Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.71918
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:1253
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2011:1253.

Security fixes:

* A flaw in the SCTP and DCCP implementations could allow a remote attacker
to cause a denial of service. (CVE-2010-4526, CVE-2011-1770, Important)

* Flaws in the Management Module Support for Message Passing Technology
(MPT) based controllers could allow a local, unprivileged user to cause a
denial of service, an information leak, or escalate their privileges.
(CVE-2011-1494, CVE-2011-1495, Important)

* Flaws in the AGPGART driver, and a flaw in agp_allocate_memory(), could
allow a local user to cause a denial of service or escalate their
privileges. (CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, Important)

* A flaw in the client-side NLM implementation could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-2491, Important)

* A flaw in the Bluetooth implementation could allow a remote attacker to
cause a denial of service or escalate their privileges. (CVE-2011-2497,
Important)

* Flaws in the netlink-based wireless configuration interface could allow a
local user, who has the CAP_NET_ADMIN capability, to cause a denial of
service or escalate their privileges on systems that have an active
wireless interface. (CVE-2011-2517, Important)

* The maximum file offset handling for ext4 file systems could allow a
local, unprivileged user to cause a denial of service. (CVE-2011-2695,
Important)

* A local, unprivileged user could allocate large amounts of memory not
visible to the OOM killer, causing a denial of service. (CVE-2010-4243,
Moderate)

* The proc file system could allow a local, unprivileged user to obtain
sensitive information or possibly cause integrity issues. (CVE-2011-1020,
Moderate)

* A local, privileged user could possibly write arbitrary kernel memory via
/sys/kernel/debug/acpi/custom_method. (CVE-2011-1021, Moderate)

* Inconsistency in the methods for allocating and freeing NFSv4 ACL data

CVE-2010-4250 fix caused a regression
a flaw in next_pidmap() and
inet_diag_bc_audit()
flaws in the CAN implementation
a race condition in
the memory merging support
a flaw in the taskstats subsystem
and the way
mapping expansions were handled could allow a local, unprivileged user to
cause a denial of service. (CVE-2011-1090, CVE-2011-1479, CVE-2011-1593,
CVE-2011-2213, CVE-2011-1598, CVE-2011-1748, CVE-2011-2183, CVE-2011-2484,
CVE-2011-2496, Moderate)

* A flaw in GRO could result in a denial of service when a malformed VLAN
frame is received. (CVE-2011-1478, Moderate)

* napi_reuse_skb() could be called on VLAN packets allowing an attacker on
the local network to possibly trigger a denial of service. (CVE-2011-1576,
Moderate)

* A denial of service could occur if packets were received while the ipip
or ip_gre module was being loaded. (CVE-2011-1767, CVE-2011-1768, Moderate)

* Information leaks. (CVE-2011-1160, CVE-2011-2492, CVE-2011-2495, Low)

* Flaws in the EFI GUID Partition Table implementation could allow a local
attacker to cause a denial of service. (CVE-2011-1577, CVE-2011-1776, Low)

* While a user has a CIFS share mounted that required successful
authentication, a local, unprivileged user could mount that share without
knowing the correct password if mount.cifs was setuid root. (CVE-2011-1585,
Low)

Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770,
CVE-2011-1494, CVE-2011-1495, CVE-2011-2497, and CVE-2011-2213
Vasiliy
Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022,
CVE-2011-1746, CVE-2011-2484, and CVE-2011-2495
Vasily Averin for
reporting CVE-2011-2491
Brad Spengler for reporting CVE-2010-4243
Kees
Cook for reporting CVE-2011-1020
Robert Swiecki for reporting
CVE-2011-1593 and CVE-2011-2496
Oliver Hartkopp for reporting
CVE-2011-1748
Andrea Righi for reporting CVE-2011-2183
Ryan Sweat for
reporting CVE-2011-1478 and CVE-2011-1576
Peter Huewe for reporting
CVE-2011-1160
Marek Kroemeke and Filip Palian for reporting CVE-2011-2492

and Timo Warns for reporting CVE-2011-1577 and CVE-2011-1776.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-1253.html

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-4243
BugTraq ID: 45004
http://www.securityfocus.com/bid/45004
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.exploit-db.com/exploits/15619
http://grsecurity.net/~spender/64bit_dos.c
http://lkml.org/lkml/2010/8/27/429
http://lkml.org/lkml/2010/8/29/206
http://lkml.org/lkml/2010/8/30/138
http://lkml.org/lkml/2010/8/30/378
http://linux.derkeiler.com/Mailing-Lists/Kernel/2010-11/msg13278.html
http://openwall.com/lists/oss-security/2010/11/22/6
http://openwall.com/lists/oss-security/2010/11/22/15
http://www.redhat.com/support/errata/RHSA-2011-0017.html
http://secunia.com/advisories/42884
http://secunia.com/advisories/46397
XForce ISS Database: linux-kernel-execve-dos(64700)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64700
Common Vulnerability Exposure (CVE) ID: CVE-2010-4526
BugTraq ID: 45661
http://www.securityfocus.com/bid/45661
http://www.openwall.com/lists/oss-security/2011/01/04/3
http://www.openwall.com/lists/oss-security/2011/01/04/13
http://www.redhat.com/support/errata/RHSA-2011-0163.html
http://secunia.com/advisories/42964
http://www.vupen.com/english/advisories/2011/0169
XForce ISS Database: kernel-icmp-message-dos(64616)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64616
Common Vulnerability Exposure (CVE) ID: CVE-2011-1020
BugTraq ID: 46567
http://www.securityfocus.com/bid/46567
http://seclists.org/fulldisclosure/2011/Jan/421
http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/
https://lkml.org/lkml/2011/2/7/414
https://lkml.org/lkml/2011/2/7/474
https://lkml.org/lkml/2011/2/7/368
https://lkml.org/lkml/2011/2/7/404
https://lkml.org/lkml/2011/2/7/466
https://lkml.org/lkml/2011/2/10/21
https://lkml.org/lkml/2011/2/9/417
http://openwall.com/lists/oss-security/2011/02/24/18
http://openwall.com/lists/oss-security/2011/02/25/2
http://secunia.com/advisories/43496
http://securityreason.com/securityalert/8107
XForce ISS Database: kernel-procpid-security-bypass(65693)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65693
Common Vulnerability Exposure (CVE) ID: CVE-2011-1021
http://www.openwall.com/lists/oss-security/2011/02/25/5
Common Vulnerability Exposure (CVE) ID: CVE-2011-1090
http://openwall.com/lists/oss-security/2011/03/07/2
http://openwall.com/lists/oss-security/2011/03/07/12
http://securitytracker.com/id?1025336
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1160
http://www.openwall.com/lists/oss-security/2011/03/15/13
Common Vulnerability Exposure (CVE) ID: CVE-2011-1478
http://openwall.com/lists/oss-security/2011/03/28/1
http://securityreason.com/securityalert/8480
Common Vulnerability Exposure (CVE) ID: CVE-2011-1479
http://www.openwall.com/lists/oss-security/2011/04/11/1
Common Vulnerability Exposure (CVE) ID: CVE-2011-1494
BugTraq ID: 47185
http://www.securityfocus.com/bid/47185
http://lkml.org/lkml/2011/4/5/327
http://openwall.com/lists/oss-security/2011/04/05/32
http://openwall.com/lists/oss-security/2011/04/06/2
RedHat Security Advisories: RHSA-2011:0833
http://rhn.redhat.com/errata/RHSA-2011-0833.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1495
Common Vulnerability Exposure (CVE) ID: CVE-2011-1576
BugTraq ID: 48907
http://www.securityfocus.com/bid/48907
RedHat Security Advisories: RHSA-2011:0927
http://rhn.redhat.com/errata/RHSA-2011-0927.html
http://www.redhat.com/support/errata/RHSA-2011-1090.html
http://www.redhat.com/support/errata/RHSA-2011-1106.html
http://www.securitytracker.com/id?1025853
Common Vulnerability Exposure (CVE) ID: CVE-2011-1577
BugTraq ID: 47343
http://www.securityfocus.com/bid/47343
Bugtraq: 20110413 [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel (Google Search)
http://www.securityfocus.com/archive/1/517477/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html
http://www.spinics.net/lists/mm-commits/msg83274.html
http://openwall.com/lists/oss-security/2011/04/12/17
http://openwall.com/lists/oss-security/2011/04/13/1
http://securitytracker.com/id?1025355
http://securityreason.com/securityalert/8238
XForce ISS Database: kernel-guid-dos(66773)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66773
Common Vulnerability Exposure (CVE) ID: CVE-2011-1585
http://www.openwall.com/lists/oss-security/2011/04/15/8
Common Vulnerability Exposure (CVE) ID: CVE-2011-1593
BugTraq ID: 47497
http://www.securityfocus.com/bid/47497
http://groups.google.com/group/fa.linux.kernel/msg/4a28ecb7f755a88d?dmode=source
http://openwall.com/lists/oss-security/2011/04/19/1
http://openwall.com/lists/oss-security/2011/04/20/1
http://securitytracker.com/id?1025420
http://secunia.com/advisories/44164
http://www.ubuntu.com/usn/USN-1146-1
XForce ISS Database: kernel-nextpidmap-dos(66876)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66876
Common Vulnerability Exposure (CVE) ID: CVE-2011-1598
BugTraq ID: 47503
http://www.securityfocus.com/bid/47503
http://permalink.gmane.org/gmane.linux.network/192898
http://openwall.com/lists/oss-security/2011/04/20/2
http://openwall.com/lists/oss-security/2011/04/20/6
http://openwall.com/lists/oss-security/2011/04/20/7
http://openwall.com/lists/oss-security/2011/04/21/1
http://openwall.com/lists/oss-security/2011/04/21/2
http://openwall.com/lists/oss-security/2011/04/21/7
http://openwall.com/lists/oss-security/2011/04/22/2
http://openwall.com/lists/oss-security/2011/04/25/4
Common Vulnerability Exposure (CVE) ID: CVE-2011-1745
BugTraq ID: 47534
http://www.securityfocus.com/bid/47534
https://lkml.org/lkml/2011/4/14/293
http://openwall.com/lists/oss-security/2011/04/21/4
http://openwall.com/lists/oss-security/2011/04/22/7
Common Vulnerability Exposure (CVE) ID: CVE-2011-1746
BugTraq ID: 47535
http://www.securityfocus.com/bid/47535
https://lkml.org/lkml/2011/4/14/294
https://lkml.org/lkml/2011/4/19/400
Common Vulnerability Exposure (CVE) ID: CVE-2011-1748
BugTraq ID: 47835
http://www.securityfocus.com/bid/47835
http://permalink.gmane.org/gmane.linux.network/192974
Common Vulnerability Exposure (CVE) ID: CVE-2011-1767
http://www.openwall.com/lists/oss-security/2011/05/05/6
Common Vulnerability Exposure (CVE) ID: CVE-2011-1768
Common Vulnerability Exposure (CVE) ID: CVE-2011-1770
BugTraq ID: 47769
http://www.securityfocus.com/bid/47769
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061366.html
http://marc.info/?l=linux-kernel&m=130469305815140&w=2
http://marc.info/?l=linux-kernel&m=130468845209036&w=2
http://www.securitytracker.com/id?1025592
http://secunia.com/advisories/44932
http://securityreason.com/securityalert/8286
Common Vulnerability Exposure (CVE) ID: CVE-2011-1776
BugTraq ID: 47796
http://www.securityfocus.com/bid/47796
http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt
http://openwall.com/lists/oss-security/2011/05/10/4
http://securityreason.com/securityalert/8369
Common Vulnerability Exposure (CVE) ID: CVE-2011-2022
BugTraq ID: 47843
http://www.securityfocus.com/bid/47843
Common Vulnerability Exposure (CVE) ID: CVE-2011-2183
http://www.openwall.com/lists/oss-security/2011/06/06/1
Common Vulnerability Exposure (CVE) ID: CVE-2011-2213
HPdes Security Advisory: HPSBGN02970
http://marc.info/?l=bugtraq&m=139447903326211&w=2
http://article.gmane.org/gmane.linux.network/197208
http://article.gmane.org/gmane.linux.network/197206
http://article.gmane.org/gmane.linux.network/197386
http://article.gmane.org/gmane.linux.network/198809
http://www.openwall.com/lists/oss-security/2011/06/20/1
http://www.openwall.com/lists/oss-security/2011/06/20/13
http://www.openwall.com/lists/oss-security/2011/06/20/16
Common Vulnerability Exposure (CVE) ID: CVE-2011-2484
BugTraq ID: 48383
http://www.securityfocus.com/bid/48383
https://bugzilla.redhat.com/show_bug.cgi?id=715436
http://lists.openwall.net/linux-kernel/2011/06/16/605
http://openwall.com/lists/oss-security/2011/06/22/1
http://openwall.com/lists/oss-security/2011/06/22/2
XForce ISS Database: kernel-taskstats-dos(68150)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68150
Common Vulnerability Exposure (CVE) ID: CVE-2011-2491
http://www.openwall.com/lists/oss-security/2011/06/23/6
RedHat Security Advisories: RHSA-2011:1212
http://rhn.redhat.com/errata/RHSA-2011-1212.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2492
http://permalink.gmane.org/gmane.linux.bluez.kernel/12909
http://www.openwall.com/lists/oss-security/2011/06/24/2
http://www.openwall.com/lists/oss-security/2011/06/24/3
http://securitytracker.com/id?1025778
Common Vulnerability Exposure (CVE) ID: CVE-2011-2495
http://www.openwall.com/lists/oss-security/2011/06/27/1
Common Vulnerability Exposure (CVE) ID: CVE-2011-2496
http://www.openwall.com/lists/oss-security/2011/06/27/2
Common Vulnerability Exposure (CVE) ID: CVE-2011-2497
BugTraq ID: 48472
http://www.securityfocus.com/bid/48472
http://marc.info/?l=linux-kernel&m=130891911909436&w=2
http://www.openwall.com/lists/oss-security/2011/06/24/9
http://www.openwall.com/lists/oss-security/2011/06/27/3
http://www.osvdb.org/74679
http://securityreason.com/securityalert/8359
Common Vulnerability Exposure (CVE) ID: CVE-2011-2517
http://www.openwall.com/lists/oss-security/2011/07/01/4
Common Vulnerability Exposure (CVE) ID: CVE-2011-2695
http://www.spinics.net/lists/linux-ext4/msg25697.html
http://www.openwall.com/lists/oss-security/2011/07/15/7
http://www.openwall.com/lists/oss-security/2011/07/15/8
http://secunia.com/advisories/45193
Common Vulnerability Exposure (CVE) ID: CVE-2010-4250
http://www.openwall.com/lists/oss-security/2010/11/24/11
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.