Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.71017
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu USN-1285-1 (linux-image-2.6.38-13-generic)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to linux-image-2.6.38-13-generic
announced via advisory USN-1285-1.

Details:

Andrea Righi discovered a race condition in the KSM memory merging support.
If KSM was being used, a local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2011-2183)

Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly
handled unlock requests. A local attacker could exploit this to cause a
denial of service. (CVE-2011-2491)

Vasiliy Kulikov discovered that taskstats did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2494)

Vasiliy Kulikov discovered that /proc/PID/io did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2495)

It was discovered that the wireless stack incorrectly verified SSID
lengths. A local attacker could exploit this to cause a denial of service
or gain root privileges. (CVE-2011-2517)

Christian Ohm discovered that the perf command looks for configuration
files in the current directory. If a privileged user were tricked into
running perf in a directory containing a malicious configuration file, an
attacker could run arbitrary commands and possibly gain privileges.
(CVE-2011-2905)

Vasiliy Kulikov discovered that the Comedi driver did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy. (CVE-2011-2909)

Solution:
The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
linux-image-2.6.38-13-generic 2.6.38-13.52
linux-image-2.6.38-13-generic-pae 2.6.38-13.52
linux-image-2.6.38-13-omap 2.6.38-13.52
linux-image-2.6.38-13-powerpc 2.6.38-13.52
linux-image-2.6.38-13-powerpc-smp 2.6.38-13.52
linux-image-2.6.38-13-powerpc64-smp 2.6.38-13.52
linux-image-2.6.38-13-server 2.6.38-13.52
linux-image-2.6.38-13-versatile 2.6.38-13.52
linux-image-2.6.38-13-virtual 2.6.38-13.52

http://www.securityspace.com/smysecure/catid.html?in=USN-1285-1

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-2183
http://www.openwall.com/lists/oss-security/2011/06/06/1
Common Vulnerability Exposure (CVE) ID: CVE-2011-2491
http://www.openwall.com/lists/oss-security/2011/06/23/6
RedHat Security Advisories: RHSA-2011:1212
http://rhn.redhat.com/errata/RHSA-2011-1212.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2494
http://www.openwall.com/lists/oss-security/2011/06/27/1
http://secunia.com/advisories/48898
SuSE Security Announcement: SUSE-SU-2012:0554 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2495
Common Vulnerability Exposure (CVE) ID: CVE-2011-2517
http://www.openwall.com/lists/oss-security/2011/07/01/4
Common Vulnerability Exposure (CVE) ID: CVE-2011-2905
http://www.openwall.com/lists/oss-security/2011/08/09/6
Common Vulnerability Exposure (CVE) ID: CVE-2011-2909
http://www.openwall.com/lists/oss-security/2011/08/12/1
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.