English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 95248 Descripciones CVE y
52540 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.68091
Categoría:Debian Local Security Checks
Título:Debian Security Advisory DSA 2110-1 (linux-2.6)
Resumen:Debian Security Advisory DSA 2110-1 (linux-2.6)
Descripción:Description:
The remote host is missing an update to linux-2.6
announced via advisory DSA 2110-1.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information leak.
The Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2010-2492

Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer
overflow condition may allow local users to cause a denial of service
or gain elevated privileges.

CVE-2010-2954

Tavis Ormandy reported an issue in the irda subsystem which may allow
local users to cause a denial of service via a NULL pointer dereference.

CVE-2010-3078

Dan Rosenberg discovered an issue in the XFS file system that allows
local users to read potentially sensitive kernel memory.

CVE-2010-3080

Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation
layer. Local users with sufficient privileges to open /dev/sequencer
(by default on Debian, this is members of the 'audio' group) can
cause a denial of service via a NULL pointer dereference.

CVE-2010-3081

Ben Hawkes discovered an issue in the 32-bit compatibility code
for 64-bit systems. Local users can gain elevated privileges due
to insufficient checks in compat_alloc_user_space allocations.

For the stable distribution (lenny), this problem has been fixed in
version 2.6.26-25lenny1.

We recommend that you upgrade your linux-2.6 and user-mode-linux

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202110-1

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2492
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/archive/1/520102/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2010:172
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
http://www.redhat.com/support/errata/RHSA-2010-0723.html
http://www.redhat.com/support/errata/RHSA-2011-0007.html
http://secunia.com/advisories/42890
http://secunia.com/advisories/46397
Common Vulnerability Exposure (CVE) ID: CVE-2010-2954
http://www.spinics.net/lists/netdev/msg139404.html
http://marc.info/?l=oss-security&m=128331787923285&w=2
http://twitter.com/taviso/statuses/22635752128
SuSE Security Announcement: SUSE-SA:2010:041 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html
SuSE Security Announcement: SUSE-SA:2010:052 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
SuSE Security Announcement: SUSE-SA:2010:050 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html
SuSE Security Announcement: SUSE-SA:2010:054 (Google Search)
SuSE Security Announcement: SUSE-SA:2011:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://www.ubuntu.com/usn/USN-1000-1
http://secunia.com/advisories/41234
http://secunia.com/advisories/41512
http://www.vupen.com/english/advisories/2010/2266
http://www.vupen.com/english/advisories/2010/2430
http://www.vupen.com/english/advisories/2011/0298
XForce ISS Database: kernel-irdabind-dos(61522)
http://xforce.iss.net/xforce/xfdb/61522
Common Vulnerability Exposure (CVE) ID: CVE-2010-3078
http://www.openwall.com/lists/oss-security/2010/09/07/1
http://www.openwall.com/lists/oss-security/2010/09/07/12
http://www.linux.sgi.com/archives/xfs-masters/2010-09/msg00002.html
http://www.redhat.com/support/errata/RHSA-2010-0839.html
BugTraq ID: 43022
http://www.securityfocus.com/bid/43022
http://securitytracker.com/id?1024418
http://secunia.com/advisories/41284
Common Vulnerability Exposure (CVE) ID: CVE-2010-3080
http://www.openwall.com/lists/oss-security/2010/09/08/7
BugTraq ID: 43062
http://www.securityfocus.com/bid/43062
Common Vulnerability Exposure (CVE) ID: CVE-2010-3081
Bugtraq: 20101130 VMSA-2010-0017 VMware ESX third party update for Service Console kerne (Google Search)
http://www.securityfocus.com/archive/1/514938/30/30/threaded
Bugtraq: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (Google Search)
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0273.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0278.html
http://marc.info/?l=oss-security&m=128461522230211&w=2
http://blog.ksplice.com/2010/09/cve-2010-3081/
http://isc.sans.edu/diary.html?storyid=9574
http://sota.gen.nz/compat1/
http://www.mandriva.com/security/advisories?name=MDVSA-2010:214
http://www.mandriva.com/security/advisories?name=MDVSA-2010:247
http://www.redhat.com/support/errata/RHSA-2010-0758.html
http://www.redhat.com/support/errata/RHSA-2010-0882.html
http://www.redhat.com/support/errata/RHSA-2010-0842.html
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://secunia.com/advisories/42384
http://secunia.com/advisories/43315
http://www.vupen.com/english/advisories/2010/3083
http://www.vupen.com/english/advisories/2010/3117
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 52540 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2016 E-Soft Inc. Todos los derechos reservados.