English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 94899 CVE descriptions
and 51984 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66826
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0111
Summary:Redhat Security Advisory RHSA-2010:0111
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0111.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* a flaw was found in each of the following Intel PRO/1000 Linux drivers in
the Linux kernel: e1000 and e1000e. A remote attacker using packets larger
than the MTU could bypass the existing fragment check, resulting in
partial, invalid frames being passed to the network stack. These flaws
could also possibly be used to trigger a remote denial of service.
(CVE-2009-4536, CVE-2009-4538, Important)

* a flaw was found in the Realtek r8169 Ethernet driver in the Linux
kernel. Receiving overly-long frames with a certain revision of the network
cards supported by this driver could possibly result in a remote denial of
service. (CVE-2009-4537, Important)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0111.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-4536
http://www.openwall.com/lists/oss-security/2009/12/28/1
http://www.openwall.com/lists/oss-security/2009/12/29/2
http://www.openwall.com/lists/oss-security/2009/12/31/1
http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
Debian Security Information: DSA-1996 (Google Search)
http://www.debian.org/security/2010/dsa-1996
Debian Security Information: DSA-2005 (Google Search)
http://www.debian.org/security/2010/dsa-2005
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html
http://www.redhat.com/support/errata/RHSA-2010-0019.html
http://www.redhat.com/support/errata/RHSA-2010-0020.html
http://www.redhat.com/support/errata/RHSA-2010-0041.html
RedHat Security Advisories: RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://www.redhat.com/support/errata/RHSA-2010-0111.html
http://www.redhat.com/support/errata/RHSA-2010-0053.html
http://www.redhat.com/support/errata/RHSA-2010-0882.html
SuSE Security Announcement: SUSE-SA:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
SuSE Security Announcement: SUSE-SA:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
SuSE Security Announcement: SUSE-SA:2010:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html
SuSE Security Announcement: SUSE-SA:2010:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
SuSE Security Announcement: SUSE-SA:2010:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html
SuSE Security Announcement: SUSE-SA:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html
BugTraq ID: 37519
http://www.securityfocus.com/bid/37519
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10607
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7453
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12440
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13226
http://securitytracker.com/id?1023420
http://secunia.com/advisories/35265
http://secunia.com/advisories/38031
http://secunia.com/advisories/38492
http://secunia.com/advisories/38276
http://secunia.com/advisories/38296
http://secunia.com/advisories/38610
http://secunia.com/advisories/38779
XForce ISS Database: kernel-e1000main-security-bypass(55648)
http://xforce.iss.net/xforce/xfdb/55648
Common Vulnerability Exposure (CVE) ID: CVE-2009-4537
http://marc.info/?l=linux-netdev&m=126202972828626&w=2
http://twitter.com/dakami/statuses/7104238406
Debian Security Information: DSA-2053 (Google Search)
http://www.debian.org/security/2010/dsa-2053
SuSE Security Announcement: SUSE-SA:2010:023 (Google Search)
http://www.novell.com/linux/security/advisories/2010_23_kernel.html
SuSE Security Announcement: SUSE-SA:2010:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
BugTraq ID: 37521
http://www.securityfocus.com/bid/37521
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7443
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9439
http://securitytracker.com/id?1023419
http://secunia.com/advisories/39742
http://secunia.com/advisories/39830
http://secunia.com/advisories/40645
http://www.vupen.com/english/advisories/2010/1857
XForce ISS Database: kernel-r8169-dos(55647)
http://xforce.iss.net/xforce/xfdb/55647
Common Vulnerability Exposure (CVE) ID: CVE-2009-4538
http://www.mandriva.com/security/advisories?name=MDVSA-2010:066
BugTraq ID: 37523
http://www.securityfocus.com/bid/37523
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7016
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9702
XForce ISS Database: kernel-edriver-unspecified(55645)
http://xforce.iss.net/xforce/xfdb/55645
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 51984 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.