Vulnerabilities > CVE-2009-3080 - Improper Validation of Array Index vulnerability in multiple products

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE

Summary

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

Vulnerable Configurations

Part Description Count
OS
Linux
1038
OS
Opensuse
2
OS
Suse
4
OS
Debian
1
OS
Canonical
5
OS
Vmware
1
OS
Redhat
5
Application
Redhat
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12578.NASL
    descriptionThis update fixes various security issues and some bugs in the SUSE Linux Enterprise 9 kernel. - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. (CVE-2009-3080) - Missing CAP_NET_ADMIN checks in the ebtables netfilter code might have allowed local attackers to modify bridge firewall settings. (CVE-2010-0007) - drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - The dbg_lvl file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. (CVE-2009-3889) - The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage. (CVE-2009-1883) - Memory leak in the appletalk subsystem in the Linux kernel, when the appletalk and ipddp modules are loaded but the ipddp
    last seen2020-06-01
    modified2020-06-02
    plugin id44654
    published2010-02-18
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44654
    titleSuSE9 Security Update : the Linux kernel (YOU Patch Number 12578)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2013-0039.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id79507
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79507
    titleOracleVM 2.2 : kernel (OVMSA-2013-0039)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-100108.NASL
    descriptionIndications Everyone using the Linux Kernel on x86_64 architecture should update. Contraindications None. Problem description The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. The following security issues were fixed : - A underflow in the e1000 jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4536) - A underflow in the e1000e jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4538) - drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. (CVE-2009-4138) - The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). (CVE-2009-4307) - The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. (CVE-2009-4308) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939) - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080) - Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020) For a complete list of changes, please look at the RPM changelog. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as a set of RPM packages that can easily be installed onto a running system by using the YaST online update module.
    last seen2020-06-01
    modified2020-06-02
    plugin id44037
    published2010-01-15
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44037
    titleSuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1754 / 1760)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_KERNEL-091218.NASL
    descriptionThe Linux kernel for openSUSE 11.2 was updated to 2.6.31.8 to fix the following bugs and security issues : - A file overwrite issue on the ext4 filesystem could be used by local attackers that have write access to a filesystem to change/overwrite files of other users, including root. (CVE-2009-4131) - A remote denial of service by sending overly long packets could be used by remote attackers to crash a machine. (CVE-2009-1298) - The mac80211 subsystem in the Linux kernel allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous
    last seen2020-06-01
    modified2020-06-02
    plugin id43631
    published2010-01-05
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43631
    titleSuSE 11.2 Security Update: kernel (2009-12-18)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0009.NASL
    descriptiona. Service Console update for COS kernel Updated COS package
    last seen2020-06-01
    modified2020-06-02
    plugin id46765
    published2010-06-01
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46765
    titleVMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2011-0009_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Linux Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. An attacker can exploit this to execute arbitrary code. (CVE-2010-2240) - A packet filter bypass exists in the Linux Kernel e1000 driver due to processing trailing payload data as a complete frame. A remote attacker can exploit this to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - A use-after-free error exists in the Linux Kernel when IPV6_RECVPKTINFO is set on a listening socket. A remote attacker can exploit this, via a SYN packet while the socket is in a listening (TCP_LISTEN) state, to cause a kernel panic, resulting in a denial of service condition. (CVE-2010-1188) - An array index error exists in the Linux Kernel in the gdth_read_event() function. A local attacker can exploit this, via a negative event index in an IOCTL request, to cause a denial of service condition. (CVE-2009-3080) - A race condition exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to gain privileges by mounting a filesystem on top of an arbitrary directory. (CVE-2011-1787) - A flaw exists in the VMware Host Guest File System (HGFS) that allows a Solaris or FreeBSD guest operating system user to modify arbitrary guest operating system files. (CVE-2011-2145) - A flaw exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to disclose host operating system files and directories. (CVE-2011-2146) - A flaw exists in the bundled Tom Sawyer GET Extension Factory that allows a remote attacker to cause a denial of service condition or the execution of arbitrary code via a crafted HTML document. (CVE-2011-2217)
    last seen2020-06-01
    modified2020-06-02
    plugin id89678
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89678
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0009) (remote check)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-030.NASL
    descriptionSome vulnerabilities were discovered and corrected in the Linux 2.6 kernel : Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. (CVE-2009-3080) The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) An issue was discovered in 2.6.32.x kernels, which sets unsecure permission for devtmpfs file system by default. (CVE-2010-0299) Additionally, it was added support for Atheros AR2427 Wireless Network Adapter. To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate
    last seen2020-06-01
    modified2020-06-02
    plugin id44356
    published2010-02-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44356
    titleMandriva Linux Security Advisory : kernel (MDVSA-2010:030)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-13098.NASL
    descriptionUpdate to kernel 2.6.27.41: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.39 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.40 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.41 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43125
    published2009-12-14
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43125
    titleFedora 10 : kernel-2.6.27.41-170.2.117.fc10 (2009-13098)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-6726.NASL
    descriptionThis update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The following security issues were fixed: CVE-2009-3939: A sysctl variable of the megaraid_sas driver was worldwriteable, allowing local users to cause a denial of service or potential code execution. - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080) - The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. (CVE-2009-4021) - The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. (CVE-2009-3889) - Memory leak in the appletalk subsystem in the Linux kernel when the appletalk and ipddp modules are loaded but the ipddp
    last seen2020-06-01
    modified2020-06-02
    plugin id43398
    published2009-12-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43398
    titleSuSE 10 Security Update : the Linux Kernel (i386) (ZYPP Patch Number 6726)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-6694.NASL
    descriptionThis update fixes various bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel. The following security issues were fixed: CVE-2009-3939: A sysctl variable of the megaraid_sas driver was worldwriteable, allowing local users to cause a denial of service or potential code execution. - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080) - The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. (CVE-2009-4021) - Memory leak in the appletalk subsystem in the Linux kernel when the appletalk and ipddp modules are loaded but the ipddp
    last seen2020-06-01
    modified2020-06-02
    plugin id49868
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49868
    titleSuSE 10 Security Update : Linux Kernel (x86) (ZYPP Patch Number 6694)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0009_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - libpng - VMnc Codec - vmrun - VMware Remote Console (VMrc) - VMware Tools - vmware-authd
    last seen2020-06-01
    modified2020-06-02
    plugin id89740
    published2016-03-08
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89740
    titleVMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-864-1.NASL
    descriptionIt was discovered that the AX.25 network subsystem did not correctly check integer signedness in certain setsockopt calls. A local attacker could exploit this to crash the system, leading to a denial of service. Ubuntu 9.10 was not affected. (CVE-2009-2909) Jan Beulich discovered that the kernel could leak register contents to 32-bit processes that were switched to 64-bit mode. A local attacker could run a specially crafted binary to read register values from an earlier process, leading to a loss of privacy. (CVE-2009-2910) Dave Jones discovered that the gdth SCSI driver did not correctly validate array indexes in certain ioctl calls. A local attacker could exploit this to crash the system or gain elevated privileges. (CVE-2009-3080) Eric Dumazet and Jiri Pirko discovered that the TC and CLS subsystems would leak kernel memory via uninitialized structure members. A local attacker could exploit this to read several bytes of kernel memory, leading to a loss of privacy. (CVE-2009-3228, CVE-2009-3612) Earl Chew discovered race conditions in pipe handling. A local attacker could exploit anonymous pipes via /proc/*/fd/ and crash the system or gain root privileges. (CVE-2009-3547) Dave Jones and Francois Romieu discovered that the r8169 network driver could be made to leak kernel memory. A remote attacker could send a large number of jumbo frames until the system memory was exhausted, leading to a denial of service. Ubuntu 9.10 was not affected. (CVE-2009-3613). Ben Hutchings discovered that the ATI Rage 128 video driver did not correctly validate initialization states. A local attacker could make specially crafted ioctl calls to crash the system or gain root privileges. (CVE-2009-3620) Tomoki Sekiyama discovered that Unix sockets did not correctly verify namespaces. A local attacker could exploit this to cause a system hang, leading to a denial of service. (CVE-2009-3621) J. Bruce Fields discovered that NFSv4 did not correctly use the credential cache. A local attacker using a mount with AUTH_NULL authentication could exploit this to crash the system or gain root privileges. Only Ubuntu 9.10 was affected. (CVE-2009-3623) Alexander Zangerl discovered that the kernel keyring did not correctly reference count. A local attacker could issue a series of specially crafted keyring calls to crash the system or gain root privileges. Only Ubuntu 9.10 was affected. (CVE-2009-3624) David Wagner discovered that KVM did not correctly bounds-check CPUID entries. A local attacker could exploit this to crash the system or possibly gain elevated privileges. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3638) Avi Kivity discovered that KVM did not correctly check privileges when accessing debug registers. A local attacker could exploit this to crash a host system from within a guest system, leading to a denial of service. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3722) Philip Reisner discovered that the connector layer for uvesafb, pohmelfs, dst, and dm did not correctly check capabilties. A local attacker could exploit this to crash the system or gain elevated privileges. Ubuntu 6.06 was not affected. (CVE-2009-3725) Trond Myklebust discovered that NFSv4 clients did not robustly verify attributes. A malicious remote NFSv4 server could exploit this to crash a client or gain root privileges. Ubuntu 9.10 was not affected. (CVE-2009-3726) Robin Getz discovered that NOMMU systems did not correctly validate NULL pointers in do_mmap_pgoff calls. A local attacker could attempt to allocate large amounts of memory to crash the system, leading to a denial of service. Only Ubuntu 6.06 and 9.10 were affected. (CVE-2009-3888) Joseph Malicki discovered that the MegaRAID SAS driver had world-writable option files. A local attacker could exploit these to disrupt the behavior of the controller, leading to a denial of service. (CVE-2009-3889, CVE-2009-3939) Roel Kluin discovered that the Hisax ISDN driver did not correctly check the size of packets. A remote attacker could send specially crafted packets to cause a system crash, leading to a denial of service. (CVE-2009-4005) Lennert Buytenhek discovered that certain 802.11 states were not handled correctly. A physically-proximate remote attacker could send specially crafted wireless traffic that would crash the system, leading to a denial of service. Only Ubuntu 9.10 was affected. (CVE-2009-4026, CVE-2009-4027). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43026
    published2009-12-07
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43026
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-864-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0046.NASL
    descriptionFrom Red Hat Security Advisory 2010:0046 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * an array index error was found in the gdth driver. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the FUSE implementation. When a system is low on memory, fuse_put_request() could dereference an invalid pointer, possibly leading to a local denial of service or privilege escalation. (CVE-2009-4021, Important) * Tavis Ormandy discovered a deficiency in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important) * the Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table (via specially crafted packets) for the emergency route flush to trigger, a deadlock could occur. Secondly, if the kernel routing cache was disabled, an uninitialized pointer would be left behind after a route lookup, leading to a kernel panic. (CVE-2009-4272, Important) * the RHSA-2009:0225 update introduced a rewrite attack flaw in the do_coredump() function. A local attacker able to guess the file name a process is going to dump its core to, prior to the process crashing, could use this flaw to append data to the dumped core file. This issue only affects systems that have
    last seen2020-06-01
    modified2020-06-02
    plugin id67988
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67988
    titleOracle Linux 5 : kernel (ELSA-2010-0046)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-6730.NASL
    descriptionThis update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The following security issues were fixed: CVE-2009-3939: A sysctl variable of the megaraid_sas driver was worldwriteable, allowing local users to cause a denial of service or potential code execution. - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080) - The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. (CVE-2009-4021) - The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. (CVE-2009-3889) - Memory leak in the appletalk subsystem in the Linux kernel when the appletalk and ipddp modules are loaded but the ipddp
    last seen2020-06-01
    modified2020-06-02
    plugin id59143
    published2012-05-17
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59143
    titleSuSE 10 Security Update : the Linux Kernel (x86_64) (ZYPP Patch Number 6730)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100202_KERNEL_ON_SL4_X.NASL
    descriptionCVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs CVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl CVE-2009-4005 kernel: isdn: hfc_usb: fix read buffer overflow CVE-2009-4020 kernel: hfs buffer overflow This update fixes the following security issues : - an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) - a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service. (CVE-2009-4005, Important) - permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The
    last seen2020-06-01
    modified2020-06-02
    plugin id60728
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60728
    titleScientific Linux Security Update : kernel on SL4.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-6697.NASL
    descriptionThis update fixes various bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel. The following security issues were fixed: CVE-2009-3939: A sysctl variable of the megaraid_sas driver was worldwriteable, allowing local users to cause a denial of service or potential code execution. - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080) - The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. (CVE-2009-4021) - Memory leak in the appletalk subsystem in the Linux kernel when the appletalk and ipddp modules are loaded but the ipddp
    last seen2020-06-01
    modified2020-06-02
    plugin id59142
    published2012-05-17
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59142
    titleSuSE 10 Security Update : Linux Kernel (x86_64) (ZYPP Patch Number 6697)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-100109.NASL
    descriptionIndications Everyone using the Linux Kernel on s390x architecture should update. Contraindications None. Problem description The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. The following security issues were fixed : - A underflow in the e1000 jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4536) - A underflow in the e1000e jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. (CVE-2009-4538) - drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. (CVE-2009-4138) - The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). (CVE-2009-4307) - The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. (CVE-2009-4308) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939) - The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) - A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080) - Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. (CVE-2009-4020) For a complete list of changes, please look at the RPM changelog. Solution Please install the updates provided at the location noted below. Installation notes This update is provided as a set of RPM packages that can easily be installed onto a running system by using the YaST online update module.
    last seen2020-06-01
    modified2020-06-02
    plugin id52685
    published2011-03-17
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52685
    titleSuSE 11 Security Update : Linux kernel (SAT Patch Number 1753)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0076.NASL
    descriptionFrom Red Hat Security Advisory 2010:0076 : Updated kernel packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service. (CVE-2009-4005, Important) * permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The
    last seen2020-06-01
    modified2020-06-02
    plugin id67992
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67992
    titleOracle Linux 4 : kernel (ELSA-2010-0076)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-034.NASL
    descriptionSome vulnerabilities were discovered and corrected in the Linux 2.6 kernel : Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. (CVE-2009-3080) The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) Additionally, the Linux kernel was updated to the stable release 2.6.27.45. To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate
    last seen2020-06-01
    modified2020-06-02
    plugin id44408
    published2010-02-09
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44408
    titleMandriva Linux Security Advisory : kernel (MDVSA-2010:034)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2003.NASL
    descriptionNOTE: This kernel update marks the final planned kernel security update for the 2.6.18 kernel in the Debian release
    last seen2020-06-01
    modified2020-06-02
    plugin id44867
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44867
    titleDebian DSA-2003-1 : linux-2.6 - privilege escalation/denial of service
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2011-0009.NASL
    descriptiona. VMware vmkernel third-party e1000(e) Driver Packet Filter Bypass There is an issue in the e1000(e) Linux driver for Intel PRO/1000 adapters that allows a remote attacker to bypass packet filters. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-4536 to this issue. b. ESX third-party update for Service Console kernel This update for the console OS kernel package resolves four security issues. 1) IPv4 Remote Denial of Service An remote attacker can achieve a denial of service via an issue in the kernel IPv4 code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1188 to this issue. 2) SCSI Driver Denial of Service / Possible Privilege Escalation A local attacker can achieve a denial of service and possibly a privilege escalation via a vulnerability in the Linux SCSI drivers. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3080 to this issue. 3) Kernel Memory Management Arbitrary Code Execution A context-dependent attacker can execute arbitrary code via a vulnerability in a kernel memory handling function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2240 to this issue. 4) e1000 Driver Packet Filter Bypass There is an issue in the Service Console e1000 Linux driver for Intel PRO/1000 adapters that allows a remote attacker to bypass packet filters. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-4536 to this issue. c. Multiple vulnerabilities in mount.vmhgfs This patch provides a fix for the following three security issues in the VMware Host Guest File System (HGFS). None of these issues affect Windows based Guest Operating Systems. 1) Mount.vmhgfs Information Disclosure Information disclosure via a vulnerability that allows an attacker with access to the Guest to determine if a path exists in the Host filesystem and whether it is a file or directory regardless of permissions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2146 to this issue. 2) Mount.vmhgfs Race Condition Privilege escalation via a race condition that allows an attacker with access to the guest to mount on arbitrary directories in the Guest filesystem and achieve privilege escalation if they can control the contents of the mounted directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-1787 to this issue. 3) Mount.vmhgfs Privilege Escalation Privilege escalation via a procedural error that allows an attacker with access to the guest operating system to gain write access to an arbitrary file in the Guest filesystem. This issue only affects Solaris and FreeBSD Guest Operating Systems. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2145 to this issue. VMware would like to thank Dan Rosenberg for reporting these issues. d. VI Client ActiveX vulnerabilities VI Client COM objects can be instantiated in Internet Explorer which may cause memory corruption. An attacker who succeeded in making the VI Client user visit a malicious Web site could execute code on the user
    last seen2020-06-01
    modified2020-06-02
    plugin id54968
    published2011-06-06
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/54968
    titleVMSA-2011-0009 : VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2005.NASL
    descriptionNOTE: This kernel update marks the final planned kernel security update for the 2.6.24 kernel in the Debian release
    last seen2020-06-01
    modified2020-06-02
    plugin id44951
    published2010-03-02
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44951
    titleDebian DSA-2005-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0046.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * an array index error was found in the gdth driver. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the FUSE implementation. When a system is low on memory, fuse_put_request() could dereference an invalid pointer, possibly leading to a local denial of service or privilege escalation. (CVE-2009-4021, Important) * Tavis Ormandy discovered a deficiency in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important) * the Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table (via specially crafted packets) for the emergency route flush to trigger, a deadlock could occur. Secondly, if the kernel routing cache was disabled, an uninitialized pointer would be left behind after a route lookup, leading to a kernel panic. (CVE-2009-4272, Important) * the RHSA-2009:0225 update introduced a rewrite attack flaw in the do_coredump() function. A local attacker able to guess the file name a process is going to dump its core to, prior to the process crashing, could use this flaw to append data to the dumped core file. This issue only affects systems that have
    last seen2020-06-01
    modified2020-06-02
    plugin id44096
    published2010-01-21
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44096
    titleCentOS 5 : kernel (CESA-2010:0046)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0076.NASL
    descriptionUpdated kernel packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service. (CVE-2009-4005, Important) * permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The
    last seen2020-06-01
    modified2020-06-02
    plugin id44386
    published2010-02-03
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44386
    titleRHEL 4 : kernel (RHSA-2010:0076)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0046.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * an array index error was found in the gdth driver. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the FUSE implementation. When a system is low on memory, fuse_put_request() could dereference an invalid pointer, possibly leading to a local denial of service or privilege escalation. (CVE-2009-4021, Important) * Tavis Ormandy discovered a deficiency in the fasync_helper() implementation. This could allow a local, unprivileged user to leverage a use-after-free of locked, asynchronous file descriptors to cause a denial of service or privilege escalation. (CVE-2009-4141, Important) * the Parallels Virtuozzo Containers team reported the RHSA-2009:1243 update introduced two flaws in the routing implementation. If an attacker was able to cause a large enough number of collisions in the routing hash table (via specially crafted packets) for the emergency route flush to trigger, a deadlock could occur. Secondly, if the kernel routing cache was disabled, an uninitialized pointer would be left behind after a route lookup, leading to a kernel panic. (CVE-2009-4272, Important) * the RHSA-2009:0225 update introduced a rewrite attack flaw in the do_coredump() function. A local attacker able to guess the file name a process is going to dump its core to, prior to the process crashing, could use this flaw to append data to the dumped core file. This issue only affects systems that have
    last seen2020-06-01
    modified2020-06-02
    plugin id44062
    published2010-01-20
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44062
    titleRHEL 5 : kernel (RHSA-2010:0046)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0076.NASL
    descriptionUpdated kernel packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. (CVE-2009-3080, Important) * a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service. (CVE-2009-4005, Important) * permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel. The
    last seen2020-06-01
    modified2020-06-02
    plugin id44395
    published2010-02-05
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44395
    titleCentOS 4 : kernel (CESA-2010:0076)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_KERNEL-100107.NASL
    descriptionThe openSUSE 11.1 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. Following security issues were fixed: CVE-2009-4536: A underflow in the e1000 jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. CVE-2009-4538: A underflow in the e1000e jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine. CVE-2009-4138: drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. CVE-2009-4307: The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). CVE-2009-4308: The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. CVE-2009-4005: The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. CVE-2009-3080: A negative offset in a ioctl in the GDTH RAID driver was fixed. CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. For a complete list of changes, please look at the RPM changelog.
    last seen2020-06-01
    modified2020-06-02
    plugin id44034
    published2010-01-15
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44034
    titleopenSUSE Security Update : kernel (kernel-1749)

Oval

  • accepted2013-04-29T04:10:30.047-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionArray index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
    familyunix
    idoval:org.mitre.oval:def:10989
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleArray index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
    version27
  • accepted2011-12-05T04:00:09.654-05:00
    classvulnerability
    contributors
    nameAslesha Nargolkar
    organizationHewlett-Packard
    definition_extensions
    commentVMware ESX Server 3.5.0 is installed
    ovaloval:org.mitre.oval:def:5887
    descriptionArray index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
    familyunix
    idoval:org.mitre.oval:def:12862
    statusaccepted
    submitted2011-09-30T10:46:17.000-05:00
    titleESX third party update for Service Console kernel
    version6
  • accepted2014-01-20T04:01:32.293-05:00
    classvulnerability
    contributors
    • nameJ. Daniel Brown
      organizationDTCC
    • nameChris Coffin
      organizationThe MITRE Corporation
    definition_extensions
    commentVMware ESX Server 4.0 is installed
    ovaloval:org.mitre.oval:def:6293
    descriptionArray index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
    familyunix
    idoval:org.mitre.oval:def:7101
    statusaccepted
    submitted2010-06-01T17:30:00.000-05:00
    titleLinux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
    version8

Redhat

advisories
  • rhsa
    idRHSA-2010:0041
  • rhsa
    idRHSA-2010:0046
  • rhsa
    idRHSA-2010:0095
  • rhsa
    idRHSA-2010:0882
rpms
  • kernel-rt-0:2.6.24.7-146.el5rt
  • kernel-rt-debug-0:2.6.24.7-146.el5rt
  • kernel-rt-debug-debuginfo-0:2.6.24.7-146.el5rt
  • kernel-rt-debug-devel-0:2.6.24.7-146.el5rt
  • kernel-rt-debuginfo-0:2.6.24.7-146.el5rt
  • kernel-rt-debuginfo-common-0:2.6.24.7-146.el5rt
  • kernel-rt-devel-0:2.6.24.7-146.el5rt
  • kernel-rt-doc-0:2.6.24.7-146.el5rt
  • kernel-rt-trace-0:2.6.24.7-146.el5rt
  • kernel-rt-trace-debuginfo-0:2.6.24.7-146.el5rt
  • kernel-rt-trace-devel-0:2.6.24.7-146.el5rt
  • kernel-rt-vanilla-0:2.6.24.7-146.el5rt
  • kernel-rt-vanilla-debuginfo-0:2.6.24.7-146.el5rt
  • kernel-rt-vanilla-devel-0:2.6.24.7-146.el5rt
  • kernel-0:2.6.18-164.11.1.el5
  • kernel-PAE-0:2.6.18-164.11.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-164.11.1.el5
  • kernel-PAE-devel-0:2.6.18-164.11.1.el5
  • kernel-debug-0:2.6.18-164.11.1.el5
  • kernel-debug-debuginfo-0:2.6.18-164.11.1.el5
  • kernel-debug-devel-0:2.6.18-164.11.1.el5
  • kernel-debuginfo-0:2.6.18-164.11.1.el5
  • kernel-debuginfo-common-0:2.6.18-164.11.1.el5
  • kernel-devel-0:2.6.18-164.11.1.el5
  • kernel-doc-0:2.6.18-164.11.1.el5
  • kernel-headers-0:2.6.18-164.11.1.el5
  • kernel-kdump-0:2.6.18-164.11.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-164.11.1.el5
  • kernel-kdump-devel-0:2.6.18-164.11.1.el5
  • kernel-xen-0:2.6.18-164.11.1.el5
  • kernel-xen-debuginfo-0:2.6.18-164.11.1.el5
  • kernel-xen-devel-0:2.6.18-164.11.1.el5
  • kernel-0:2.6.9-89.0.20.EL
  • kernel-debuginfo-0:2.6.9-89.0.20.EL
  • kernel-devel-0:2.6.9-89.0.20.EL
  • kernel-doc-0:2.6.9-89.0.20.EL
  • kernel-hugemem-0:2.6.9-89.0.20.EL
  • kernel-hugemem-devel-0:2.6.9-89.0.20.EL
  • kernel-largesmp-0:2.6.9-89.0.20.EL
  • kernel-largesmp-devel-0:2.6.9-89.0.20.EL
  • kernel-smp-0:2.6.9-89.0.20.EL
  • kernel-smp-devel-0:2.6.9-89.0.20.EL
  • kernel-xenU-0:2.6.9-89.0.20.EL
  • kernel-xenU-devel-0:2.6.9-89.0.20.EL
  • kernel-0:2.4.21-66.EL
  • kernel-BOOT-0:2.4.21-66.EL
  • kernel-debuginfo-0:2.4.21-66.EL
  • kernel-doc-0:2.4.21-66.EL
  • kernel-hugemem-0:2.4.21-66.EL
  • kernel-hugemem-unsupported-0:2.4.21-66.EL
  • kernel-smp-0:2.4.21-66.EL
  • kernel-smp-unsupported-0:2.4.21-66.EL
  • kernel-source-0:2.4.21-66.EL
  • kernel-unsupported-0:2.4.21-66.EL

Seebug

bulletinFamilyexploit
descriptionBugraq ID: 37068 CVE ID:CVE-2009-3080 Linux是一款开放源代码的操作系统。 Linux drivers/scsi/gdth.c包含的"gdth_read_event()"函数存在数组索引错误,发送特殊构建的使用负偏移用于索引的IOCTL,可导致拒绝服务或特权提升。 Linux kernel 2.6.31 5 Linux kernel 2.6.31 .2 Linux kernel 2.6.31 -rc7 Linux kernel 2.6.31 -rc6 Linux kernel 2.6.31 -rc3 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.31 -rc1 Linux kernel 2.6.31 Linux kernel 2.6.30 rc6 Linux kernel 2.6.30 1 Linux kernel 2.6.30 -rc5 Linux kernel 2.6.30 -rc3 Linux kernel 2.6.30 -rc2 Linux kernel 2.6.30 -rc1 Linux kernel 2.6.30 Linux kernel 2.6.29 4 Linux kernel 2.6.29 1 Linux kernel 2.6.29 -git8 Linux kernel 2.6.29 -git14 Linux kernel 2.6.29 -git1 Linux kernel 2.6.29 Linux kernel 2.6.28 9 Linux kernel 2.6.28 8 Linux kernel 2.6.28 6 Linux kernel 2.6.28 5 Linux kernel 2.6.28 3 Linux kernel 2.6.28 2 Linux kernel 2.6.28 1 Linux kernel 2.6.28 -rc7 Linux kernel 2.6.28 -rc5 Linux kernel 2.6.28 -rc1 Linux kernel 2.6.28 -git7 Linux kernel 2.6.28 Linux kernel 2.6.27 6 Linux kernel 2.6.27 3 Linux kernel 2.6.27 24 Linux kernel 2.6.27 14 Linux kernel 2.6.27 13 Linux kernel 2.6.27 12 Linux kernel 2.6.27 12 Linux kernel 2.6.27 .8 Linux kernel 2.6.27 .5 Linux kernel 2.6.27 .5 Linux kernel 2.6.27 -rc8-git5 Linux kernel 2.6.27 -rc8 Linux kernel 2.6.27 -rc6-git6 Linux kernel 2.6.27 -rc6 Linux kernel 2.6.27 -rc5 Linux kernel 2.6.27 -rc4 Linux kernel 2.6.27 -rc2 Linux kernel 2.6.27 -rc1 Linux kernel 2.6.27 Linux kernel 2.6.26 7 Linux kernel 2.6.26 4 Linux kernel 2.6.26 3 Linux kernel 2.6.26 .6 Linux kernel 2.6.26 -rc6 Linux kernel 2.6.26 Linux kernel 2.6.25 19 Linux kernel 2.6.25 .9 Linux kernel 2.6.25 .8 Linux kernel 2.6.25 .7 Linux kernel 2.6.25 .6 Linux kernel 2.6.25 .5 Linux kernel 2.6.25 .15 Linux kernel 2.6.25 .13 Linux kernel 2.6.25 .12 Linux kernel 2.6.25 .11 Linux kernel 2.6.25 .10 Linux kernel 2.6.25 Linux kernel 2.6.25 Linux kernel 2.6.24 .2 Linux kernel 2.6.24 .1 Linux kernel 2.6.24 -rc5 Linux kernel 2.6.24 -rc4 Linux kernel 2.6.24 -rc3 Linux kernel 2.6.24 -git13 Linux kernel 2.6.24 Linux kernel 2.6.23 .7 Linux kernel 2.6.23 .6 Linux kernel 2.6.23 .5 Linux kernel 2.6.23 .4 Linux kernel 2.6.23 .3 Linux kernel 2.6.23 .2 Linux kernel 2.6.23 -rc2 Linux kernel 2.6.23 -rc1 Linux kernel 2.6.23 Linux kernel 2.6.22 7 Linux kernel 2.6.22 1 Linux kernel 2.6.22 .8 Linux kernel 2.6.22 .6 Linux kernel 2.6.22 .5 Linux kernel 2.6.22 .4 Linux kernel 2.6.22 .3 Linux kernel 2.6.22 .17 Linux kernel 2.6.22 .16 Linux kernel 2.6.22 .15 Linux kernel 2.6.22 .14 Linux kernel 2.6.22 .13 Linux kernel 2.6.22 .12 Linux kernel 2.6.22 .11 Linux kernel 2.6.22 Linux kernel 2.6.22 Linux kernel 2.6.21 4 Linux kernel 2.6.21 .7 Linux kernel 2.6.21 .6 Linux kernel 2.6.21 .2 Linux kernel 2.6.21 .1 Linux kernel 2.6.21 Linux kernel 2.6.21 Linux kernel 2.6.21 Linux kernel 2.6.20 .9 Linux kernel 2.6.20 .8 Linux kernel 2.6.20 .5 Linux kernel 2.6.20 .4 Linux kernel 2.6.20 .15 Linux kernel 2.6.20 -git5 Linux kernel 2.6.20 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.20 Linux kernel 2.6.19 1 Linux kernel 2.6.19 .2 Linux kernel 2.6.19 .1 Linux kernel 2.6.19 -rc4 Linux kernel 2.6.19 -rc3 Linux kernel 2.6.19 -rc2 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.19 -rc1 Linux kernel 2.6.19 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.18 .4 Linux kernel 2.6.18 .3 Linux kernel 2.6.18 .1 Linux kernel 2.6.18 Linux kernel 2.6.17 .8 Linux kernel 2.6.17 .7 Linux kernel 2.6.17 .6 Linux kernel 2.6.17 .5 Linux kernel 2.6.17 .3 Linux kernel 2.6.17 .2 Linux kernel 2.6.17 .14 Linux kernel 2.6.17 .13 Linux kernel 2.6.17 .12 Linux kernel 2.6.17 .11 Linux kernel 2.6.17 .10 Linux kernel 2.6.17 .1 Linux kernel 2.6.17 -rc5 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.16 27 Linux kernel 2.6.16 13 Linux kernel 2.6.16 .9 Linux kernel 2.6.16 .7 Linux kernel 2.6.16 .23 Linux kernel 2.6.16 .19 Linux kernel 2.6.16 .12 Linux kernel 2.6.16 .11 Linux kernel 2.6.16 .1 Linux kernel 2.6.16 -rc1 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.16 Linux kernel 2.6.15 .4 Linux kernel 2.6.15 .3 Linux kernel 2.6.15 .2 Linux kernel 2.6.15 .1 Linux kernel 2.6.15 -rc3 Linux kernel 2.6.15 -rc2 Linux kernel 2.6.15 -rc1 Linux kernel 2.6.15 Linux kernel 2.6.15 Linux kernel 2.6.15 Linux kernel 2.6.15 Linux kernel 2.6.15 Linux kernel 2.6.15 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.14 .5 Linux kernel 2.6.14 .4 Linux kernel 2.6.14 .3 Linux kernel 2.6.14 .2 Linux kernel 2.6.14 .1 Linux kernel 2.6.14 -rc4 Linux kernel 2.6.14 -rc3 Linux kernel 2.6.14 -rc2 Linux kernel 2.6.14 -rc1 Linux kernel 2.6.14 Linux kernel 2.6.14 Linux kernel 2.6.13 .4 Linux kernel 2.6.13 .3 Linux kernel 2.6.13 .2 Linux kernel 2.6.13 .1 Linux kernel 2.6.13 -rc7 Linux kernel 2.6.13 -rc6 Linux kernel 2.6.13 -rc4 Linux kernel 2.6.13 -rc1 Linux kernel 2.6.13 Linux kernel 2.6.13 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.12 .6 Linux kernel 2.6.12 .5 Linux kernel 2.6.12 .4 Linux kernel 2.6.12 .3 Linux kernel 2.6.12 .22 Linux kernel 2.6.12 .2 Linux kernel 2.6.12 .12 Linux kernel 2.6.12 .1 Linux kernel 2.6.12 -rc5 Linux kernel 2.6.12 -rc4 Linux kernel 2.6.12 -rc1 Linux kernel 2.6.12 Linux kernel 2.6.12 Linux kernel 2.6.11 .8 Linux kernel 2.6.11 .7 Linux kernel 2.6.11 .6 Linux kernel 2.6.11 .5 Linux kernel 2.6.11 .4 Linux kernel 2.6.11 .12 Linux kernel 2.6.11 .11 Linux kernel 2.6.11 -rc4 Linux kernel 2.6.11 -rc3 Linux kernel 2.6.11 -rc2 Linux kernel 2.6.11 Linux kernel 2.6.11 Linux kernel 2.6.10 rc2 Linux kernel 2.6.10 Linux kernel 2.6.10 Linux kernel 2.6.9 Linux kernel 2.6.8 rc3 Linux kernel 2.6.8 rc2 Linux kernel 2.6.8 rc1 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.6.8 Linux kernel 2.6.7 rc1 Linux kernel 2.6.7 Linux kernel 2.6.6 rc1 Linux kernel 2.6.6 Linux kernel 2.6.5 Linux kernel 2.6.4 Linux kernel 2.6.3 Linux kernel 2.6.2 Linux kernel 2.6.1 -rc2 Linux kernel 2.6.1 -rc1 Linux kernel 2.6.1 Linux kernel 2.6 .10 Linux kernel 2.6 -test9-CVS Linux kernel 2.6 -test9 Linux kernel 2.6 -test8 Linux kernel 2.6 -test7 Linux kernel 2.6 -test6 Linux kernel 2.6 -test5 Linux kernel 2.6 -test4 Linux kernel 2.6 -test3 Linux kernel 2.6 -test2 Linux kernel 2.6 -test11 Linux kernel 2.6 -test10 Linux kernel 2.6 -test1 Linux kernel 2.6 Linux kernel 2.6.8.1 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.6.32-rc7 Linux kernel 2.6.32-rc5 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.32-rc4 Linux kernel 2.6.32-rc3 Linux kernel 2.6.32-rc2 Linux kernel 2.6.32-rc1 Linux kernel 2.6.31.4 Linux kernel 2.6.31.2 Linux kernel 2.6.31-rc9 Linux kernel 2.6.31-rc8 Linux kernel 2.6.31-rc7 Linux kernel 2.6.31-rc5-git3 Linux kernel 2.6.31-rc4 Linux kernel 2.6.31-rc2 Linux kernel 2.6.31-git11 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.30.5 Linux kernel 2.6.30.4 Linux kernel 2.6.30.3 Linux kernel 2.6.29-rc2-git1 Linux kernel 2.6.29-rc2 Linux kernel 2.6.29-rc1 Linux kernel 2.6.28.4 Linux kernel 2.6.26.1 Linux kernel 2.6.26-rc5-git1 Linux kernel 2.6.25.4 Linux kernel 2.6.25.3 Linux kernel 2.6.25.2 Linux kernel 2.6.25.1 Linux kernel 2.6.25-rc1 Linux kernel 2.6.24.6 Linux kernel 2.6.24-rc2 Linux kernel 2.6.24-rc1 Linux kernel 2.6.23.14 Linux kernel 2.6.23.10 Linux kernel 2.6.23.1 Linux kernel 2.6.23.09 Linux kernel 2.6.22-rc7 Linux kernel 2.6.22-rc1 Linux kernel 2.6.21-RC6 Linux kernel 2.6.21-RC5 Linux kernel 2.6.21-RC4 Linux kernel 2.6.21-RC3 Linux kernel 2.6.21-RC3 Linux kernel 2.6.20.3 Linux kernel 2.6.20.2 Linux kernel 2.6.20.13 Linux kernel 2.6.20.11 Linux kernel 2.6.20.1 Linux kernel 2.6.20-rc2 Linux kernel 2.6.20-2 Linux kernel 2.6.19 -rc6 Linux kernel 2.6.18-8.1.8.el5 Linux kernel 2.6.18-53 Linux kernel 2.6.18 Linux kernel 2.6.15.5 Linux kernel 2.6.15.11 Linux kernel 2.6.15-27.48 Linux kernel 2.6.11.4 GIT库已经修复此漏洞,建议用户下载补丁修补: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=690e744869f3262855b83b4fb59199cf142765b0
idSSV:12670
last seen2017-11-19
modified2009-11-20
published2009-11-20
reporterRoot
titleLinux Kernel 'drivers/scsi/gdth.c'本地特权提升漏洞

References