernel 2.6.19.5
    cpe:2.3:o:linux:linux_kernel:2.6.19.5
  • Linux Kernel 2.6.19.6
    cpe:2.3:o:linux:linux_kernel:2.6.19.6
  • Linux Kernel 2.6.19.4
    cpe:2.3:o:linux:linux_kernel:2.6.19.4
  • Linux Kernel 2.6.19
    cpe:2.3:o:linux:linux_kernel:2.6.19
  • Linux Kernel 2.6.19.2
    cpe:2.3:o:linux:linux_kernel:2.6.19.2
  • Linux Kernel 2.6.19.1
    cpe:2.3:o:linux:linux_kernel:2.6.19.1
  • Linux Kernel 2.6.19.3
    cpe:2.3:o:linux:linux_kernel:2.6.19.3
  • Linux Kernel 2.6.18 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc5
  • Linux Kernel 2.6.18 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc6
  • Linux Kernel 2.6.18 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc7
  • Linux Kernel 2.6.18 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc1
  • Linux Kernel 2.6.18 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc2
  • Linux Kernel 2.6.18 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc3
  • Linux Kernel 2.6.18 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.18:rc4
  • Linux Kernel 2.6.18.1
    cpe:2.3:o:linux:linux_kernel:2.6.18.1
  • Linux Kernel 2.6.18
    cpe:2.3:o:linux:linux_kernel:2.6.18
  • Linux Kernel 2.6.18.3
    cpe:2.3:o:linux:linux_kernel:2.6.18.3
  • Linux Kernel 2.6.18.2
    cpe:2.3:o:linux:linux_kernel:2.6.18.2
  • Linux Kernel 2.6.18.5
    cpe:2.3:o:linux:linux_kernel:2.6.18.5
  • Linux Kernel 2.6.18.4
    cpe:2.3:o:linux:linux_kernel:2.6.18.4
  • Linux Kernel 2.6.18.7
    cpe:2.3:o:linux:linux_kernel:2.6.18.7
  • Linux Kernel 2.6.18.6
    cpe:2.3:o:linux:linux_kernel:2.6.18.6
  • Linux Kernel 2.6.18.8
    cpe:2.3:o:linux:linux_kernel:2.6.18.8
  • Linux Kernel 2.6.17.4
    cpe:2.3:o:linux:linux_kernel:2.6.17.4
  • Linux Kernel 2.6.17.5
    cpe:2.3:o:linux:linux_kernel:2.6.17.5
  • Linux Kernel 2.6.17.2
    cpe:2.3:o:linux:linux_kernel:2.6.17.2
  • Linux Kernel 2.6.17.3
    cpe:2.3:o:linux:linux_kernel:2.6.17.3
  • Linux Kernel 2.6.17
    cpe:2.3:o:linux:linux_kernel:2.6.17
  • Linux Kernel 2.6.17.1
    cpe:2.3:o:linux:linux_kernel:2.6.17.1
  • Linux Kernel 2.6.17.12
    cpe:2.3:o:linux:linux_kernel:2.6.17.12
  • Linux Kernel 2.6.17.13
    cpe:2.3:o:linux:linux_kernel:2.6.17.13
  • Linux Kernel 2.6.17.10
    cpe:2.3:o:linux:linux_kernel:2.6.17.10
  • Linux Kernel 2.6.17.11
    cpe:2.3:o:linux:linux_kernel:2.6.17.11
  • Linux Kernel 2.6.17.8
    cpe:2.3:o:linux:linux_kernel:2.6.17.8
  • Linux Kernel 2.6.17.9
    cpe:2.3:o:linux:linux_kernel:2.6.17.9
  • Linux Kernel 2.6.17.6
    cpe:2.3:o:linux:linux_kernel:2.6.17.6
  • Linux Kernel 2.6.17.7
    cpe:2.3:o:linux:linux_kernel:2.6.17.7
  • Linux Kernel 2.6.17.14
    cpe:2.3:o:linux:linux_kernel:2.6.17.14
  • Linux Kernel 2.6.16.8
    cpe:2.3:o:linux:linux_kernel:2.6.16.8
  • Linux Kernel 2.6.16.7
    cpe:2.3:o:linux:linux_kernel:2.6.16.7
  • Linux Kernel 2.6.16.6
    cpe:2.3:o:linux:linux_kernel:2.6.16.6
  • Linux Kernel 2.6.16.5
    cpe:2.3:o:linux:linux_kernel:2.6.16.5
  • Linux Kernel 2.6.16.12
    cpe:2.3:o:linux:linux_kernel:2.6.16.12
  • Linux Kernel 2.6.16.11
    cpe:2.3:o:linux:linux_kernel:2.6.16.11
  • Linux Kernel 2.6.16.10
    cpe:2.3:o:linux:linux_kernel:2.6.16.10
  • Linux Kernel 2.6.16.9
    cpe:2.3:o:linux:linux_kernel:2.6.16.9
  • Linux Kernel 2.6.16
    cpe:2.3:o:linux:linux_kernel:2.6.16
  • Linux Kernel 2.6.16.4
    cpe:2.3:o:linux:linux_kernel:2.6.16.4
  • Linux Kernel 2.6.16.3
    cpe:2.3:o:linux:linux_kernel:2.6.16.3
  • Linux Kernel 2.6.16.2
    cpe:2.3:o:linux:linux_kernel:2.6.16.2
  • Linux Kernel 2.6.16.1
    cpe:2.3:o:linux:linux_kernel:2.6.16.1
  • Linux Kernel 2.6.16.61
    cpe:2.3:o:linux:linux_kernel:2.6.16.61
  • Linux Kernel 2.6.16.62
    cpe:2.3:o:linux:linux_kernel:2.6.16.62
  • Linux Kernel 2.6.16.52
    cpe:2.3:o:linux:linux_kernel:2.6.16.52
  • Linux Kernel 2.6.16.51
    cpe:2.3:o:linux:linux_kernel:2.6.16.51
  • Linux Kernel 2.6.16.50
    cpe:2.3:o:linux:linux_kernel:2.6.16.50
  • Linux Kernel 2.6.16.49
    cpe:2.3:o:linux:linux_kernel:2.6.16.49
  • Linux Kernel 2.6.16.48
    cpe:2.3:o:linux:linux_kernel:2.6.16.48
  • Linux Kernel 2.6.16.47
    cpe:2.3:o:linux:linux_kernel:2.6.16.47
  • Linux Kernel 2.6.16.46
    cpe:2.3:o:linux:linux_kernel:2.6.16.46
  • Linux Kernel 2.6.16.45
    cpe:2.3:o:linux:linux_kernel:2.6.16.45
  • Linux Kernel 2.6.16.60
    cpe:2.3:o:linux:linux_kernel:2.6.16.60
  • Linux Kernel 2.6.16.59
    cpe:2.3:o:linux:linux_kernel:2.6.16.59
  • Linux Kernel 2.6.16.58
    cpe:2.3:o:linux:linux_kernel:2.6.16.58
  • Linux Kernel 2.6.16.57
    cpe:2.3:o:linux:linux_kernel:2.6.16.57
  • Linux Kernel 2.6.16.56
    cpe:2.3:o:linux:linux_kernel:2.6.16.56
  • Linux Kernel 2.16.55
    cpe:2.3:o:linux:linux_kernel:2.6.16.55
  • Linux Kernel 2.6.16.54
    cpe:2.3:o:linux:linux_kernel:2.6.16.54
  • Linux Kernel 2.6.16.53
    cpe:2.3:o:linux:linux_kernel:2.6.16.53
  • Linux Kernel 2.6.16.33
    cpe:2.3:o:linux:linux_kernel:2.6.16.33
  • Linux Kernel 2.6.16.34
    cpe:2.3:o:linux:linux_kernel:2.6.16.34
  • Linux Kernel 2.6.16.35
    cpe:2.3:o:linux:linux_kernel:2.6.16.35
  • Linux Kernel 2.6.16.36
    cpe:2.3:o:linux:linux_kernel:2.6.16.36
  • Linux Kernel 2.6.16.29
    cpe:2.3:o:linux:linux_kernel:2.6.16.29
  • Linux Kernel 2.6.16.30
    cpe:2.3:o:linux:linux_kernel:2.6.16.30
  • Linux Kernel 2.6.16.31
    cpe:2.3:o:linux:linux_kernel:2.6.16.31
  • Linux Kernel 2.6.16.32
    cpe:2.3:o:linux:linux_kernel:2.6.16.32
  • Linux Kernel 2.6.16.41
    cpe:2.3:o:linux:linux_kernel:2.6.16.41
  • Linux Kernel 2.6.16.42
    cpe:2.3:o:linux:linux_kernel:2.6.16.42
  • Linux Kernel 2.6.16.43
    cpe:2.3:o:linux:linux_kernel:2.6.16.43
  • Linux Kernel 2.6.16.44
    cpe:2.3:o:linux:linux_kernel:2.6.16.44
  • Linux Kernel 2.6.16.37
    cpe:2.3:o:linux:linux_kernel:2.6.16.37
  • Linux Kernel 2.6.16.38
    cpe:2.3:o:linux:linux_kernel:2.6.16.38
  • Linux Kernel 2.6.16.39
    cpe:2.3:o:linux:linux_kernel:2.6.16.39
  • Linux Kernel 2.6.16.40
    cpe:2.3:o:linux:linux_kernel:2.6.16.40
  • Linux Kernel 2.6.16.18
    cpe:2.3:o:linux:linux_kernel:2.6.16.18
  • cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc1
    cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc1
  • Linux Kernel 2.6.16.17
    cpe:2.3:o:linux:linux_kernel:2.6.16.17
  • cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc4
    cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc4
  • Linux Kernel 2.6.16.20
    cpe:2.3:o:linux:linux_kernel:2.6.16.20
  • cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc2
    cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc2
  • Linux Kernel 2.6.16.19
    cpe:2.3:o:linux:linux_kernel:2.6.16.19
  • cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc3
    cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc3
  • Linux Kernel 2.6.16.14
    cpe:2.3:o:linux:linux_kernel:2.6.16.14
  • Linux Kernel 2.6.16.13
    cpe:2.3:o:linux:linux_kernel:2.6.16.13
  • Linux Kernel 2.6.16.16
    cpe:2.3:o:linux:linux_kernel:2.6.16.16
  • Linux Kernel 2.6.16.15
    cpe:2.3:o:linux:linux_kernel:2.6.16.15
  • Linux Kernel 2.6.16.26
    cpe:2.3:o:linux:linux_kernel:2.6.16.26
  • Linux Kernel 2.6.16.25
    cpe:2.3:o:linux:linux_kernel:2.6.16.25
  • Linux Kernel 2.6.16.28
    cpe:2.3:o:linux:linux_kernel:2.6.16.28
  • Linux Kernel 2.6.16.27
    cpe:2.3:o:linux:linux_kernel:2.6.16.27
  • Linux Kernel 2.6.16.22
    cpe:2.3:o:linux:linux_kernel:2.6.16.22
  • Linux Kernel 2.6.16.21
    cpe:2.3:o:linux:linux_kernel:2.6.16.21
  • Linux Kernel 2.6.16.24
    cpe:2.3:o:linux:linux_kernel:2.6.16.24
  • Linux Kernel 2.6.16.23
    cpe:2.3:o:linux:linux_kernel:2.6.16.23
  • cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc5
    cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc5
  • Linux Kernel 2.6.15.7
    cpe:2.3:o:linux:linux_kernel:2.6.15.7
  • Linux Kernel 2.6.15.6
    cpe:2.3:o:linux:linux_kernel:2.6.15.6
  • Linux Kernel 2.6.15.5
    cpe:2.3:o:linux:linux_kernel:2.6.15.5
  • Linux Kernel 2.6.15
    cpe:2.3:o:linux:linux_kernel:2.6.15
  • Linux Kernel 2.6.15.3
    cpe:2.3:o:linux:linux_kernel:2.6.15.3
  • Linux Kernel 2.6.15.4
    cpe:2.3:o:linux:linux_kernel:2.6.15.4
  • Linux Kernel 2.6.15.1
    cpe:2.3:o:linux:linux_kernel:2.6.15.1
  • Linux Kernel 2.6.15.2
    cpe:2.3:o:linux:linux_kernel:2.6.15.2
  • Linux Kernel 2.6.14.7
    cpe:2.3:o:linux:linux_kernel:2.6.14.7
  • Linux Kernel 2.6.14.5
    cpe:2.3:o:linux:linux_kernel:2.6.14.5
  • Linux Kernel 2.6.14.6
    cpe:2.3:o:linux:linux_kernel:2.6.14.6
  • Linux Kernel 2.6.14
    cpe:2.3:o:linux:linux_kernel:2.6.14
  • Linux Kernel 2.6.14.3
    cpe:2.3:o:linux:linux_kernel:2.6.14.3
  • Linux Kernel 2.6.14.4
    cpe:2.3:o:linux:linux_kernel:2.6.14.4
  • Linux Kernel 2.6.14.1
    cpe:2.3:o:linux:linux_kernel:2.6.14.1
  • Linux Kernel 2.6.14.2
    cpe:2.3:o:linux:linux_kernel:2.6.14.2
  • Linux Kernel 2.6.13.5
    cpe:2.3:o:linux:linux_kernel:2.6.13.5
  • Linux Kernel 2.6.13.3
    cpe:2.3:o:linux:linux_kernel:2.6.13.3
  • Linux Kernel 2.6.13.4
    cpe:2.3:o:linux:linux_kernel:2.6.13.4
  • Linux Kernel 2.6.13
    cpe:2.3:o:linux:linux_kernel:2.6.13
  • Linux Kernel 2.6.13.2
    cpe:2.3:o:linux:linux_kernel:2.6.13.2
  • Linux Kernel 2.6.13.1
    cpe:2.3:o:linux:linux_kernel:2.6.13.1
  • Linux Kernel 2.6.12.3
    cpe:2.3:o:linux:linux_kernel:2.6.12.3
  • Linux Kernel 2.6.12.2
    cpe:2.3:o:linux:linux_kernel:2.6.12.2
  • Linux Kernel 2.6.12.5
    cpe:2.3:o:linux:linux_kernel:2.6.12.5
  • Linux Kernel 2.6.12.4
    cpe:2.3:o:linux:linux_kernel:2.6.12.4
  • Linux Kernel 2.6.12.6
    cpe:2.3:o:linux:linux_kernel:2.6.12.6
  • Linux Kernel 2.6.12.1
    cpe:2.3:o:linux:linux_kernel:2.6.12.1
  • Linux Kernel 2.6.12
    cpe:2.3:o:linux:linux_kernel:2.6.12
  • Linux Kernel 2.6.11.8
    cpe:2.3:o:linux:linux_kernel:2.6.11.8
  • Linux Kernel 2.6.11.7
    cpe:2.3:o:linux:linux_kernel:2.6.11.7
  • Linux Kernel 2.6.11.10
    cpe:2.3:o:linux:linux_kernel:2.6.11.10
  • Linux Kernel 2.6.11.9
    cpe:2.3:o:linux:linux_kernel:2.6.11.9
  • Linux Kernel 2.6.11.12
    cpe:2.3:o:linux:linux_kernel:2.6.11.12
  • Linux Kernel 2.6.11.11
    cpe:2.3:o:linux:linux_kernel:2.6.11.11
  • Linux Kernel 2.6.11
    cpe:2.3:o:linux:linux_kernel:2.6.11
  • Linux Kernel 2.6.11.1
    cpe:2.3:o:linux:linux_kernel:2.6.11.1
  • Linux Kernel 2.6.11.2
    cpe:2.3:o:linux:linux_kernel:2.6.11.2
  • Linux Kernel 2.6.11.3
    cpe:2.3:o:linux:linux_kernel:2.6.11.3
  • Linux Kernel 2.6.11.4
    cpe:2.3:o:linux:linux_kernel:2.6.11.4
  • Linux Kernel 2.6.11.5
    cpe:2.3:o:linux:linux_kernel:2.6.11.5
  • Linux Kernel 2.6.11.6
    cpe:2.3:o:linux:linux_kernel:2.6.11.6
  • Linux Kernel 2.6.10
    cpe:2.3:o:linux:linux_kernel:2.6.10
  • Linux Kernel 2.6.9
    cpe:2.3:o:linux:linux_kernel:2.6.9
  • Linux Kernel 2.6.8
    cpe:2.3:o:linux:linux_kernel:2.6.8
  • Linux Kernel 2.6.8.1
    cpe:2.3:o:linux:linux_kernel:2.6.8.1
  • Linux Kernel 2.6.7
    cpe:2.3:o:linux:linux_kernel:2.6.7
  • Linux Kernel 2.6.6
    cpe:2.3:o:linux:linux_kernel:2.6.6
  • Linux Kernel 2.6.5
    cpe:2.3:o:linux:linux_kernel:2.6.5
  • Linux Kernel 2.6.4
    cpe:2.3:o:linux:linux_kernel:2.6.4
  • Linux Kernel 2.6.3
    cpe:2.3:o:linux:linux_kernel:2.6.3
  • Linux Kernel 2.6.2
    cpe:2.3:o:linux:linux_kernel:2.6.2
  • Linux Kernel 2.6.1
    cpe:2.3:o:linux:linux_kernel:2.6.1
  • Linux Kernel 2.6.0
    cpe:2.3:o:linux:linux_kernel:2.6.0
  • Linux Kernel 2.6.33 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.33:rc4
  • Linux Kernel 2.6.33 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.33:rc2
  • Linux Kernel 2.6.33 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.33:rc3
  • Linux Kernel 2.6.33 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.33:rc6
  • Linux Kernel 2.6.33 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.33:rc5
  • Linux Kernel 2.6.33 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.33:rc1
  • Linux Kernel 2.6.33 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.33:rc7
  • Linux Kernel 2.6.32 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.32:rc7
  • Linux Kernel 2.6.32 Release Candidate 8
    cpe:2.3:o:linux:linux_kernel:2.6.32:rc8
  • Linux Kernel 2.6.32 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.32:rc4
  • Linux Kernel 2.6.32 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.32:rc3
  • Linux Kernel 2.6.32 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.32:rc1
  • cpe:2.3:o:linux:linux_kernel:2.6.32:git-6
    cpe:2.3:o:linux:linux_kernel:2.6.32:git-6
  • Linux Kernel 2.6.32.5
    cpe:2.3:o:linux:linux_kernel:2.6.32.5
  • Linux Kernel 2.6.32.6
    cpe:2.3:o:linux:linux_kernel:2.6.32.6
  • Linux Kernel 2.6.32.7
    cpe:2.3:o:linux:linux_kernel:2.6.32.7
  • Linux Kernel 2.6.32
    cpe:2.3:o:linux:linux_kernel:2.6.32
  • Linux Kernel 2.6.32.3
    cpe:2.3:o:linux:linux_kernel:2.6.32.3
  • Linux Kernel 2.6.32.2
    cpe:2.3:o:linux:linux_kernel:2.6.32.2
  • Linux Kernel 2.6.32.4
    cpe:2.3:o:linux:linux_kernel:2.6.32.4
  • Linux Kernel 2.6.32.1
    cpe:2.3:o:linux:linux_kernel:2.6.32.1
  • Linux Kernel 2.6.32 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.32:rc6
  • Linux Kernel 2.6.32 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.32:rc5
  • Linux Kernel 2.6.31.1
    cpe:2.3:o:linux:linux_kernel:2.6.31.1
  • Linux Kernel 2.6.31.3
    cpe:2.3:o:linux:linux_kernel:2.6.31.3
  • Linux Kernel 2.6.31.2
    cpe:2.3:o:linux:linux_kernel:2.6.31.2
  • Linux Kernel 2.6.31.4
    cpe:2.3:o:linux:linux_kernel:2.6.31.4
  • Linux Kernel 2.6.31 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.31:rc6
  • Linux Kernel 2.6.31 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.31:rc5
  • Linux Kernel 2.6.31 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.31:rc4
  • Linux Kernel 2.6.31 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.31:rc3
  • Linux Kernel 2.6.31 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.31:rc1
  • Linux Kernel 2.6.31 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.31:rc2
  • Linux Kernel 2.6.31
    cpe:2.3:o:linux:linux_kernel:2.6.31
  • Linux Kernel 2.6.31.5
    cpe:2.3:o:linux:linux_kernel:2.6.31.5
  • Linux Kernel 2.6.31.6
    cpe:2.3:o:linux:linux_kernel:2.6.31.6
  • linux Kernel 2.6.31 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.31:rc7
  • linux Kernel 2.6.31 Release Candidate 8
    cpe:2.3:o:linux:linux_kernel:2.6.31:rc8
  • Linux Kernel 2.6.33.1
    cpe:2.3:o:linux:linux_kernel:2.6.33.1
  • Linux Kernel 2.6.32.8
    cpe:2.3:o:linux:linux_kernel:2.6.32.8
  • Linux Kernel 2.6.32.9
    cpe:2.3:o:linux:linux_kernel:2.6.32.9
  • Linux Kernel 2.6.32.10
    cpe:2.3:o:linux:linux_kernel:2.6.32.10
  • Linux Kernel 2.6.31.7
    cpe:2.3:o:linux:linux_kernel:2.6.31.7
  • Linux Kernel 2.6.31.8
    cpe:2.3:o:linux:linux_kernel:2.6.31.8
  • Linux Kernel 2.6.31.9
    cpe:2.3:o:linux:linux_kernel:2.6.31.9
  • Linux Kernel 2.6.31.10
    cpe:2.3:o:linux:linux_kernel:2.6.31.10
  • Linux Kernel 2.6.31.11
    cpe:2.3:o:linux:linux_kernel:2.6.31.11
  • Linux Kernel 2.6.31.12
    cpe:2.3:o:linux:linux_kernel:2.6.31.12
  • Linux Kernel 2.6.30.9
    cpe:2.3:o:linux:linux_kernel:2.6.30.9
  • Linux Kernel 2.6.30.4
    cpe:2.3:o:linux:linux_kernel:2.6.30.4
  • Linux Kernel 2.6.30 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.30:rc3
  • Linux Kernel 2.6.30.2
    cpe:2.3:o:linux:linux_kernel:2.6.30.2
  • Linux Kernel 2.6.30.6
    cpe:2.3:o:linux:linux_kernel:2.6.30.6
  • Linux Kernel 2.6.30.8
    cpe:2.3:o:linux:linux_kernel:2.6.30.8
  • Linux Kernel 2.6.30.7
    cpe:2.3:o:linux:linux_kernel:2.6.30.7
  • Linux Kernel 2.6.30.5
    cpe:2.3:o:linux:linux_kernel:2.6.30.5
  • Linux Kernel 2.6.30.3
    cpe:2.3:o:linux:linux_kernel:2.6.30.3
  • Linux Kernel 2.6.30 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.30:rc6
  • Linux Kernel 2.6.30 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.30:rc2
  • Linux Kernel 2.6.30 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.30:rc5
  • Linux Kernel 2.6.30
    cpe:2.3:o:linux:linux_kernel:2.6.30
  • Linux Kernel 2.6.30.1
    cpe:2.3:o:linux:linux_kernel:2.6.30.1
  • Linux Kernel 2.6.30 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.30:rc1
  • cpe:2.3:o:linux:linux_kernel:2.6.30:rc7-git6
    cpe:2.3:o:linux:linux_kernel:2.6.30:rc7-git6
  • Linux Kernel 2.6.30.10
    cpe:2.3:o:linux:linux_kernel:2.6.30.10
  • Linux Kernel 2.6.29.6
    cpe:2.3:o:linux:linux_kernel:2.6.29.6
  • Linux Kernel 2.6.29.5
    cpe:2.3:o:linux:linux_kernel:2.6.29.5
  • Linux Kernel 2.6.29.4
    cpe:2.3:o:linux:linux_kernel:2.6.29.4
  • Linux Kernel 2.6.29.3
    cpe:2.3:o:linux:linux_kernel:2.6.29.3
  • Linux Kernel 2.6.29.2
    cpe:2.3:o:linux:linux_kernel:2.6.29.2
  • Linux Kernel 2.6.29.1
    cpe:2.3:o:linux:linux_kernel:2.6.29.1
  • Linux Kernel 2.6.29
    cpe:2.3:o:linux:linux_kernel:2.6.29
  • cpe:2.3:o:linux:linux_kernel:2.6.29:git1
    cpe:2.3:o:linux:linux_kernel:2.6.29:git1
  • Linux Kernel 2.6.29 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.29:rc1
  • Linux Kernel 2.6.29 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.29:rc2
  • cpe:2.3:o:linux:linux_kernel:2.6.29:rc2_git7
    cpe:2.3:o:linux:linux_kernel:2.6.29:rc2_git7
  • cpe:2.3:o:linux:linux_kernel:2.6.29:rc8-kk
    cpe:2.3:o:linux:linux_kernel:2.6.29:rc8-kk
  • Linux Kernel 2.6.28.5
    cpe:2.3:o:linux:linux_kernel:2.6.28.5
  • Linux Kernel 2.6.28 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc7
  • Linux Kernel 2.6.28.10
    cpe:2.3:o:linux:linux_kernel:2.6.28.10
  • Linux Kernel 2.6.28.8
    cpe:2.3:o:linux:linux_kernel:2.6.28.8
  • Linux Kernel 2.6.28 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc5
  • Linux Kernel 2.6.28 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc2
  • Linux Kernel 2.6.28 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc1
  • Linux Kernel 2.6.28 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc4
  • Linux Kernel 2.6.28 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc3
  • Linux Kernel 2.6.28.9
    cpe:2.3:o:linux:linux_kernel:2.6.28.9
  • Linux Kernel 2.6.28
    cpe:2.3:o:linux:linux_kernel:2.6.28
  • Linux Kernel 2.6.28.4
    cpe:2.3:o:linux:linux_kernel:2.6.28.4
  • Linux Kernel 2.6.28.1
    cpe:2.3:o:linux:linux_kernel:2.6.28.1
  • Linux Kernel 2.6.28.6
    cpe:2.3:o:linux:linux_kernel:2.6.28.6
  • Linux Kernel 2.6.28.7
    cpe:2.3:o:linux:linux_kernel:2.6.28.7
  • cpe:2.3:o:linux:linux_kernel:2.6.28:git7
    cpe:2.3:o:linux:linux_kernel:2.6.28:git7
  • Linux Kernel 2.6.28 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc6
  • Linux Kernel 2.6.28.3
    cpe:2.3:o:linux:linux_kernel:2.6.28.3
  • Linux Kernel 2.6.28.2
    cpe:2.3:o:linux:linux_kernel:2.6.28.2
  • Linux Kernel 2.6.27 Release Candidate 9
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc9
  • Linux Kernel 2.6.27 Release Candidate 8
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc8
  • Linux Kernel 2.6.27.20
    cpe:2.3:o:linux:linux_kernel:2.6.27.20
  • Linux Kernel 2.6.27.8
    cpe:2.3:o:linux:linux_kernel:2.6.27.8
  • Linux Kernel 2.6.27.23
    cpe:2.3:o:linux:linux_kernel:2.6.27.23
  • Linux Kernel 2.6.27.24
    cpe:2.3:o:linux:linux_kernel:2.6.27.24
  • Linux Kernel 2.6.27 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc5
  • Linux Kernel 2.6.27 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc4
  • Linux Kernel 2.6.27 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc7
  • Linux Kernel 2.6.27 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc6
  • Linux Kernel 2.6.27 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc1
  • Linux Kernel 2.6.27 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc3
  • Linux Kernel 2.6.27 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.27:rc2
  • Linux Kernel 2.6.27.10
    cpe:2.3:o:linux:linux_kernel:2.6.27.10
  • Linux Kernel 2.6.27.9
    cpe:2.3:o:linux:linux_kernel:2.6.27.9
  • Linux Kernel 2.6.27.12
    cpe:2.3:o:linux:linux_kernel:2.6.27.12
  • Linux Kernel 2.6.27.11
    cpe:2.3:o:linux:linux_kernel:2.6.27.11
  • Linux Kernel 2.6.27.22
    cpe:2.3:o:linux:linux_kernel:2.6.27.22
  • Linux Kernel 2.6.27.7
    cpe:2.3:o:linux:linux_kernel:2.6.27.7
  • Linux Kernel 2.6.27.34
    cpe:2.3:o:linux:linux_kernel:2.6.27.34
  • Linux Kernel 2.6.27.33
    cpe:2.3:o:linux:linux_kernel:2.6.27.33
  • Linux Kernel 2.6.27.36
    cpe:2.3:o:linux:linux_kernel:2.6.27.36
  • Linux Kernel 2.6.27.35
    cpe:2.3:o:linux:linux_kernel:2.6.27.35
  • Linux Kernel 2.6.27.37
    cpe:2.3:o:linux:linux_kernel:2.6.27.37
  • Linux Kernel 2.6.27.5
    cpe:2.3:o:linux:linux_kernel:2.6.27.5
  • Linux Kernel 2.6.27.6
    cpe:2.3:o:linux:linux_kernel:2.6.27.6
  • Linux Kernel 2.6.27
    cpe:2.3:o:linux:linux_kernel:2.6.27
  • Linux Kernel 2.6.26.1
    cpe:2.3:o:linux:linux_kernel:2.6.26.1
  • Linux Kernel 2.6.26.3
    cpe:2.3:o:linux:linux_kernel:2.6.26.3
  • Linux Kernel 2.6.26.5
    cpe:2.3:o:linux:linux_kernel:2.6.26.5
  • Linux Kernel 2.6.26.2
    cpe:2.3:o:linux:linux_kernel:2.6.26.2
  • Linux Kernel 2.6.26 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.26:rc4
  • Linux Kernel 2.6.26.8
    cpe:2.3:o:linux:linux_kernel:2.6.26.8
  • Linux Kernel 2.6.26.7
    cpe:2.3:o:linux:linux_kernel:2.6.26.7
  • Linux Kernel 2.6.26.6
    cpe:2.3:o:linux:linux_kernel:2.6.26.6
  • Linux Kernel 2.6.26.4
    cpe:2.3:o:linux:linux_kernel:2.6.26.4
  • Linux Kernel 2.6.26
    cpe:2.3:o:linux:linux_kernel:2.6.26
  • Linux Kernel 2.6.25
    cpe:2.3:o:linux:linux_kernel:2.6.25
  • Linux Kernel 2.6.25.1
    cpe:2.3:o:linux:linux_kernel:2.6.25.1
  • Linux Kernel 2.6.25.10
    cpe:2.3:o:linux:linux_kernel:2.6.25.10
  • Linux Kernel 2.6.25.11
    cpe:2.3:o:linux:linux_kernel:2.6.25.11
  • Linux Kernel 2.6.25.12
    cpe:2.3:o:linux:linux_kernel:2.6.25.12
  • Linux Kernel 2.6.25.13
    cpe:2.3:o:linux:linux_kernel:2.6.25.13
  • Linux Kernel 2.6.25.14
    cpe:2.3:o:linux:linux_kernel:2.6.25.14
  • Linux Kernel 2.6.25.15
    cpe:2.3:o:linux:linux_kernel:2.6.25.15
  • Linux Kernel 2.6.25.16
    cpe:2.3:o:linux:linux_kernel:2.6.25.16
  • Linux Kernel 2.6.25.17
    cpe:2.3:o:linux:linux_kernel:2.6.25.17
  • Linux Kernel 2.6.25.18
    cpe:2.3:o:linux:linux_kernel:2.6.25.18
  • Linux Kernel 2.6.25.19
    cpe:2.3:o:linux:linux_kernel:2.6.25.19
  • Linux Kernel 2.6.25.2
    cpe:2.3:o:linux:linux_kernel:2.6.25.2
  • Linux Kernel 2.6.25.20
    cpe:2.3:o:linux:linux_kernel:2.6.25.20
  • Linux Kernel 2.6.25.3
    cpe:2.3:o:linux:linux_kernel:2.6.25.3
  • Linux Kernel 2.6.25.4
    cpe:2.3:o:linux:linux_kernel:2.6.25.4
  • Linux Kernel 2.6.25.5
    cpe:2.3:o:linux:linux_kernel:2.6.25.5
  • Linux Kernel 2.6.25.6
    cpe:2.3:o:linux:linux_kernel:2.6.25.6
  • Linux Kernel 2.6.25.7
    cpe:2.3:o:linux:linux_kernel:2.6.25.7
  • Linux Kernel 2.6.25.8
    cpe:2.3:o:linux:linux_kernel:2.6.25.8
  • Linux Kernel 2.6.25.9
    cpe:2.3:o:linux:linux_kernel:2.6.25.9
  • Linux Kernel 2.6.24
    cpe:2.3:o:linux:linux_kernel:2.6.24
  • Linux Kernel 2.6.24.1
    cpe:2.3:o:linux:linux_kernel:2.6.24.1
  • Linux Kernel 2.6.24.2
    cpe:2.3:o:linux:linux_kernel:2.6.24.2
  • Linux Kernel 2.6.24.3
    cpe:2.3:o:linux:linux_kernel:2.6.24.3
  • Linux Kernel 2.6.24.4
    cpe:2.3:o:linux:linux_kernel:2.6.24.4
  • Linux Kernel 2.6.24.5
    cpe:2.3:o:linux:linux_kernel:2.6.24.5
  • Linux Kernel 2.6.24.6
    cpe:2.3:o:linux:linux_kernel:2.6.24.6
  • Linux Kernel 2.6.24.7
    cpe:2.3:o:linux:linux_kernel:2.6.24.7
  • Linux Kernel 2.6.24 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.24:rc1
  • Linux Kernel 2.6.24 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.24:rc2
  • Linux Kernel 2.6.24 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.24:rc3
  • Linux Kernel 2.6.24 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.24:rc4
  • Linux Kernel 2.6.24 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.24:rc5
  • Linux Kernel 2.6.23.16
    cpe:2.3:o:linux:linux_kernel:2.6.23.15
  • Linux Kernel 2.6.23.17
    cpe:2.3:o:linux:linux_kernel:2.6.23.17
  • Linux Kernel 2.6.23.16
    cpe:2.3:o:linux:linux_kernel:2.6.23.16
  • Linux Kernel 2.6.23.11
    cpe:2.3:o:linux:linux_kernel:2.6.23.11
  • Linux Kernel 2.6.23.9
    cpe:2.3:o:linux:linux_kernel:2.6.23.9
  • Linux Kernel 2.6.23.13
    cpe:2.3:o:linux:linux_kernel:2.6.23.13
  • Linux Kernel 2.6.23.12
    cpe:2.3:o:linux:linux_kernel:2.6.23.12
  • Linux Kernel 2.6.23.8
    cpe:2.3:o:linux:linux_kernel:2.6.23.8
  • Linux Kernel 2.6.23 release candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.23:rc2
  • Linux Kernel 2.6.23 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.23:rc1
  • Linux Kernel 2.6.23
    cpe:2.3:o:linux:linux_kernel:2.6.23
  • Linux Kernel 2.6.23.10
    cpe:2.3:o:linux:linux_kernel:2.6.23.10
  • Linux Kernel 2.6.23.2
    cpe:2.3:o:linux:linux_kernel:2.6.23.2
  • Linux Kernel 2.6.23.1
    cpe:2.3:o:linux:linux_kernel:2.6.23.1
  • Linux Kernel 2.6.23.6
    cpe:2.3:o:linux:linux_kernel:2.6.23.6
  • Linux Kernel 2.6.23.5
    cpe:2.3:o:linux:linux_kernel:2.6.23.5
  • Linux Kernel 2.6.23.4
    cpe:2.3:o:linux:linux_kernel:2.6.23.4
  • Linux Kernel 2.6.23.3
    cpe:2.3:o:linux:linux_kernel:2.6.23.3
  • Linux Kernel 2.6.23.14
    cpe:2.3:o:linux:linux_kernel:2.6.23.14
  • Linux Kernel 2.6.23.7
    cpe:2.3:o:linux:linux_kernel:2.6.23.7
  • Linux Kernel 2.6.22
    cpe:2.3:o:linux:linux_kernel:2.6.22
  • Linux Kernel 2.6.22.1
    cpe:2.3:o:linux:linux_kernel:2.6.22.1
  • Linux Kernel 2.6.22.5
    cpe:2.3:o:linux:linux_kernel:2.6.22.5
  • Linux Kernel 2.6.22.4
    cpe:2.3:o:linux:linux_kernel:2.6.22.4
  • Linux Kernel 2.6.22.7
    cpe:2.3:o:linux:linux_kernel:2.6.22.7
  • Linux Kernel 2.6.22.6
    cpe:2.3:o:linux:linux_kernel:2.6.22.6
  • Linux Kernel 2.6.22.16
    cpe:2.3:o:linux:linux_kernel:2.6.22.16
  • Linux Kernel 2.6.22.3
    cpe:2.3:o:linux:linux_kernel:2.6.22.3
  • Linux Kernel 2.6.22.22
    cpe:2.3:o:linux:linux_kernel:2.6.22.22
  • Linux Kernel 2.6.22.21
    cpe:2.3:o:linux:linux_kernel:2.6.22.21
  • Linux Kernel 2.6.22.20
    cpe:2.3:o:linux:linux_kernel:2.6.22.20
  • Linux Kernel 2.6.22.19
    cpe:2.3:o:linux:linux_kernel:2.6.22.19
  • Linux Kernel 2.6.22.2
    cpe:2.3:o:linux:linux_kernel:2.6.22.2
  • Linux Kernel 2.6.22.8
    cpe:2.3:o:linux:linux_kernel:2.6.22.8
  • Linux Kernel 2.6.22.9
    cpe:2.3:o:linux:linux_kernel:2.6.22.9
  • Linux Kernel 2.6.22.14
    cpe:2.3:o:linux:linux_kernel:2.6.22.14
  • Linux Kernel 2.6.22.15
    cpe:2.3:o:linux:linux_kernel:2.6.22.15
  • Linux Kernel 2.6.22.17
    cpe:2.3:o:linux:linux_kernel:2.6.22.17
  • Linux Kernel 2.6.22.18
    cpe:2.3:o:linux:linux_kernel:2.6.22.18
  • Linux Kernel 2.6.22.10
    cpe:2.3:o:linux:linux_kernel:2.6.22.10
  • Linux Kernel 2.6.22.11
    cpe:2.3:o:linux:linux_kernel:2.6.22.11
  • Linux Kernel 2.6.22.12
    cpe:2.3:o:linux:linux_kernel:2.6.22.12
  • Linux Kernel 2.6.22.13
    cpe:2.3:o:linux:linux_kernel:2.6.22.13
  • Linux Kernel 2.6.21.4
    cpe:2.3:o:linux:linux_kernel:2.6.21.4
  • Linux Kernel 2.6.33
    cpe:2.3:o:linux:linux_kernel:2.6.33
  • Linux Kernel 2.6.33.2
    cpe:2.3:o:linux:linux_kernel:2.6.33.2
  • Linux Kernel 2.6.33.3
    cpe:2.3:o:linux:linux_kernel:2.6.33.3
  • Linux Kernel 2.6.33.4
    cpe:2.3:o:linux:linux_kernel:2.6.33.4
  • Linux Kernel 2.6.33.5
    cpe:2.3:o:linux:linux_kernel:2.6.33.5
  • Linux Kernel 2.6.33.6
    cpe:2.3:o:linux:linux_kernel:2.6.33.6
  • Linux Kernel 2.6.32.20
    cpe:2.3:o:linux:linux_kernel:2.6.32.20
  • Linux Kernel 2.6.32.19
    cpe:2.3:o:linux:linux_kernel:2.6.32.19
  • Linux Kernel 2.6.32.18
    cpe:2.3:o:linux:linux_kernel:2.6.32.18
  • Linux Kernel 2.6.32.17
    cpe:2.3:o:linux:linux_kernel:2.6.32.17
  • Linux Kernel 2.6.32.16
    cpe:2.3:o:linux:linux_kernel:2.6.32.16
  • Linux Kernel 2.6.32.15
    cpe:2.3:o:linux:linux_kernel:2.6.32.15
  • Linux Kernel 2.6.32.14
    cpe:2.3:o:linux:linux_kernel:2.6.32.14
  • Linux Kernel 2.6.32.13
    cpe:2.3:o:linux:linux_kernel:2.6.32.13
  • Linux Kernel 2.6.32.12
    cpe:2.3:o:linux:linux_kernel:2.6.32.12
  • Linux Kernel 2.6.32.11
    cpe:2.3:o:linux:linux_kernel:2.6.32.11
  • Linux Kernel 2.6.31.14
    cpe:2.3:o:linux:linux_kernel:2.6.31.14
  • Linux Kernel 2.6.31.13
    cpe:2.3:o:linux:linux_kernel:2.6.31.13
  • Linux Kernel 2.6.33.7
    cpe:2.3:o:linux:linux_kernel:2.6.33.7
  • Linux Kernel 2.6.34.7
    cpe:2.3:o:linux:linux_kernel:2.6.34.7
  • Linux Kernel 2.6.34.6
    cpe:2.3:o:linux:linux_kernel:2.6.34.6
  • Linux Kernel 2.6.34.5
    cpe:2.3:o:linux:linux_kernel:2.6.34.5
  • Linux Kernel 2.6.34.4
    cpe:2.3:o:linux:linux_kernel:2.6.34.4
  • Linux Kernel 2.6.34.3
    cpe:2.3:o:linux:linux_kernel:2.6.34.3
  • Linux Kernel 2.6.34.2
    cpe:2.3:o:linux:linux_kernel:2.6.34.2
  • Linux Kernel 2.6.34.1
    cpe:2.3:o:linux:linux_kernel:2.6.34.1
  • Linux Kernel 2.6.34
    cpe:2.3:o:linux:linux_kernel:2.6.34
  • Linux Kernel 2.6.35
    cpe:2.3:o:linux:linux_kernel:2.6.35
  • Linux Kernel 2.6.35.1
    cpe:2.3:o:linux:linux_kernel:2.6.35.1
  • Linux Kernel 2.6.35.2
    cpe:2.3:o:linux:linux_kernel:2.6.35.2
  • Linux Kernel 2.6.35.3
    cpe:2.3:o:linux:linux_kernel:2.6.35.3
  • Linux Kernel 2.6.35.4
    cpe:2.3:o:linux:linux_kernel:2.6.35.4
  • Linux Kernel 2.6.35.5
    cpe:2.3:o:linux:linux_kernel:2.6.35.5
  • Linux Kernel 2.6.35.6
    cpe:2.3:o:linux:linux_kernel:2.6.35.6
  • Linux Kernel 2.6.35.7
    cpe:2.3:o:linux:linux_kernel:2.6.35.7
  • Linux Kernel 2.6.35.8
    cpe:2.3:o:linux:linux_kernel:2.6.35.8
  • Linux Kernel 2.6.36
    cpe:2.3:o:linux:linux_kernel:2.6.36
  • Linux Kernel 2.6.36.1
    cpe:2.3:o:linux:linux_kernel:2.6.36.1
  • Linux Kernel 2.6.36.2
    cpe:2.3:o:linux:linux_kernel:2.6.36.2
  • Linux Kernel 2.6.21.1
    cpe:2.3:o:linux:linux_kernel:2.6.21.1
  • Linux Kernel 2.6.37 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:2.6.37:rc1
  • Linux Kernel 2.6.37 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:2.6.37:rc2
  • Linux Kernel 2.6.37 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:2.6.37:rc3
  • Linux Kernel 2.6.37 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:2.6.37:rc4
  • Linux Kernel 2.6.37 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:2.6.37:rc5
  • Linux Kernel 2.6.37 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:2.6.37:rc6
  • Linux Kernel 2.6.37 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:2.6.37:rc7
  • Linux Kernel 2.6.37 Release Candidate 8
    cpe:2.3:o:linux:linux_kernel:2.6.37:rc8
  • Linux Kernel 2.6.37
    cpe:2.3:o:linux:linux_kernel:2.6.37
CVSS
Base: 2.1 (as of 01-03-2011 - 10:00)
Impact:
Exploitability:
CWE CWE-264
CAPEC
  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
id EDB-ID:41770
last seen 2018-11-30
modified 2011-01-17
published 2011-01-17
reporter Exploit-DB
source https://www.exploit-db.com/download/41770
title Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation
nessus via4
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2013-0039.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79507
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79507
    title OracleVM 2.2 : kernel (OVMSA-2013-0039)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1530.NASL
    description Updated kernel packages that fix multiple security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the second regular update. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. (CVE-2011-3347, Moderate) * A flaw was found in the Linux kernel in the way splitting two extents in ext4_ext_convert_to_initialized() worked. A local, unprivileged user with access to mount and unmount ext4 file systems could use this flaw to cause a denial of service. (CVE-2011-3638, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service. (CVE-2011-4110, Moderate) Red Hat would like to thank Kees Cook for reporting CVE-2011-1020; Somnath Kotur for reporting CVE-2011-3347; and Zheng Liu for reporting CVE-2011-3638. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.2 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.2 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 57012
    published 2011-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57012
    title RHEL 6 : kernel (RHSA-2011:1530)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120110_KERNEL_ON_SL5_X.NASL
    description The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, Important) - The fix for CVE-2011-2482 provided by a previous update introduced a regression: on systems that do not have Security-Enhanced Linux (SELinux) in Enforcing mode, a socket lock race could occur between sctp_rcv() and sctp_accept(). A remote attacker could use this flaw to cause a denial of service. By default, SELinux runs in Enforcing mode on Scientific Linux 5. (CVE-2011-4348, Important) - The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) - A missing validation flaw was found in the Linux kernel's m_stop() implementation. A local, unprivileged user could use this flaw to trigger a denial of service. (CVE-2011-3637, Moderate) - A flaw was found in the Linux kernel's Journaling Block Device (JBD). A local attacker could use this flaw to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) - A flaw was found in the Linux kernel's encode_share_access() implementation. A local, unprivileged user could use this flaw to trigger a denial of service by creating a regular file on an NFSv4 (Network File System version 4) file system via mknod(). (CVE-2011-4324, Moderate) - A flaw was found in the Linux kernel's NFS implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4325, Moderate) - A missing boundary check was found in the Linux kernel's HFS file system implementation. A local attacker could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4330, Moderate) This update also fixes several bugs and adds one enhancement. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61215
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61215
    title Scientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0116.NASL
    description Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. (CVE-2011-3347, Moderate) * A missing validation flaw was found in the Linux kernel's m_stop() implementation. A local, unprivileged user could use this flaw to trigger a denial of service. (CVE-2011-3637, Moderate) * A flaw was found in the Linux kernel in the way splitting two extents in ext4_ext_convert_to_initialized() worked. A local, unprivileged user with the ability to mount and unmount ext4 file systems could use this flaw to cause a denial of service. (CVE-2011-3638, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service. (CVE-2011-4110, Moderate) Red Hat would like to thank Kees Cook for reporting CVE-2011-1020; Somnath Kotur for reporting CVE-2011-3347; and Zheng Liu for reporting CVE-2011-3638. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 64027
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64027
    title RHEL 6 : kernel (RHSA-2012:0116)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0007.NASL
    description Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, Important) * The fix for CVE-2011-2482 provided by RHSA-2011:1212 introduced a regression: on systems that do not have Security-Enhanced Linux (SELinux) in Enforcing mode, a socket lock race could occur between sctp_rcv() and sctp_accept(). A remote attacker could use this flaw to cause a denial of service. By default, SELinux runs in Enforcing mode on Red Hat Enterprise Linux 5. (CVE-2011-4348, Important) * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * A missing validation flaw was found in the Linux kernel's m_stop() implementation. A local, unprivileged user could use this flaw to trigger a denial of service. (CVE-2011-3637, Moderate) * A flaw was found in the Linux kernel's Journaling Block Device (JBD). A local attacker could use this flaw to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw was found in the Linux kernel's encode_share_access() implementation. A local, unprivileged user could use this flaw to trigger a denial of service by creating a regular file on an NFSv4 (Network File System version 4) file system via mknod(). (CVE-2011-4324, Moderate) * A flaw was found in the Linux kernel's NFS implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4325, Moderate) * A missing boundary check was found in the Linux kernel's HFS file system implementation. A local attacker could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4330, Moderate) Red Hat would like to thank Kees Cook for reporting CVE-2011-1020, and Clement Lecigne for reporting CVE-2011-4330. This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57485
    published 2012-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57485
    title CentOS 5 : kernel (CESA-2012:0007)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1205-1.NASL
    description It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1770) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could exploit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 56193
    published 2011-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56193
    title Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1205-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1202-1.NASL
    description Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3296, CVE-2010-3297) Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-3858) Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. (CVE-2010-3859) Dan Rosenberg discovered that the CAN protocol on 64bit systems did not correctly calculate the size of certain buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2010-3874) Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. (CVE-2010-3880) Dan Rosenberg discovered that IPC structures were not correctly initialized on 64bit systems. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4073) Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4075, CVE-2010-4076, CVE-2010-4077) Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080, CVE-2010-4081) Dan Rosenberg discovered that the VIA video driver did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4082) Dan Rosenberg discovered that the semctl syscall did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4083) James Bottomley discovered that the ICP vortex storage array controller driver did not validate certain sizes. A local attacker on a 64bit system could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-4157) Dan Rosenberg discovered that the Linux kernel L2TP implementation contained multiple integer signedness errors. A local attacker could exploit this to to crash the kernel, or possibly gain root privileges. (CVE-2010-4160) Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4162) Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2010-4163, CVE-2010-4668) Dave Jones discovered that the mprotect system call did not correctly handle merged VMAs. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4169) Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4175) Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. If the mmap_min-addr sysctl was changed from the Ubuntu default to a value of 0, a local attacker could exploit this flaw to gain root privileges. (CVE-2010-4242) Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. (CVE-2010-4243) It was discovered that multithreaded exec did not handle CPU timers correctly. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4248) It was discovered that named pipes did not correctly handle certain fcntl calls. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4256) Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit. (CVE-2010-4565) Dan Carpenter discovered that the Infiniband driver did not correctly handle certain requests. A local user could exploit this to crash the system or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044) Kees Cook discovered that some ethtool functions did not correctly clear heap memory. A local attacker with CAP_NET_ADMIN privileges could exploit this to read portions of kernel heap memory, leading to a loss of privacy. (CVE-2010-4655) Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. (CVE-2010-4656) Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. (CVE-2011-0463) Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. If the dvb-ttpci module was loaded, a local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-0521) Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2011-0695) Dan Rosenberg discovered that XFS did not correctly initialize memory. A local attacker could make crafted ioctl calls to leak portions of kernel stack memory, leading to a loss of privacy. (CVE-2011-0711) Rafael Dominguez Vega discovered that the caiaq Native Instruments USB driver did not correctly validate string lengths. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. (CVE-2011-0712) Kees Cook reported that /proc/pid/stat did not correctly filter certain memory locations. A local attacker could determine the memory layout of processes in an attempt to increase the chances of a successful memory corruption exploit. (CVE-2011-0726) Timo Warns discovered that MAC partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system or potentially gain root privileges. (CVE-2011-1010) Timo Warns discovered that LDM partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1012) Matthiew Herrb discovered that the drm modeset interface did not correctly handle a signed comparison. A local attacker could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1013) Marek Olsak discovered that the Radeon GPU drivers did not correctly validate certain registers. On systems with specific hardware, a local attacker could exploit this to write to arbitrary video memory. (CVE-2011-1016) Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. (CVE-2011-1017) Vasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not needed to load kernel modules. A local attacker with the CAP_NET_ADMIN capability could load existing kernel modules, possibly increasing the attack surface available on the system. (CVE-2011-1019) It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Nelson Elhage discovered that the epoll subsystem did not correctly handle certain structures. A local attacker could create malicious requests that would hang the system, leading to a denial of service. (CVE-2011-1082) Neil Horman discovered that NFSv4 did not correctly handle certain orders of operation with ACL data. A remote attacker with access to an NFSv4 mount could exploit this to crash the system, leading to a denial of service. (CVE-2011-1090) Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Timo Warns discovered that OSF partition parsing routines did not correctly clear memory. A local attacker with physical access could plug in a specially crafted block device to read kernel memory, leading to a loss of privacy. (CVE-2011-1163) Dan Rosenberg discovered that some ALSA drivers did not correctly check the adapter index during ioctl calls. If this driver was loaded, a local attacker could make a specially crafted ioctl call to gain root privileges. (CVE-2011-1169) Vasiliy Kulikov discovered that the netfilter code did not check certain strings copied from userspace. A local attacker with netfilter access could exploit this to read kernel memory or crash the system, leading to a denial of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534) Vasiliy Kulikov discovered that the Acorn Universal Networking driver did not correctly initialize memory. A remote attacker could send specially crafted traffic to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1173) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Julien Tinnes discovered that the kernel did not correctly validate the signal structure from tkill(). A local attacker could exploit this to send signals to arbitrary threads, possibly bypassing expected restrictions. (CVE-2011-1182) Ryan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Dan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. (CVE-2011-1494, CVE-2011-1495) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1593) Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. (CVE-2011-1598, CVE-2011-1748) Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-1745, CVE-2011-2022) Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service. (CVE-2011-1746) Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1770) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918)
    last seen 2019-02-21
    modified 2016-05-26
    plugin id 56190
    published 2011-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56190
    title USN-1202-1 : linux-ti-omap4 vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2303.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. - CVE-2011-1576 Ryan Sweat discovered an issue in the VLAN implementation. Local users may be able to cause a kernel memory leak, resulting in a denial of service. - CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (CPU time and memory). - CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. - CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. - CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths. - CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert. - CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. - CVE-2011-2517 It was discovered that the netlink-based wireless configuration interface performed insufficient length validation when parsing SSIDs, resulting in buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a denial of service. - CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message. - CVE-2011-2700 Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the driver for the Si4713 FM Radio Transmitter driver used by N900 devices. Local users could exploit this issue to cause a denial of service or potentially gain elevated privileges. - CVE-2011-2723 Brent Meshier reported an issue in the GRO (generic receive offload) implementation. This can be exploited by remote users to create a denial of service (system crash) in certain network device configurations. - CVE-2011-2905 Christian Ohm discovered that the 'perf' analysis tool searches for its config files in the current working directory. This could lead to denial of service or potential privilege escalation if a user with elevated privileges is tricked into running 'perf' in a directory under the control of the attacker. - CVE-2011-2909 Vasiliy Kulikov of Openwall discovered that a programming error in the Comedi driver could lead to the information disclosure through leaked stack memory. - CVE-2011-2918 Vince Weaver discovered that incorrect handling of software event overflows in the 'perf' analysis tool could lead to local denial of service. - CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. - CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session. - CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service. This update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768 (Debian bug #633738).
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 56130
    published 2011-09-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56130
    title Debian DSA-2303-2 : linux-2.6 - privilege escalation/denial of service/information leak
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-2037.NASL
    description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68425
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68425
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2037)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1211-1.NASL
    description It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) It was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2689) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918) A flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637) Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 56256
    published 2011-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56256
    title Ubuntu 11.04 : linux vulnerabilities (USN-1211-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1201-1.NASL
    description It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1770) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could exploit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) A flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637) Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 56189
    published 2011-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56189
    title Ubuntu 10.10 : linux vulnerabilities (USN-1201-1)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0013.NASL
    description a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 61747
    published 2012-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61747
    title VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1203-1.NASL
    description Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4076, CVE-2010-4077) Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805) It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. (CVE-2011-1585) It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767) It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768) Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182) Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183) Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. (CVE-2011-2213) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700) Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918) A flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637) Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914).
    last seen 2019-02-21
    modified 2016-05-19
    plugin id 56191
    published 2011-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56191
    title Ubuntu 10.04 LTS : linux-mvl-dove vulnerabilities (USN-1203-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1212-1.NASL
    description Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. (CVE-2011-0463) Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. (CVE-2011-1017) It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Vasiliy Kulikov discovered that the netfilter code did not check certain strings copied from userspace. A local attacker with netfilter access could exploit this to read kernel memory or crash the system, leading to a denial of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534) Vasiliy Kulikov discovered that the Acorn Universal Networking driver did not correctly initialize memory. A remote attacker could send specially crafted traffic to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1173) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Julien Tinnes discovered that the kernel did not correctly validate the signal structure from tkill(). A local attacker could exploit this to send signals to arbitrary threads, possibly bypassing expected restrictions. (CVE-2011-1182) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Dan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. (CVE-2011-1494, CVE-2011-1495) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581) Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1593) Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. (CVE-2011-1598, CVE-2011-1748) Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-1745, CVE-2011-2022) Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service. (CVE-2011-1746) Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1770) Ben Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Sami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493) It was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2689) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918)
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 56257
    published 2011-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56257
    title USN-1212-1 : linux-ti-omap4 vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1189-1.NASL
    description It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Dan Rosenberg discovered flaws in the linux Rose (X.25 PLP) layer used by amateur radio. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4913) Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 55922
    published 2011-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55922
    title Ubuntu 8.04 LTS : linux vulnerabilities (USN-1189-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2310.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-4067 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for Auerswald PBX/System Telephone USB devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device. - CVE-2011-0712 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq module, a USB driver for Native Instruments USB audio devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device. - CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary. - CVE-2011-2209 Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the alpha architecture. Local users could obtain access to sensitive kernel memory. - CVE-2011-2211 Dan Rosenberg discovered an issue in the osf_wait4() system call on the alpha architecture permitting local users to gain elevated privileges. - CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop. - CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (CPU time and memory). - CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call. - CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory. - CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths. - CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert. - CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation. - CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message. - CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted. - CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session. - CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service. This update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768 (Debian bug #633738).
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 56285
    published 2011-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56285
    title Debian DSA-2310-1 : linux-2.6 - privilege escalation/denial of service/information leak
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1218-1.NASL
    description Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4076, CVE-2010-4077) Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805) It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. (CVE-2011-1585) It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767) It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768) Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182) Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183) Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. (CVE-2011-2213) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could exploit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700) Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918) A flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637) Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 56343
    published 2011-09-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56343
    title Ubuntu 10.04 LTS : linux vulnerabilities (USN-1218-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20111206_SCIENTIFIC_LINUX_6_KERNEL_ON_SL6_X.NASL
    description The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) - Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. (CVE-2011-3347, Moderate) - A flaw was found in the Linux kernel in the way splitting two extents in ext4_ext_convert_to_initialized() worked. A local, unprivileged user with access to mount and unmount ext4 file systems could use this flaw to cause a denial of service. (CVE-2011-3638, Moderate) - A NULL pointer dereference flaw was found in the way the Linux kernel's key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service. (CVE-2011-4110, Moderate) This update also fixes several hundred bugs and adds enhancements. Refer to the upstream Release Notes for information on the most significant of these changes. All Scientific Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61185
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61185
    title Scientific Linux Security Update : Scientific Linux 6 kernel on SL6.x i386/x86_64
  • NASL family Misc.
    NASL id VMWARE_VMSA-2012-0013_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89038
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89038
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1216-1.NASL
    description Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4076, CVE-2010-4077) Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805) It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. (CVE-2011-1585) It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767) It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768) Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182) Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183) Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. (CVE-2011-2213) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could exploit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700) Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918) A flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637) Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 56305
    published 2011-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56305
    title Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1216-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1256-1.NASL
    description It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Ryan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478) It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573) Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1576) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581) It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. (CVE-2011-1585) It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767) It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768) Ben Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771) Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182) Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. (CVE-2011-2213) It was discovered that an mmap() call with the MAP_PRIVATE flag on '/dev/zero' was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2479) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could exploit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Sami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493) Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496) Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497) Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525) It was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2689) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700) Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918) Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service. (CVE-2011-2928) Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2942) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Darren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191) Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209) Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363) A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system. (CVE-2011-3619) A flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637) Scot Doyle discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-4087) A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326) Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 56768
    published 2011-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56768
    title Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1204-1.NASL
    description Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. (CVE-2010-3859) Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4075, CVE-2010-4076, CVE-2010-4077) Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4158) Dan Rosenberg discovered that the Linux kernel L2TP implementation contained multiple integer signedness errors. A local attacker could exploit this to to crash the kernel, or possibly gain root privileges. (CVE-2010-4160) Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4162) Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2010-4163, CVE-2010-4668) Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4175) Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. If the mmap_min-addr sysctl was changed from the Ubuntu default to a value of 0, a local attacker could exploit this flaw to gain root privileges. (CVE-2010-4242) Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. (CVE-2010-4243) Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805) It was discovered that the ICMP stack did not correctly handle certain unreachable messages. If a remote attacker were able to acquire a socket lock, they could send specially crafted traffic that would crash the system, leading to a denial of service. (CVE-2010-4526) Dan Carpenter discovered that the Infiniband driver did not correctly handle certain requests. A local user could exploit this to crash the system or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044) Kees Cook reported that /proc/pid/stat did not correctly filter certain memory locations. A local attacker could determine the memory layout of processes in an attempt to increase the chances of a successful memory corruption exploit. (CVE-2011-0726) Timo Warns discovered that MAC partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system or potentially gain root privileges. (CVE-2011-1010) Timo Warns discovered that LDM partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1012) Matthiew Herrb discovered that the drm modeset interface did not correctly handle a signed comparison. A local attacker could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1013) It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Nelson Elhage discovered that the epoll subsystem did not correctly handle certain structures. A local attacker could create malicious requests that would hang the system, leading to a denial of service. (CVE-2011-1082) Neil Horman discovered that NFSv4 did not correctly handle certain orders of operation with ACL data. A remote attacker with access to an NFSv4 mount could exploit this to crash the system, leading to a denial of service. (CVE-2011-1090) Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Timo Warns discovered that OSF partition parsing routines did not correctly clear memory. A local attacker with physical access could plug in a specially crafted block device to read kernel memory, leading to a loss of privacy. (CVE-2011-1163) Vasiliy Kulikov discovered that the netfilter code did not check certain strings copied from userspace. A local attacker with netfilter access could exploit this to read kernel memory or crash the system, leading to a denial of service. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534) Vasiliy Kulikov discovered that the Acorn Universal Networking driver did not correctly initialize memory. A remote attacker could send specially crafted traffic to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1173) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Ryan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. (CVE-2011-1598) Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1770) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918)
    last seen 2019-02-21
    modified 2016-01-14
    plugin id 56192
    published 2011-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56192
    title USN-1204-1 : linux-fsl-imx51 vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1208-1.NASL
    description Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4076, CVE-2010-4077) Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805) It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. (CVE-2011-1585) It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767) It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768) Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182) Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183) Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. (CVE-2011-2213) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700) Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918) A flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637) Ben Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914).
    last seen 2019-02-21
    modified 2016-05-19
    plugin id 56207
    published 2011-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56207
    title Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1208-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_KERNEL-110726.NASL
    description The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs and security issues. Following security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar. CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. CVE-2011-2022: The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. CVE-2011-1745: Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. CVE-2011-2493: A denial of service on mounting invalid ext4 filesystems was fixed. CVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. CVE-2011-2498: Also account PTE pages when calculating OOM scoring, which could have lead to a denial of service. CVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. CVE-2011-1479: A regression in inotify fix for a memory leak could lead to a double free corruption which could crash the system. CVE-2011-1927: A missing route validation issue in ip_expire() could be used by remote attackers to trigger a NULL ptr dereference, crashing parts of the kernel. CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. CVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75880
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75880
    title openSUSE Security Update : kernel (openSUSE-SU-2011:0860-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_KERNEL-110726.NASL
    description The openSUSE 11.3 kernel was updated to 2.6.34.10 to fix various bugs and security issues. Following security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar. CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. CVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. CVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. CVE-2011-1479: A regression in inotify fix for a memory leak could lead to a double free corruption which could crash the system. CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. CVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. CVE-2011-1585: When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. CVE-2011-1160: Kernel information via the TPM devices could by used by local attackers to read kernel memory. CVE-2011-1577: The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code. CVE-2011-1180: In the IrDA module, length fields provided by a peer for names and attributes may be longer than the destination array sizes and were not checked, this allowed local attackers (close to the irda port) to potentially corrupt memory. CVE-2011-1016: The Radeon GPU drivers in the Linux kernel did not properly validate data related to the AA resolve registers, which allowed local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. CVE-2011-1013: A signedness issue in the drm ioctl handling could be used by local attackers to potentially overflow kernel buffers and execute code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75555
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75555
    title openSUSE Security Update : kernel (openSUSE-SU-2011:0861-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-110718.NASL
    description The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.43 and fixes various bugs and security issues. The following security issues were fixed : - The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow. However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition. (CVE-2011-2496) - A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance. (CVE-2011-2491) - Fixed a race between ksmd and other memory management code, which could result in a NULL ptr dereference and kernel crash. (CVE-2011-2183) - In both trigger_scan and sched_scan operations, we were checking for the SSID length before assigning the value correctly. Since the memory was just kzalloced, the check was always failing and SSID with over 32 characters were allowed to go through. This required CAP_NET_ADMIN privileges to be exploited. (CVE-2011-2517) - A malicious user or buggy application could inject diagnosing byte code and trigger an infinite loop in inet_diag_bc_audit(). (CVE-2011-2213) - The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions. (CVE-2011-1017 / CVE-2011-1012 / CVE-2011-2182) - Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. (CVE-2011-1593) - The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. (CVE-2011-1020) - When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users. (CVE-2011-1585) - Kernel information via the TPM devices could by used by local attackers to read kernel memory. (CVE-2011-1160) - The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code. (CVE-2011-1577) - In a bluetooth ioctl, struct sco_conninfo has one padding byte in the end. Local variable cinfo of type sco_conninfo was copied to userspace with this uninizialized one byte, leading to an old stack contents leak. (CVE-2011-1078) - In a bluetooth ioctl, struct ca is copied from userspace. It was not checked whether the 'device' field was NULL terminated. This potentially leads to BUG() inside of alloc_netdev_mqs() and/or information leak by creating a device with a name made of contents of kernel stack. (CVE-2011-1079) - In ebtables rule loading, struct tmp is copied from userspace. It was not checked whether the 'name' field is NULL terminated. This may have lead to buffer overflow and passing contents of kernel stack as a module name to try_then_request_module() and, consequently, to modprobe commandline. It would be seen by all userspace processes. (CVE-2011-1080) - The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel on the x86_64 platform allowed remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet. (CVE-2011-1173) - net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel did not place the expected '0' character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. (CVE-2011-1170) - net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel did not place the expected '0' character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. (CVE-2011-1171) - net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel did not place the expected '0' character at the end of string data in the values of certain structure members, which allowed local users to obtain potentially sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability to issue a crafted request, and then reading the argument to the resulting modprobe process. (CVE-2011-1172) - Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before allowed local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. (CVE-2011-1746) - Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745) - The bcm_release function in net/can/bcm.c in the Linux kernel did not properly validate a socket data structure, which allowed local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. (CVE-2011-1598) - The raw_release function in net/can/raw.c in the Linux kernel did not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. (CVE-2011-1748)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 55686
    published 2011-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55686
    title SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4884 / 4888 / 4889)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1253.NASL
    description Updated kernel-rt packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise MRG 2.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Security fixes : * A flaw in the SCTP and DCCP implementations could allow a remote attacker to cause a denial of service. (CVE-2010-4526, CVE-2011-1770, Important) * Flaws in the Management Module Support for Message Passing Technology (MPT) based controllers could allow a local, unprivileged user to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important) * Flaws in the AGPGART driver, and a flaw in agp_allocate_memory(), could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, Important) * A flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important) * A flaw in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges. (CVE-2011-2497, Important) * Flaws in the netlink-based wireless configuration interface could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important) * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * A local, unprivileged user could allocate large amounts of memory not visible to the OOM killer, causing a denial of service. (CVE-2010-4243, Moderate) * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * A local, privileged user could possibly write arbitrary kernel memory via /sys/kernel/debug/acpi/custom_method. (CVE-2011-1021, Moderate) * Inconsistency in the methods for allocating and freeing NFSv4 ACL data; CVE-2010-4250 fix caused a regression; a flaw in next_pidmap() and inet_diag_bc_audit(); flaws in the CAN implementation; a race condition in the memory merging support; a flaw in the taskstats subsystem; and the way mapping expansions were handled could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1090, CVE-2011-1479, CVE-2011-1593, CVE-2011-2213, CVE-2011-1598, CVE-2011-1748, CVE-2011-2183, CVE-2011-2484, CVE-2011-2496, Moderate) * A flaw in GRO could result in a denial of service when a malformed VLAN frame is received. (CVE-2011-1478, Moderate) * napi_reuse_skb() could be called on VLAN packets allowing an attacker on the local network to possibly trigger a denial of service. (CVE-2011-1576, Moderate) * A denial of service could occur if packets were received while the ipip or ip_gre module was being loaded. (CVE-2011-1767, CVE-2011-1768, Moderate) * Information leaks. (CVE-2011-1160, CVE-2011-2492, CVE-2011-2495, Low) * Flaws in the EFI GUID Partition Table implementation could allow a local attacker to cause a denial of service. (CVE-2011-1577, CVE-2011-1776, Low) * While a user has a CIFS share mounted that required successful authentication, a local, unprivileged user could mount that share without knowing the correct password if mount.cifs was setuid root. (CVE-2011-1585, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770, CVE-2011-1494, CVE-2011-1495, CVE-2011-2497, and CVE-2011-2213; Vasiliy Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, CVE-2011-2484, and CVE-2011-2495; Vasily Averin for reporting CVE-2011-2491; Brad Spengler for reporting CVE-2010-4243; Kees Cook for reporting CVE-2011-1020; Robert Swiecki for reporting CVE-2011-1593 and CVE-2011-2496; Oliver Hartkopp for reporting CVE-2011-1748; Andrea Righi for reporting CVE-2011-2183; Ryan Sweat for reporting CVE-2011-1478 and CVE-2011-1576; Peter Huewe for reporting CVE-2011-1160; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Timo Warns for reporting CVE-2011-1577 and CVE-2011-1776.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 76634
    published 2014-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76634
    title RHEL 6 : MRG (RHSA-2011:1253)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0007.NASL
    description From Red Hat Security Advisory 2012:0007 : Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, Important) * The fix for CVE-2011-2482 provided by RHSA-2011:1212 introduced a regression: on systems that do not have Security-Enhanced Linux (SELinux) in Enforcing mode, a socket lock race could occur between sctp_rcv() and sctp_accept(). A remote attacker could use this flaw to cause a denial of service. By default, SELinux runs in Enforcing mode on Red Hat Enterprise Linux 5. (CVE-2011-4348, Important) * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * A missing validation flaw was found in the Linux kernel's m_stop() implementation. A local, unprivileged user could use this flaw to trigger a denial of service. (CVE-2011-3637, Moderate) * A flaw was found in the Linux kernel's Journaling Block Device (JBD). A local attacker could use this flaw to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw was found in the Linux kernel's encode_share_access() implementation. A local, unprivileged user could use this flaw to trigger a denial of service by creating a regular file on an NFSv4 (Network File System version 4) file system via mknod(). (CVE-2011-4324, Moderate) * A flaw was found in the Linux kernel's NFS implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4325, Moderate) * A missing boundary check was found in the Linux kernel's HFS file system implementation. A local attacker could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4330, Moderate) Red Hat would like to thank Kees Cook for reporting CVE-2011-1020, and Clement Lecigne for reporting CVE-2011-4330. This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68427
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68427
    title Oracle Linux 5 : kernel (ELSA-2012-0007)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0007.NASL
    description Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, Important) * The fix for CVE-2011-2482 provided by RHSA-2011:1212 introduced a regression: on systems that do not have Security-Enhanced Linux (SELinux) in Enforcing mode, a socket lock race could occur between sctp_rcv() and sctp_accept(). A remote attacker could use this flaw to cause a denial of service. By default, SELinux runs in Enforcing mode on Red Hat Enterprise Linux 5. (CVE-2011-4348, Important) * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * A missing validation flaw was found in the Linux kernel's m_stop() implementation. A local, unprivileged user could use this flaw to trigger a denial of service. (CVE-2011-3637, Moderate) * A flaw was found in the Linux kernel's Journaling Block Device (JBD). A local attacker could use this flaw to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw was found in the Linux kernel's encode_share_access() implementation. A local, unprivileged user could use this flaw to trigger a denial of service by creating a regular file on an NFSv4 (Network File System version 4) file system via mknod(). (CVE-2011-4324, Moderate) * A flaw was found in the Linux kernel's NFS implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4325, Moderate) * A missing boundary check was found in the Linux kernel's HFS file system implementation. A local attacker could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4330, Moderate) Red Hat would like to thank Kees Cook for reporting CVE-2011-1020, and Clement Lecigne for reporting CVE-2011-4330. This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 57481
    published 2012-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57481
    title RHEL 5 : kernel (RHSA-2012:0007)
packetstorm via4
redhat via4
rpms
  • kernel-0:2.6.32-220.el6
  • kernel-bootwrapper-0:2.6.32-220.el6
  • kernel-debug-0:2.6.32-220.el6
  • kernel-debug-devel-0:2.6.32-220.el6
  • kernel-devel-0:2.6.32-220.el6
  • kernel-doc-0:2.6.32-220.el6
  • kernel-firmware-0:2.6.32-220.el6
  • kernel-headers-0:2.6.32-220.el6
  • kernel-kdump-0:2.6.32-220.el6
  • kernel-kdump-devel-0:2.6.32-220.el6
  • perf-0:2.6.32-220.el6
  • python-perf-0:2.6.32-220.el6
  • kernel-0:2.6.18-274.17.1.el5
  • kernel-PAE-0:2.6.18-274.17.1.el5
  • kernel-PAE-devel-0:2.6.18-274.17.1.el5
  • kernel-debug-0:2.6.18-274.17.1.el5
  • kernel-debug-devel-0:2.6.18-274.17.1.el5
  • kernel-devel-0:2.6.18-274.17.1.el5
  • kernel-doc-0:2.6.18-274.17.1.el5
  • kernel-headers-0:2.6.18-274.17.1.el5
  • kernel-kdump-0:2.6.18-274.17.1.el5
  • kernel-kdump-devel-0:2.6.18-274.17.1.el5
  • kernel-xen-0:2.6.18-274.17.1.el5
  • kernel-xen-devel-0:2.6.18-274.17.1.el5
refmap via4
bid 46567
fulldisc 20110122 Proc filesystem and SUID-Binaries
misc http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/
mlist
  • [linux-kernel] 20110207 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec
  • [linux-kernel] 20110207 [SECURITY] /proc/$pid/ leaks contents across setuid exec
  • [linux-kernel] 20110208 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec
  • [linux-kernel] 20110209 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec
  • [oss-security] 20110224 CVE request: kernel: /proc/$pid/ leaks contents across setuid exec
  • [oss-security] 20110225 Re: CVE request: kernel: /proc/$pid/ leaks contents across setuid exec
secunia 43496
sreason 8107
xf kernel-procpid-security-bypass(65693)
vmware via4
description The ESX service console kernel is updated to resolve multiple security issues
id VMSA-2012-0013
last_updated 2012-12-20T00:00:00
published 2012-08-30T00:00:00
title Update to ESX service console kernel
Last major update 19-03-2012 - 00:00
Published 28-02-2011 - 11:00
Last modified 16-08-2017 - 21:33
Back to Top