Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.70970 |
Kategorie: | Ubuntu Local Security Checks |
Titel: | Ubuntu USN-1242-1 (linux-image-2.6.35-30-generic) |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is missing an update to linux-image-2.6.35-30-generic announced via advisory USN-1242-1. Details: It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.35-30-generic 2.6.35-30.61~ lucid1 linux-image-2.6.35-30-generic-pae 2.6.35-30.61~ lucid1 linux-image-2.6.35-30-server 2.6.35-30.61~ lucid1 linux-image-2.6.35-30-virtual 2.6.35-30.61~ lucid1 http://www.securityspace.com/smysecure/catid.html?in=USN-1242-1 CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:NR/C:N/I:N/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4250 http://www.openwall.com/lists/oss-security/2010/11/24/11 Common Vulnerability Exposure (CVE) ID: CVE-2011-1479 http://www.openwall.com/lists/oss-security/2011/04/11/1 Common Vulnerability Exposure (CVE) ID: CVE-2011-2494 http://www.openwall.com/lists/oss-security/2011/06/27/1 http://secunia.com/advisories/48898 SuSE Security Announcement: SUSE-SU-2012:0554 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html Common Vulnerability Exposure (CVE) ID: CVE-2011-2495 RedHat Security Advisories: RHSA-2011:1212 http://rhn.redhat.com/errata/RHSA-2011-1212.html Common Vulnerability Exposure (CVE) ID: CVE-2011-2695 http://www.spinics.net/lists/linux-ext4/msg25697.html http://www.openwall.com/lists/oss-security/2011/07/15/7 http://www.openwall.com/lists/oss-security/2011/07/15/8 http://secunia.com/advisories/45193 Common Vulnerability Exposure (CVE) ID: CVE-2011-2905 http://www.openwall.com/lists/oss-security/2011/08/09/6 Common Vulnerability Exposure (CVE) ID: CVE-2011-2909 http://www.openwall.com/lists/oss-security/2011/08/12/1 Common Vulnerability Exposure (CVE) ID: CVE-2011-3188 HPdes Security Advisory: HPSBGN02970 http://marc.info/?l=bugtraq&m=139447903326211&w=2 http://www.openwall.com/lists/oss-security/2011/08/23/2 Common Vulnerability Exposure (CVE) ID: CVE-2011-3363 http://www.openwall.com/lists/oss-security/2011/09/14/12 |
Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |