Vulnerabilities > CVE-2010-0307
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.
Vulnerable Configurations
Exploit-Db
description | Linux Kernel 2.6.x 64bit Personality Handling Local Denial of Service Vulnerability. CVE-2010-0307. Dos exploit for linux platform |
id | EDB-ID:33585 |
last seen | 2016-02-03 |
modified | 2010-02-01 |
published | 2010-02-01 |
reporter | Mathias Krause |
source | https://www.exploit-db.com/download/33585/ |
title | Linux Kernel 2.6.x - 64 bit Personality Handling Local Denial of Service Vulnerability |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0476.NASL description An updated rhev-hypervisor package that fixes two security issues, multiple bugs, and adds enhancements is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU-KVM handled erroneous data provided by the Linux virtio-net driver, used by guest operating systems. Due to a deficiency in the TSO (TCP segment offloading) implementation, a guest last seen 2020-06-01 modified 2020-06-02 plugin id 79275 published 2014-11-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79275 title RHEL 5 : rhev-hypervisor (RHSA-2010:0476) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0146.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When last seen 2020-06-01 modified 2020-06-02 plugin id 45091 published 2010-03-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45091 title CentOS 4 : kernel (CESA-2010:0146) NASL family Scientific Linux Local Security Checks NASL id SL_20100506_KERNEL_ON_SL_5_0.NASL description This kernel is already in SL 5.5 This updated contains all the security and bug fixes from the 2.6.18-194.el5 kernel. In additions this update fixes the following security issues : - a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) - on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) - a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) - a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) - a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) This update also fixes the following bugs : - in some cases, booting a system with the last seen 2020-06-01 modified 2020-06-02 plugin id 60788 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60788 title Scientific Linux Security Update : kernel on SL 5.0-5.4 i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1996.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3939 Joseph Malicki reported that the dbg_lvl sysfs attribute for the megaraid_sas device driver had world-writable permissions, permitting local users to modify logging settings. - CVE-2009-4027 Lennert Buytenhek reported a race in the mac80211 subsystem that may allow remote users to cause a denial of service (system crash) on a system connected to the same wireless network. - CVE-2009-4536 CVE-2009-4538 Fabian Yamaguchi reported issues in the e1000 and e1000e drivers for Intel gigabit network adapters which allow remote users to bypass packet filters using specially crafted ethernet frames. - CVE-2010-0003 Andi Kleen reported a defect which allows local users to gain read access to memory reachable by the kernel when the print-fatal-signals option is enabled. This option is disabled by default. - CVE-2010-0007 Florian Westphal reported a lack of capability checking in the ebtables netfilter subsystem. If the ebtables module is loaded, local users can add and modify ebtables rules. - CVE-2010-0291 Al Viro reported several issues with the mmap/mremap system calls that allow local users to cause a denial of service (system panic) or obtain elevated privileges. - CVE-2010-0298 & CVE-2010-0306 Gleb Natapov discovered issues in the KVM subsystem where missing permission checks (CPL/IOPL) permit a user in a guest system to denial of service a guest (system crash) or gain escalated privileges with the guest. - CVE-2010-0307 Mathias Krause reported an issue with the load_elf_binary code on the amd64 flavor kernels that allows local users to cause a denial of service (system crash). - CVE-2010-0309 Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service (crash) of the host system. - CVE-2010-0410 Sebastian Krahmer discovered an issue in the netlink connector subsystem that permits local users to allocate large amounts of system memory resulting in a denial of service (out of memory). - CVE-2010-0415 Ramon de Carvalho Valle discovered an issue in the sys_move_pages interface, limited to amd64, ia64 and powerpc64 flavors in Debian. Local users can exploit this issue to cause a denial of service (system crash) or gain access to sensitive kernel memory. last seen 2020-06-01 modified 2020-06-02 plugin id 44860 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44860 title Debian DSA-1996-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leak NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-914-1.NASL description Mathias Krause discovered that the Linux kernel did not correctly handle missing ELF interpreters. A local attacker could exploit this to cause the system to crash, leading to a denial of service. (CVE-2010-0307) Marcelo Tosatti discovered that the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 45081 published 2010-03-17 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45081 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-914-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-066.NASL description Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file last seen 2020-06-01 modified 2020-06-02 plugin id 48176 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48176 title Mandriva Linux Security Advisory : kernel (MDVSA-2010:066) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0016.NASL description a. Service Console OS update for COS kernel This patch updates the service console kernel to fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0415, CVE-2010-0307, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1437, and CVE-2010-1088 to these issues. b. Likewise package updates Updates to the likewisekrb5, likewiseopenldap, likewiseopen, and pamkrb5 packages address several security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-4212, and CVE-2010-1321 to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50611 published 2010-11-16 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50611 title VMSA-2010-0016 : VMware ESXi and ESX third-party updates for Service Console and Likewise components NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2011-0003.NASL description a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. f. vCenter Server third-party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. g. ESX third-party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. h. ESXi third-party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. i. ESX third-party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. j. ESX third-party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Notes : - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release. - The update also addresses CVE-2010-2240 for ESX 4.0. last seen 2020-06-01 modified 2020-06-02 plugin id 51971 published 2011-02-14 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51971 title VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-067.NASL description This update provides a fix to the correction of CVE-2010-0307, which resulted in crashes when running i586 applications on x86_64. To update your kernel, please follow the directions located at : http://www.mandriva.com/en/security/kernelupdate last seen 2020-06-01 modified 2020-06-02 plugin id 48177 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48177 title Mandriva Linux Security Advisory : kernel (MDVSA-2010:067) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-100223.NASL description The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.45 fixing various bugs and security issues. - The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. (CVE-2010-0622) - The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. (CVE-2010-0307) - Users could send/allocate arbitrary amounts of NETLINK_CONNECTOR messages to the kernel, causing OOM condition, killing selected processes or halting the system. (CVE-2010-0410) - The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernels node set. (CVE-2010-0415) - net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. (CVE-2010-0007) - drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. (CVE-2009-4538) - The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. (CVE-2010-0003) - The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939) last seen 2020-06-01 modified 2020-06-02 plugin id 44966 published 2010-03-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44966 title SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 2040 / 2043 / 2044) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0146.NASL description From Red Hat Security Advisory 2010:0146 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When last seen 2020-06-01 modified 2020-06-02 plugin id 68013 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68013 title Oracle Linux 4 : kernel (ELSA-2010-0146) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0398.NASL description From Red Hat Security Advisory 2010:0398 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) * a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) * a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) This update also fixes the following bugs : * in some cases, booting a system with the last seen 2020-06-01 modified 2020-06-02 plugin id 68037 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68037 title Oracle Linux 5 : kernel (ELSA-2010-0398) NASL family Misc. NASL id VMWARE_VMSA-2011-0003_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Apache Tomcat - Apache Tomcat Manager - cURL - Java Runtime Environment (JRE) - Kernel - Microsoft SQL Express - OpenSSL - pam_krb5 last seen 2020-06-01 modified 2020-06-02 plugin id 89674 published 2016-03-04 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89674 title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0398.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) * a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) * a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) This update also fixes the following bugs : * in some cases, booting a system with the last seen 2020-06-01 modified 2020-06-02 plugin id 46759 published 2010-06-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46759 title CentOS 5 : kernel (CESA-2010:0398) NASL family SuSE Local Security Checks NASL id SUSE_11_0_KERNEL-100301.NASL description The openSUSE 11.0 kernel was updated to fix following security issues : CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. CVE-2010-0307: The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. CVE-2010-0410: drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. CVE-2010-0415: The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel last seen 2020-06-01 modified 2020-06-02 plugin id 45010 published 2010-03-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45010 title openSUSE Security Update : kernel (kernel-2089) NASL family SuSE Local Security Checks NASL id SUSE_11_1_KERNEL-100223.NASL description The openSUSE 11.1 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. CVE-2010-0307: The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. CVE-2010-0410: Users could send/allocate arbitrary amounts of NETLINK_CONNECTOR messages to the kernel, causing OOM condition, killing selected processes or halting the system. CVE-2010-0415: The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel last seen 2020-06-01 modified 2020-06-02 plugin id 44964 published 2010-03-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44964 title openSUSE Security Update : kernel (kernel-2050) NASL family Fedora Local Security Checks NASL id FEDORA_2010-1500.NASL description Kernel security update for Fedora 11: CVE-2009-4141 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2010-0307 Bugs: 559100 kernel: tty->pgrp races 521265 oops in VIA padlock driver Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47258 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47258 title Fedora 11 : kernel-2.6.30.10-105.2.13.fc11 (2010-1500) NASL family Fedora Local Security Checks NASL id FEDORA_2010-1787.NASL description Kernel security update. Bugs fixed: #563091 #510823 #559100 #533087 CVE-2010-0307 CVE-2010-0410 CVE-2010-0415 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47270 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47270 title Fedora 12 : kernel-2.6.31.12-174.2.19.fc12 (2010-1787) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0398.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) * a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) * a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) This update also fixes the following bugs : * in some cases, booting a system with the last seen 2020-06-01 modified 2020-06-02 plugin id 46307 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46307 title RHEL 5 : kernel (RHSA-2010:0398) NASL family Scientific Linux Local Security Checks NASL id SL_20100316_KERNEL_ON_SL4_X.NASL description This update fixes the following security issues : - a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) - a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) - an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When last seen 2020-06-01 modified 2020-06-02 plugin id 60748 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60748 title Scientific Linux Security Update : kernel on SL4.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0146.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When last seen 2020-06-01 modified 2020-06-02 plugin id 46269 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46269 title RHEL 4 : kernel (RHSA-2010:0146)
Oval
accepted | 2013-04-29T04:09:30.724-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. | ||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:10870 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
title | The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. | ||||||||||||||||||||||||
version | 27 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Statements
contributor | Vincent Danen |
lastmodified | 2010-03-17 |
organization | Red Hat |
statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-0307. This issue has been rated as having moderate security impact. This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0146.html. Future updates in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ |
Related news
References
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8
- http://www.securityfocus.com/bid/38027
- http://www.openwall.com/lists/oss-security/2010/02/04/1
- http://www.openwall.com/lists/oss-security/2010/02/01/1
- http://marc.info/?t=126466700200002&r=1&w=2
- https://bugzilla.redhat.com/show_bug.cgi?id=560547
- http://www.openwall.com/lists/oss-security/2010/02/04/9
- http://www.openwall.com/lists/oss-security/2010/02/01/5
- http://marc.info/?l=linux-mm&m=126466407724382&w=2
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html
- http://www.debian.org/security/2010/dsa-1996
- http://secunia.com/advisories/38492
- http://www.ubuntu.com/usn/USN-914-1
- http://www.vupen.com/english/advisories/2010/0638
- https://rhn.redhat.com/errata/RHSA-2010-0146.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:066
- http://secunia.com/advisories/38922
- http://www.redhat.com/support/errata/RHSA-2010-0398.html
- http://secunia.com/advisories/39649
- http://secunia.com/advisories/38779
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html
- http://support.avaya.com/css/P8/documents/100088287
- http://www.redhat.com/support/errata/RHSA-2010-0771.html
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- http://secunia.com/advisories/43315
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10870
- http://www.securityfocus.com/archive/1/516397/100/0/threaded
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=221af7f87b97431e3ee21ce4b0e77d5411cf1549
- http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of%2C20100202%2C15754.html