English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.840581
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-1057-1)
Summary:The remote host is missing an update for the 'linux-source-2.6.15' package(s) announced via the USN-1057-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-source-2.6.15' package(s) announced via the USN-1057-1 advisory.

Vulnerability Insight:
Dave Chinner discovered that the XFS filesystem did not correctly order
inode lookups when exported by NFS. A remote attacker could exploit this to
read or write disk blocks that had changed file assignment or had become
unlinked, leading to a loss of privacy. (CVE-2010-2943)

Dan Rosenberg discovered that several network ioctls did not clear kernel
memory correctly. A local user could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-3297)

Kees Cook and Vasiliy Kulikov discovered that the shm interface did not
clear kernel memory correctly. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-4072)

Affected Software/OS:
'linux-source-2.6.15' package(s) on Ubuntu 6.06.

Solution:
Please install the updated package(s).

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2943
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
http://www.securityfocus.com/archive/1/520102/100/0/threaded
42527
http://www.securityfocus.com/bid/42527
42758
http://secunia.com/advisories/42758
43161
http://secunia.com/advisories/43161
46397
http://secunia.com/advisories/46397
ADV-2011-0070
http://www.vupen.com/english/advisories/2011/0070
ADV-2011-0280
http://www.vupen.com/english/advisories/2011/0280
RHSA-2010:0723
http://www.redhat.com/support/errata/RHSA-2010-0723.html
USN-1041-1
http://www.ubuntu.com/usn/USN-1041-1
USN-1057-1
http://www.ubuntu.com/usn/USN-1057-1
[linux-xfs] 20100620 [PATCH 0/4, V2] xfs: validate inode numbers in file handles correctly
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767
[linux-xfs] 20100620 [PATCH 2/4] xfs: validate untrusted inode numbers during lookup
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771
[linux-xfs] 20100620 [PATCH 3/4] xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768
[linux-xfs] 20100620 [PATCH 4/4] xfs: remove block number from inode lookup code
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769
[oss-security] 20100818 CVE request - kernel: xfs: stale data exposure
http://www.openwall.com/lists/oss-security/2010/08/18/2
[oss-security] 20100819 Re: CVE request - kernel: xfs: stale data exposure
http://www.openwall.com/lists/oss-security/2010/08/19/5
[xfs] 20100617 [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2
http://oss.sgi.com/archives/xfs/2010-06/msg00191.html
[xfs] 20100618 Re: [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2
http://oss.sgi.com/archives/xfs/2010-06/msg00198.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa
http://support.avaya.com/css/P8/documents/100113326
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=624923
Common Vulnerability Exposure (CVE) ID: CVE-2010-3297
41440
http://secunia.com/advisories/41440
43229
http://www.securityfocus.com/bid/43229
ADV-2011-0298
http://www.vupen.com/english/advisories/2011/0298
DSA-2126
http://www.debian.org/security/2010/dsa-2126
MDVSA-2011:051
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
RHSA-2010:0771
http://www.redhat.com/support/errata/RHSA-2010-0771.html
SUSE-SA:2010:050
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html
SUSE-SA:2010:054
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
SUSE-SA:2011:007
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
[linux-kernel] 20100911 [PATCH] drivers/net/eql.c: prevent reading uninitialized stack memory
http://lkml.org/lkml/2010/9/11/168
[oss-security] 20100914 CVE request: kernel: numerous infoleaks
http://www.openwall.com/lists/oss-security/2010/09/14/2
[oss-security] 20100914 Re: CVE request: kernel: numerous infoleaks
http://www.openwall.com/lists/oss-security/2010/09/14/7
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=44467187dc22fdd33a1a06ea0ba86ce20be3fe3c
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc5
https://bugzilla.redhat.com/show_bug.cgi?id=633145
Common Vulnerability Exposure (CVE) ID: CVE-2010-4072
BugTraq ID: 45054
http://www.securityfocus.com/bid/45054
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
Debian Security Information: DSA-2126 (Google Search)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
http://lkml.org/lkml/2010/10/6/454
http://www.openwall.com/lists/oss-security/2010/10/07/1
http://www.openwall.com/lists/oss-security/2010/10/25/3
http://www.redhat.com/support/errata/RHSA-2010-0958.html
http://www.redhat.com/support/errata/RHSA-2011-0007.html
http://www.redhat.com/support/errata/RHSA-2011-0017.html
http://www.redhat.com/support/errata/RHSA-2011-0162.html
http://secunia.com/advisories/42778
http://secunia.com/advisories/42884
http://secunia.com/advisories/42890
http://secunia.com/advisories/42932
http://secunia.com/advisories/42963
http://secunia.com/advisories/43291
SuSE Security Announcement: SUSE-SA:2010:060 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
SuSE Security Announcement: SUSE-SA:2011:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html
SuSE Security Announcement: SUSE-SA:2011:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html
SuSE Security Announcement: SUSE-SA:2011:007 (Google Search)
SuSE Security Announcement: SUSE-SA:2011:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
http://www.vupen.com/english/advisories/2011/0012
http://www.vupen.com/english/advisories/2011/0124
http://www.vupen.com/english/advisories/2011/0168
http://www.vupen.com/english/advisories/2011/0375
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.