Vulnerabilities > CVE-2011-2482 - NULL Pointer Dereference vulnerability in Linux Kernel

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
linux
CWE-476
nessus

Summary

A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet.

Vulnerable Configurations

Part Description Count
OS
Linux
787

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1212.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A NULL pointer dereference flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id56271
    published2011-09-23
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56271
    titleCentOS 5 : kernel (CESA-2011:1212)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2011:1212 and 
    # CentOS Errata and Security Advisory 2011:1212 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56271);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:06");
    
      script_cve_id("CVE-2011-2482", "CVE-2011-2491", "CVE-2011-2495", "CVE-2011-2517", "CVE-2011-2519", "CVE-2011-2901");
      script_bugtraq_id(48538, 49141, 49370, 49373, 49375, 49408);
      script_xref(name:"RHSA", value:"2011:1212");
    
      script_name(english:"CentOS 5 : kernel (CESA-2011:1212)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    This update fixes the following security issues :
    
    * A NULL pointer dereference flaw was found in the Linux kernel's
    Stream Control Transmission Protocol (SCTP) implementation. A remote
    attacker could send a specially crafted SCTP packet to a target
    system, resulting in a denial of service. (CVE-2011-2482, Important)
    
    * A flaw in the Linux kernel's client-side NFS Lock Manager (NLM)
    implementation could allow a local, unprivileged user to cause a
    denial of service. (CVE-2011-2491, Important)
    
    * Buffer overflow flaws in the Linux kernel's netlink-based wireless
    configuration interface implementation could allow a local user, who
    has the CAP_NET_ADMIN capability, to cause a denial of service or
    escalate their privileges on systems that have an active wireless
    interface. (CVE-2011-2517, Important)
    
    * A flaw was found in the way the Linux kernel's Xen hypervisor
    implementation emulated the SAHF instruction. When using a
    fully-virtualized guest on a host that does not use hardware assisted
    paging (HAP), such as those running CPUs that do not have support for
    (or those that have it disabled) Intel Extended Page Tables (EPT) or
    AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a
    privileged guest user could trigger this flaw to cause the hypervisor
    to crash. (CVE-2011-2519, Moderate)
    
    * An off-by-one flaw was found in the __addr_ok() macro in the Linux
    kernel's Xen hypervisor implementation when running on 64-bit systems.
    A privileged guest user could trigger this flaw to cause the
    hypervisor to crash. (CVE-2011-2901, Moderate)
    
    * /proc/[PID]/io is world-readable by default. Previously, these files
    could be read without any further restrictions. A local, unprivileged
    user could read these files, belonging to other, possibly privileged
    processes to gather confidential information, such as the length of a
    password used in a process. (CVE-2011-2495, Low)
    
    Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491,
    and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.
    
    This update also fixes several bugs. Documentation for these bug fixes
    will be available shortly from the Technical Notes document linked to
    in the References section.
    
    Users should upgrade to these updated packages, which contain
    backported patches to correct these issues, and fix the bugs noted in
    the Technical Notes. The system must be rebooted for this update to
    take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2011-September/017862.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9f2fb007"
      );
      # https://lists.centos.org/pipermail/centos-announce/2011-September/017863.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ad5bb9a9"
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000308.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b9cba94d"
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2011-September/000309.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?73aff1cd"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/09/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/09/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"kernel-2.6.18-274.3.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-2.6.18-274.3.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-274.3.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-debug-2.6.18-274.3.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-debug-devel-2.6.18-274.3.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-devel-2.6.18-274.3.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-doc-2.6.18-274.3.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-headers-2.6.18-274.3.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-xen-2.6.18-274.3.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-xen-devel-2.6.18-274.3.1.el5")) flag++;
    
    
    if (flag)
    {
      cr_plugin_caveat = '\n' +
        'NOTE: The security advisory associated with this vulnerability has a\n' +
        'fixed package version that may only be available in the continuous\n' +
        'release (CR) repository for CentOS, until it is present in the next\n' +
        'point release of CentOS.\n\n' +
    
        'If an equal or higher package level does not exist in the baseline\n' +
        'repository for your major version of CentOS, then updates from the CR\n' +
        'repository will need to be applied in order to address the\n' +
        'vulnerability.\n';
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get() + cr_plugin_caveat
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc");
    }
    
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2012-0006_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Kernel - krb5 telnet daemon
    last seen2020-06-01
    modified2020-06-02
    plugin id89107
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89107
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0006) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89107);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/24 15:02:54");
    
      script_cve_id(
        "CVE-2011-2482",
        "CVE-2011-3191",
        "CVE-2011-4348",
        "CVE-2011-4862",
        "CVE-2012-1515"
      );
      script_bugtraq_id(
        49295,
        49373,
        51182,
        51363,
        52820
      );
      script_xref(name:"VMSA", value:"2012-0006");
      script_xref(name:"EDB-ID", value:"18280");
      script_xref(name:"EDB-ID", value:"18368");
      script_xref(name:"EDB-ID", value:"18369");
    
      script_name(english:"VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0006) (remote check)");
      script_summary(english:"Checks the remote ESX/ESXi host's version and build number.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESXi / ESX host is missing a security-related patch.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.
    It is, therefore, affected by multiple vulnerabilities, including
    remote code execution vulnerabilities, in the following components :
    
      - Kernel
      - krb5 telnet daemon");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2012-0006.html");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the vendor advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploithub_sku", value:"EH-11-760");
      script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/03");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Misc.");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
      script_require_ports("Host/VMware/vsphere");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit("Host/VMware/version");
    rel = get_kb_item_or_exit("Host/VMware/release");
    port = get_kb_item_or_exit("Host/VMware/vsphere");
    
    esx = "ESX/ESXi";
    
    extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
    if (isnull(extract))
      audit(AUDIT_UNKNOWN_APP_VER, esx);
    else
    {
      esx = extract[1];
      ver = extract[2];
    }
    
    product = "VMware " + esx;
    
    # fixed builds
    fixes = make_array(
      "ESX 3.5",  604481,
      "ESXi 3.5", 604481,
      "ESX 4.0",  660575,
      "ESXi 4.0", 660575,
      "ESX 4.1",  348481,
      "ESXi 4.1", 348481
    );
    
    key = esx + ' ' + ver;
    fix = NULL;
    fix = fixes[key];
    
    bmatch = eregmatch(pattern:'^VMware ESXi?.*build-([0-9]+)$', string:rel);
    if (empty_or_null(bmatch))
      audit(AUDIT_UNKNOWN_BUILD, product, ver);
    
    build = int(bmatch[1]);
    
    if (!fix)
      audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);
    
    if (build < fix)
    {
      # properly spaced label
      if ("ESXi" >< esx) ver_label = ' version    : ';
      else ver_label = ' version     : ';
      report = '\n  ' + esx + ver_label + ver +
               '\n  Installed build : ' + build +
               '\n  Fixed build     : ' + fix +
               '\n';
      security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
    }
    else
      audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);
    
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2012-0001_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - COS kernel - cURL - python - rpm
    last seen2020-06-01
    modified2020-06-02
    plugin id89105
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89105
    titleVMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2013-0039.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2013-0039 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id79507
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79507
    titleOracleVM 2.2 : kernel (OVMSA-2013-0039)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0007.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-04-16
    modified2012-01-12
    plugin id57485
    published2012-01-12
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57485
    titleCentOS 5 : kernel (CESA-2012:0007)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120110_KERNEL_ON_SL5_X.NASL
    descriptionThe kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2012-08-01
    plugin id61215
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61215
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120110)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110906_KERNEL_ON_SL5_X.NASL
    descriptionThe kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A NULL pointer dereference flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id61132
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61132
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1212.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A NULL pointer dereference flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id56110
    published2011-09-07
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56110
    titleRHEL 5 : kernel (RHSA-2011:1212)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2012-0001.NASL
    descriptiona. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues. b. ESX third-party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue. c. ESX third-party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues. A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses. d. ESX third-party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues. e. ESX third-party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues. Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694. f. ESX third-party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and CVE-2011-1521 to these issues. g. ESXi update to third-party component python The python third-party library is updated to python 2.5.6 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, and CVE-2011-1521 to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57749
    published2012-01-31
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57749
    titleVMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service Console
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2012-0006.NASL
    descriptiona. VMware ROM Overwrite Privilege Escalation A flaw in the way port-based I/O is handled allows for modifying Read-Only Memory that belongs to the Virtual DOS Machine. Exploitation of this issue may lead to privilege escalation on Guest Operating Systems that run Windows 2000, Windows XP 32-bit, Windows Server 2003 32-bit or Windows Server 2003 R2 32-bit. VMware would like to thank Derek Soeder of Ridgeway Internet Security, L.L.C. for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1515 to this issue. b. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-400.2.6.18-238.4.11.591731 to fix multiple security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-2482, CVE-2011-3191 and CVE-2011-4348 to these issues. c. ESX third-party update for Service Console krb5 RPM This patch updates the krb5-libs and krb5-workstation RPMs to version 1.6.1-63.el5_7 to resolve a security issue. By default, the affected krb5-telnet and ekrb5-telnet services do not run. The krb5 telnet daemon is an xinetd service. You can run the following commands to check if krb5 telnetd is enabled : /sbin/chkconfig --list krb5-telnet /sbin/chkconfig --list ekrb5-telnet The output of these commands displays if krb5 telnet is enabled. You can run the following commands to disable krb5 telnet daemon : /sbin/chkconfig krb5-telnet off /sbin/chkconfig ekrb5-telnet off The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-4862 to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id58535
    published2012-03-30
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58535
    titleVMSA-2012-0006 : VMware Workstation, ESXi, and ESX address several security issues
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0007.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-04-16
    modified2012-01-11
    plugin id57481
    published2012-01-11
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57481
    titleRHEL 5 : kernel (RHSA-2012:0007)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1212.NASL
    descriptionFrom Red Hat Security Advisory 2011:1212 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A NULL pointer dereference flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id68334
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68334
    titleOracle Linux 5 : kernel (ELSA-2011-1212)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0007.NASL
    descriptionFrom Red Hat Security Advisory 2012:0007 : Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-04-16
    modified2013-07-12
    plugin id68427
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68427
    titleOracle Linux 5 : kernel (ELSA-2012-0007)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1813.NASL
    descriptionUpdated kernel packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages contain the Linux kernel. This update fixes the following security issues : * A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service by sending a specially crafted SCTP packet to a target system. (CVE-2011-2482, Important) If you do not run applications that use SCTP, you can prevent the sctp module from being loaded by adding the following to the end of the
    last seen2020-06-01
    modified2020-06-02
    plugin id64015
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64015
    titleRHEL 5 : kernel (RHSA-2011:1813)

Redhat

advisories
rhsa
idRHSA-2011:1212
rpms
  • kernel-0:2.6.18-274.3.1.el5
  • kernel-PAE-0:2.6.18-274.3.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-274.3.1.el5
  • kernel-PAE-devel-0:2.6.18-274.3.1.el5
  • kernel-debug-0:2.6.18-274.3.1.el5
  • kernel-debug-debuginfo-0:2.6.18-274.3.1.el5
  • kernel-debug-devel-0:2.6.18-274.3.1.el5
  • kernel-debuginfo-0:2.6.18-274.3.1.el5
  • kernel-debuginfo-common-0:2.6.18-274.3.1.el5
  • kernel-devel-0:2.6.18-274.3.1.el5
  • kernel-doc-0:2.6.18-274.3.1.el5
  • kernel-headers-0:2.6.18-274.3.1.el5
  • kernel-kdump-0:2.6.18-274.3.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-274.3.1.el5
  • kernel-kdump-devel-0:2.6.18-274.3.1.el5
  • kernel-xen-0:2.6.18-274.3.1.el5
  • kernel-xen-debuginfo-0:2.6.18-274.3.1.el5
  • kernel-xen-devel-0:2.6.18-274.3.1.el5
  • kernel-0:2.6.18-238.31.1.el5
  • kernel-PAE-0:2.6.18-238.31.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-238.31.1.el5
  • kernel-PAE-devel-0:2.6.18-238.31.1.el5
  • kernel-debug-0:2.6.18-238.31.1.el5
  • kernel-debug-debuginfo-0:2.6.18-238.31.1.el5
  • kernel-debug-devel-0:2.6.18-238.31.1.el5
  • kernel-debuginfo-0:2.6.18-238.31.1.el5
  • kernel-debuginfo-common-0:2.6.18-238.31.1.el5
  • kernel-devel-0:2.6.18-238.31.1.el5
  • kernel-doc-0:2.6.18-238.31.1.el5
  • kernel-headers-0:2.6.18-238.31.1.el5
  • kernel-kdump-0:2.6.18-238.31.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-238.31.1.el5
  • kernel-kdump-devel-0:2.6.18-238.31.1.el5
  • kernel-xen-0:2.6.18-238.31.1.el5
  • kernel-xen-debuginfo-0:2.6.18-238.31.1.el5
  • kernel-xen-devel-0:2.6.18-238.31.1.el5