Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.840785 |
Categoría: | Ubuntu Local Security Checks |
Título: | Ubuntu Update for linux USN-1243-1 |
Resumen: | Ubuntu Update for Linux kernel vulnerabilities USN-1243-1 |
Descripción: | Summary: Ubuntu Update for Linux kernel vulnerabilities USN-1243-1 Vulnerability Insight: It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363) Affected Software/OS: linux on Ubuntu 10.10 Solution: Please Install the Updated Packages. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4250 http://www.openwall.com/lists/oss-security/2010/11/24/11 Common Vulnerability Exposure (CVE) ID: CVE-2011-1479 http://www.openwall.com/lists/oss-security/2011/04/11/1 Common Vulnerability Exposure (CVE) ID: CVE-2011-2494 http://www.openwall.com/lists/oss-security/2011/06/27/1 http://secunia.com/advisories/48898 SuSE Security Announcement: SUSE-SU-2012:0554 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html Common Vulnerability Exposure (CVE) ID: CVE-2011-2495 RedHat Security Advisories: RHSA-2011:1212 http://rhn.redhat.com/errata/RHSA-2011-1212.html Common Vulnerability Exposure (CVE) ID: CVE-2011-2695 http://www.spinics.net/lists/linux-ext4/msg25697.html http://www.openwall.com/lists/oss-security/2011/07/15/7 http://www.openwall.com/lists/oss-security/2011/07/15/8 http://secunia.com/advisories/45193 Common Vulnerability Exposure (CVE) ID: CVE-2011-2905 http://www.openwall.com/lists/oss-security/2011/08/09/6 Common Vulnerability Exposure (CVE) ID: CVE-2011-2909 http://www.openwall.com/lists/oss-security/2011/08/12/1 Common Vulnerability Exposure (CVE) ID: CVE-2011-3188 HPdes Security Advisory: HPSBGN02970 http://marc.info/?l=bugtraq&m=139447903326211&w=2 http://www.openwall.com/lists/oss-security/2011/08/23/2 Common Vulnerability Exposure (CVE) ID: CVE-2011-3363 http://www.openwall.com/lists/oss-security/2011/09/14/12 |
Copyright | Copyright (C) 2011 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |