 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.71018 |
| Categoría: | Ubuntu Local Security Checks |
| Título: | Ubuntu USN-1286-1 (linux-image-2.6.32-36-386) |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing an update to linux-image-2.6.32-36-386 announced via advisory USN-1286-1. Details: Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491) Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496) It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517) Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525) A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. (CVE-2011-4077) Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops. (CVE-2011-4081) A flaw was found in the Journaling Block Device (JBD). A local attacker able to mount ext3 or ext4 file systems could exploit this to crash the system, leading to a denial of service. (CVE-2011-4132) A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326) Clement Lecigne discovered a bug in the HFS file system bounds checking. When a malformed HFS file system is mounted a local user could crash the system or gain root privileges. (CVE-2011-4330) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.32-36-386 2.6.32-36.79 linux-image-2.6.32-36-generic 2.6.32-36.79 linux-image-2.6.32-36-generic-pae 2.6.32-36.79 linux-image-2.6.32-36-ia64 2.6.32-36.79 linux-image-2.6.32-36-lpia 2.6.32-36.79 linux-image-2.6.32-36-powerpc 2.6.32-36.79 linux-image-2.6.32-36-powerpc-smp 2.6.32-36.79 linux-image-2.6.32-36-powerpc64-smp 2.6.32-36.79 linux-image-2.6.32-36-preempt 2.6.32-36.79 linux-image-2.6.32-36-server 2.6.32-36.79 linux-image-2.6.32-36-sparc64 2.6.32-36.79 linux-image-2.6.32-36-sparc64-smp 2.6.32-36.79 linux-image-2.6.32-36-versatile 2.6.32-36.79 linux-image-2.6.32-36-virtual 2.6.32-36.79 http://www.securityspace.com/smysecure/catid.html?in=USN-1286-1 CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:NR/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-2491 http://www.openwall.com/lists/oss-security/2011/06/23/6 RedHat Security Advisories: RHSA-2011:1212 http://rhn.redhat.com/errata/RHSA-2011-1212.html Common Vulnerability Exposure (CVE) ID: CVE-2011-2496 http://www.openwall.com/lists/oss-security/2011/06/27/2 Common Vulnerability Exposure (CVE) ID: CVE-2011-2517 http://www.openwall.com/lists/oss-security/2011/07/01/4 Common Vulnerability Exposure (CVE) ID: CVE-2011-2525 http://kerneltrap.org/mailarchive/linux-netdev/2010/5/21/6277805 http://openwall.com/lists/oss-security/2011/07/12/1 RedHat Security Advisories: RHSA-2011:1065 http://rhn.redhat.com/errata/RHSA-2011-1065.html RedHat Security Advisories: RHSA-2011:1163 http://rhn.redhat.com/errata/RHSA-2011-1163.html Common Vulnerability Exposure (CVE) ID: CVE-2011-4077 HPdes Security Advisory: HPSBGN02970 http://marc.info/?l=bugtraq&m=139447903326211&w=2 http://xorl.wordpress.com/2011/12/07/cve-2011-4077-linux-kernel-xfs-readlink-memory-corruption/ http://www.openwall.com/lists/oss-security/2011/10/26/1 http://www.openwall.com/lists/oss-security/2011/10/26/3 http://oss.sgi.com/archives/xfs/2011-10/msg00345.html http://secunia.com/advisories/48964 Common Vulnerability Exposure (CVE) ID: CVE-2011-4081 http://www.openwall.com/lists/oss-security/2011/10/27/2 Common Vulnerability Exposure (CVE) ID: CVE-2011-4132 BugTraq ID: 50663 http://www.securityfocus.com/bid/50663 http://xorl.wordpress.com/2011/12/08/cve-2011-4132-linux-kernel-jbdjbd2-local-dos/ http://www.openwall.com/lists/oss-security/2011/11/11/6 http://www.openwall.com/lists/oss-security/2011/11/13/4 http://securitytracker.com/id?1026325 http://secunia.com/advisories/48898 SuSE Security Announcement: SUSE-SU-2012:0554 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2011-4326 BugTraq ID: 50751 http://www.securityfocus.com/bid/50751 http://www.openwall.com/lists/oss-security/2011/11/21/10 Common Vulnerability Exposure (CVE) ID: CVE-2011-4330 BugTraq ID: 50750 http://www.securityfocus.com/bid/50750 https://lkml.org/lkml/2011/11/9/303 http://www.openwall.com/lists/oss-security/2011/11/21/14 http://www.openwall.com/lists/oss-security/2011/11/21/5 |
| Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |