ID de Prueba:	1.3.6.1.4.1.25623.1.0.122306
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2010-2009)
Resumen:	The remote host is missing an update for the '' package(s) announced via the ELSA-2010-2009 advisory.
Descripción:	Summary: The remote host is missing an update for the '' package(s) announced via the ELSA-2010-2009 advisory. Vulnerability Insight: Following security bugs are fixed in this errata CVE-2010-3904 When copying data to userspace, the RDS protocol failed to verify that the user-provided address was a valid userspace address. A local unprivileged user could issue specially crafted socket calls to write arbitrary values into kernel memory and potentially escalate privileges to root. CVE-2010-3067 Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. CVE-2010-3477 The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942. kernel: [2.6.32-100.21.1.el5] - [rds] fix access issue with rds (Chris Mason) {CVE-2010-3904} - [fuse] linux-2.6.32-fuse-return-EGAIN-if-not-connected-bug-10154489.patch - [net] linux-2.6.32-net-sched-fix-kernel-leak-in-act_police.patch - [aio] linux-2.6.32-aio-check-for-multiplication-overflow-in-do_io_subm.patch ofa: [1.5.1-4.0.23] - Fix rds permissions checks during copies [1.5.1-4.0.21] - Update to BXOFED 1.5.1-1.3.6-5 Affected Software/OS: '' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3067 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console http://www.securityfocus.com/archive/1/520102/100/0/threaded 42778 http://secunia.com/advisories/42778 42801 http://secunia.com/advisories/42801 42890 http://secunia.com/advisories/42890 43291 http://secunia.com/advisories/43291 46397 http://secunia.com/advisories/46397 ADV-2011-0012 http://www.vupen.com/english/advisories/2011/0012 ADV-2011-0298 http://www.vupen.com/english/advisories/2011/0298 ADV-2011-0375 http://www.vupen.com/english/advisories/2011/0375 DSA-2126 http://www.debian.org/security/2010/dsa-2126 MDVSA-2010:257 http://www.mandriva.com/security/advisories?name=MDVSA-2010:257 MDVSA-2011:029 http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 MDVSA-2011:051 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 RHSA-2010:0758 http://www.redhat.com/support/errata/RHSA-2010-0758.html RHSA-2010:0779 http://www.redhat.com/support/errata/RHSA-2010-0779.html RHSA-2010:0839 http://www.redhat.com/support/errata/RHSA-2010-0839.html RHSA-2011:0007 http://www.redhat.com/support/errata/RHSA-2011-0007.html SUSE-SA:2010:060 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html SUSE-SA:2011:001 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html SUSE-SA:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html SUSE-SA:2011:007 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html SUSE-SA:2011:008 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html USN-1000-1 http://www.ubuntu.com/usn/USN-1000-1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=75e1c70fc31490ef8a373ea2a4bea2524099b478 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc4-next-20100915.bz2 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=629441 kernel-doiosubmit-dos(61884) https://exchange.xforce.ibmcloud.com/vulnerabilities/61884 Common Vulnerability Exposure (CVE) ID: CVE-2010-3477 Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search) Debian Security Information: DSA-2126 (Google Search) http://www.securitytracker.com/id?1024603 Common Vulnerability Exposure (CVE) ID: CVE-2010-3904 CERT/CC vulnerability note: VU#362983 http://www.kb.cert.org/vuls/id/362983 https://www.exploit-db.com/exploits/44677/ http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html http://www.vsecurity.com/download/tools/linux-rds-exploit.c http://www.vsecurity.com/resources/advisory/20101019-1/ http://www.redhat.com/support/errata/RHSA-2010-0792.html http://www.redhat.com/support/errata/RHSA-2010-0842.html http://securitytracker.com/id?1024613 SuSE Security Announcement: SUSE-SA:2010:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html SuSE Security Announcement: SUSE-SA:2010:057 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html SuSE Security Announcement: SUSE-SA:2011:007 (Google Search)
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.