English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2012.0736.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2012:0736-1)
Resumen:The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2012:0736-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2012:0736-1 advisory.

Vulnerability Insight:
This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel.

The following security issues have been fixed:

*

CVE-2012-2319: A memory corruption when mounting a hfsplus filesystem was fixed that could be used by local attackers able to mount filesystem to crash the system.

*

CVE-2012-2313: The dl2k network card driver lacked permission handling for some ethtool ioctls, which could allow local attackers to start/stop the network card.

*

CVE-2011-2928: The befs_follow_linkl function in fs/befs/linuxvfs.c in the Linux kernel did not validate the lenght attribute of long symlinsk, which allowed local users to cause a denial of service (incorrect pointer dereference and Ooops) by accessing a long symlink on a malformed Be filesystem.

*

CVE-2011-4077: Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image.

*

CVE-2011-4324: A BUG() error report in the nfs4xdr routines on a NFSv4 mount was fixed that could happen during mknod.

*

CVE-2011-4330: Mounting a corrupted hfs filesystem could lead to a buffer overflow.

The following non-security issues have been fixed:

* kernel: pfault task state race (bnc#764128,LTC#81724).
* ap: Toleration for ap bus devices with device type 10
(bnc#761389).
* hugetlb, numa: fix interleave mpol reference count
(bnc#762111).
* cciss: fixup kdump (bnc#730200).
* kdump: Avoid allocating bootmem map over crash reserved region (bnc#749168, bnc#722400, bnc#742881).
* qeth: Improve OSA Express 4 blkt defaults
(bnc#754964,LTC#80325).
* zcrypt: Fix parameter checking for ZSECSENDCPRB ioctl
(bnc#754964,LTC#80378).
* virtio: add names to virtqueue struct, mapping from devices to queues (bnc#742148).
* virtio: find_vqs/del_vqs virtio operations
(bnc#742148).
* virtio_pci: optional MSI-X support (bnc#742148).
* virtio_pci: split up vp_interrupt (bnc#742148).
* knfsd: nfsd4: fix laundromat shutdown race (752556).
* driver core: Check for valid device in bus_find_device() (bnc#729685).
* VMware detection backport from mainline (bnc#671124,
bnc#747381).
* net: adding memory barrier to the poll and receive callbacks (bnc#746397 bnc#750928).
* qla2xxx: drop reference before wait for completion
(bnc#744592).
* qla2xxx: drop reference before wait for completion
(bnc#744592).
* ixgbe driver sets all WOL flags upon initialization so that machine is powered on as soon at it is switched off
(bnc#693639)
* Properly release MSI(X) vector(s) when MSI(X) gets disabled (bnc#723294, bnc#721869).
* scsi: Always retry internal target error (bnc#745640).
* cxgb4: fix parent device access in netdev_printk
(bnc#733155).
* lcs: lcs offline failure (bnc#752486,LTC#79788).
* qeth: add missing wake_up call (bnc#752486,LTC#79899).
* NFSD: Fill in WCC data for ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux kernel' package(s) on SLE SDK 10 SP4, SUSE Linux Enterprise Desktop 10 SP4, SUSE Linux Enterprise Server 10 SP4.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2928
BugTraq ID: 49256
http://www.securityfocus.com/bid/49256
Bugtraq: 20110819 [PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS (Google Search)
http://www.securityfocus.com/archive/1/519387/100/0/threaded
http://www.pre-cert.de/advisories/PRE-SA-2011-06.txt
http://www.openwall.com/lists/oss-security/2011/08/19/1
http://www.openwall.com/lists/oss-security/2011/08/19/5
http://securityreason.com/securityalert/8360
XForce ISS Database: linux-kernel-be-dos(69343)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69343
Common Vulnerability Exposure (CVE) ID: CVE-2011-4077
HPdes Security Advisory: HPSBGN02970
http://marc.info/?l=bugtraq&m=139447903326211&w=2
http://xorl.wordpress.com/2011/12/07/cve-2011-4077-linux-kernel-xfs-readlink-memory-corruption/
http://www.openwall.com/lists/oss-security/2011/10/26/1
http://www.openwall.com/lists/oss-security/2011/10/26/3
http://oss.sgi.com/archives/xfs/2011-10/msg00345.html
http://secunia.com/advisories/48964
Common Vulnerability Exposure (CVE) ID: CVE-2011-4324
http://www.openwall.com/lists/oss-security/2012/02/06/3
Common Vulnerability Exposure (CVE) ID: CVE-2011-4330
BugTraq ID: 50750
http://www.securityfocus.com/bid/50750
https://lkml.org/lkml/2011/11/9/303
http://www.openwall.com/lists/oss-security/2011/11/21/14
http://www.openwall.com/lists/oss-security/2011/11/21/5
Common Vulnerability Exposure (CVE) ID: CVE-2012-2313
BugTraq ID: 53965
http://www.securityfocus.com/bid/53965
http://www.openwall.com/lists/oss-security/2012/05/04/8
RedHat Security Advisories: RHSA-2012:1174
http://rhn.redhat.com/errata/RHSA-2012-1174.html
RedHat Security Advisories: RHSA-2012:1481
http://rhn.redhat.com/errata/RHSA-2012-1481.html
RedHat Security Advisories: RHSA-2012:1541
http://rhn.redhat.com/errata/RHSA-2012-1541.html
RedHat Security Advisories: RHSA-2012:1589
http://rhn.redhat.com/errata/RHSA-2012-1589.html
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-2319
http://www.openwall.com/lists/oss-security/2012/05/07/11
RedHat Security Advisories: RHSA-2012:1323
http://rhn.redhat.com/errata/RHSA-2012-1323.html
RedHat Security Advisories: RHSA-2012:1347
http://rhn.redhat.com/errata/RHSA-2012-1347.html
http://secunia.com/advisories/50811
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.