Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.870396
Kategorie:Red Hat Local Security Checks
Titel:RedHat Update for Red Hat Enterprise Linux 4.9 kernel RHSA-2011:0263-01
Zusammenfassung:The remote host is missing an update for the 'Red Hat Enterprise Linux 4.9 kernel'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'Red Hat Enterprise Linux 4.9 kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A buffer overflow flaw was found in the load_mixer_volumes() function in
the Linux kernel's Open Sound System (OSS) sound driver. On 64-bit PowerPC
systems, a local, unprivileged user could use this flaw to cause a denial
of service or escalate their privileges. (CVE-2010-4527, Important)

* A missing boundary check was found in the dvb_ca_ioctl() function in the
Linux kernel's av7110 module. On systems that use old DVB cards that
require the av7110 module, a local, unprivileged user could use this flaw
to cause a denial of service or escalate their privileges. (CVE-2011-0521,
Important)

* A missing initialization flaw was found in the ethtool_get_regs()
function in the Linux kernel's ethtool IOCTL handler. A local user who has
the CAP_NET_ADMIN capability could use this flaw to cause an information
leak. (CVE-2010-4655, Low)

Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-4527, and
Kees Cook for reporting CVE-2010-4655.

These updated kernel packages also fix hundreds of bugs and add numerous
enhancements. For details on individual bug fixes and enhancements included
in this update, refer to the Red Hat Enterprise Linux 4.9 Release Notes,
linked to in the References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues and add these enhancements. The system must
be rebooted for this update to take effect.

Affected Software/OS:
Red Hat Enterprise Linux 4.9 kernel on Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4

Solution:
Please Install the Updated Packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-4527
BugTraq ID: 45629
http://www.securityfocus.com/bid/45629
http://xorl.wordpress.com/2011/01/09/cve-2010-4527-linux-kernel-oss-sound-card-driver-buffer-overflow/
http://openwall.com/lists/oss-security/2010/12/31/1
http://openwall.com/lists/oss-security/2010/12/31/4
http://secunia.com/advisories/42765
http://secunia.com/advisories/43291
SuSE Security Announcement: SUSE-SA:2011:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
http://www.vupen.com/english/advisories/2011/0375
Common Vulnerability Exposure (CVE) ID: CVE-2010-4655
BugTraq ID: 45972
http://www.securityfocus.com/bid/45972
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/520102/100/0/threaded
https://lkml.org/lkml/2010/10/7/297
http://openwall.com/lists/oss-security/2011/01/24/9
http://openwall.com/lists/oss-security/2011/01/25/3
http://openwall.com/lists/oss-security/2011/01/25/4
http://openwall.com/lists/oss-security/2011/01/25/5
http://openwall.com/lists/oss-security/2011/01/28/1
http://secunia.com/advisories/46397
http://www.ubuntu.com/usn/USN-1146-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-0521
BugTraq ID: 45986
http://www.securityfocus.com/bid/45986
http://openwall.com/lists/oss-security/2011/01/24/2
http://openwall.com/lists/oss-security/2011/01/25/2
http://www.securitytracker.com/id?1025195
http://secunia.com/advisories/43009
XForce ISS Database: kernel-av7110ca-privilege-escalation(64988)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64988
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.