[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2011:0007-01 -- Redhat kernel and perf

ID: oval:org.secpod.oval:def:500112Date: (C)2012-01-31   (M)2024-01-02
Class: PATCHFamily: unix




* Buffer overflow in eCryptfs. When /dev/ecryptfs has world writable permissions , a local, unprivileged user could use this flaw to cause a denial of service or possibly escalate their privileges. * Integer overflow in the RDS protocol implementation could allow a local, unprivileged user to cause a denial of service or escalate their privileges. * Missing boundary checks in the PPP over L2TP sockets implementation could allow a local, unprivileged user to cause a denial of service or escalate their privileges. * NULL pointer dereference in the igb driver. If both Single Root I/O Virtualization and promiscuous mode were enabled on an interface using igb, it could result in a denial of service when a tagged VLAN packet is received on that interface. * Missing initialization flaw in the XFS file system implementation, and in the network traffic policing implementation, could allow a local, unprivileged user to cause an information leak. * NULL pointer dereference in the Open Sound System compatible sequencer driver could allow a local, unprivileged user with access to /dev/sequencer to cause a denial of service. /dev/sequencer is only accessible to root and users in the audio group by default. * Flaw in the ethtool IOCTL handler could allow a local user to cause an information leak. * Flaw in bcm_connect in the Controller Area Network Broadcast Manager. On 64-bit systems, writing the socket address may overflow the procname character array. * Flaw in the module for monitoring the sockets of INET transport protocols could allow a local, unprivileged user to cause a denial of service. * Missing boundary checks in the block layer implementation could allow a local, unprivileged user to cause a denial of service. * NULL pointer dereference in the Bluetooth HCI UART driver could allow a local, unprivileged user to cause a denial of service. * Flaw in the Linux kernel CPU time clocks implementation for the POSIX clock interface could allow a local, unprivileged user to cause a denial of service. * Flaw in the garbage collector for AF_UNIX sockets could allow a local, unprivileged user to trigger a denial of service. * Missing upper bound integer check in the AIO implementation could allow a local, unprivileged user to cause an information leak. * Missing initialization flaws could lead to information leaks. * Missing initialization flaw in KVM could allow a privileged host user with access to /dev/kvm to cause an information leak. Red Hat would like to thank Andre Osterhues for reporting CVE-2010-2492; Thomas Pollet for reporting CVE-2010-3865; Dan Rosenberg for reporting CVE-2010-4160, CVE-2010-3078, CVE-2010-3874, CVE-2010-4162, CVE-2010-4163, CVE-2010-3298, CVE-2010-4073, CVE-2010-4074, CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, and CVE-2010-4158; Kosuke Tatsukawa for reporting CVE-2010-4263; Tavis Ormandy for reporting CVE-2010-3080 and CVE-2010-3067; Kees Cook for reporting CVE-2010-3861 and CVE-2010-4072; Nelson Elhage for reporting CVE-2010-3880; Alan Cox for reporting CVE-2010-4242; Vegard Nossum for reporting CVE-2010-4249; Vasiliy Kulikov for reporting CVE-2010-3876; and Stephan Mueller of atsec information security for reporting CVE-2010-4525.

Platform:
Red Hat Enterprise Linux 6
Product:
kernel
perf
Reference:
RHSA-2011:0007-01
CVE-2010-2492
CVE-2010-3067
CVE-2010-3078
CVE-2010-3080
CVE-2010-3298
CVE-2010-3477
CVE-2010-3861
CVE-2010-3865
CVE-2010-3874
CVE-2010-3876
CVE-2010-3880
CVE-2010-4072
CVE-2010-4073
CVE-2010-4074
CVE-2010-4075
CVE-2010-4077
CVE-2010-4079
CVE-2010-4080
CVE-2010-4081
CVE-2010-4082
CVE-2010-4083
CVE-2010-4158
CVE-2010-4160
CVE-2010-4162
CVE-2010-4163
CVE-2010-4242
CVE-2010-4248
CVE-2010-4249
CVE-2010-4263
CVE-2010-4525
CVE-2010-4668
CVE    31
CVE-2010-4525
CVE-2010-4263
CVE-2010-4077
CVE-2010-2492
...
CPE    484
cpe:/o:linux:linux_kernel:2.6.33:rc7
cpe:/o:linux:linux_kernel:2.6.33:rc4
cpe:/o:linux:linux_kernel:2.6.33:rc3
cpe:/o:linux:linux_kernel:2.6.33:rc6
...

© SecPod Technologies