var-201206-0028
Vulnerability from variot
The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line. Hitachi JP1 products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The following products are affected: JP1/IT Resource Management - Manager JP1/IT Service Level Management - Manager.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
-
(CVE-2011-1093, Important)
-
Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. (CVE-2011-1079, Moderate)
-
Missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up. (CVE-2011-1166, Moderate)
-
A flaw was found in the way the Xen hypervisor implementation checked for the upper boundary when getting a new event channel port. (CVE-2011-1763, Moderate)
-
The start_code and end_code values in "/proc/[pid]/stat" were not protected. (CVE-2011-1078, Low)
-
A missing validation of a null-terminated string data structure element in the do_replace() function could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)
-
A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1163, Low)
-
Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)
-
A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1577, Low)
Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163 and CVE-2011-1577.
This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section.
Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. Bugs fixed (http://bugzilla.redhat.com/):
681259 - CVE-2011-1078 kernel: bt sco_conninfo infoleak 681260 - CVE-2011-1079 kernel: bnep device field missing NULL terminator 681262 - CVE-2011-1080 kernel: ebtables stack infoleak 682954 - CVE-2011-1093 kernel: dccp: fix oops on Reset after close 684569 - CVE-2011-0726 kernel: proc: protect mm start_code/end_code in /proc/pid/stat 688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak 688156 - [5.6][REG]for some uses of 'nfsservctl' system call, the kernel crashes. [rhel-5.6.z] 688579 - CVE-2011-1166 kernel: xen: x86_64: fix error checking in arch_set_info_guest() 689321 - CVE-2011-1170 ipv4: netfilter: arp_tables: fix infoleak to userspace 689327 - CVE-2011-1171 ipv4: netfilter: ip_tables: fix infoleak to userspace 689345 - CVE-2011-1172 ipv6: netfilter: ip6_tables: fix infoleak to userspace 689699 - Deadlock between device driver attachment and device removal with a USB device [rhel-5.6.z] 689700 - [NetApp 5.6 Bug] QLogic 8G FC firmware dumps seen during IO [rhel-5.6.z] 690134 - Time runs too fast in a VM on processors with > 4GHZ freq [rhel-5.6.z] 690239 - gfs2: creating large files suddenly slow to a crawl [rhel-5.6.z] 694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows 695976 - CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops 696136 - RHEL 5.6 (kernel -238) causes audio issues [rhel-5.6.z] 697448 - slab corruption after seeing some nfs-related BUG: warning [rhel-5.6.z] 699808 - dasd: fix race between open and offline [rhel-5.6.z] 701240 - CVE-2011-1763 kernel: xen: improper upper boundary check in get_free_port() function
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm
i386: kernel-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debug-2.6.18-238.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm kernel-devel-2.6.18-238.12.1.el5.i686.rpm kernel-headers-2.6.18-238.12.1.el5.i386.rpm kernel-xen-2.6.18-238.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm
noarch: kernel-doc-2.6.18-238.12.1.el5.noarch.rpm
x86_64: kernel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm
i386: kernel-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debug-2.6.18-238.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm kernel-devel-2.6.18-238.12.1.el5.i686.rpm kernel-headers-2.6.18-238.12.1.el5.i386.rpm kernel-xen-2.6.18-238.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm
ia64: kernel-2.6.18-238.12.1.el5.ia64.rpm kernel-debug-2.6.18-238.12.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.ia64.rpm kernel-devel-2.6.18-238.12.1.el5.ia64.rpm kernel-headers-2.6.18-238.12.1.el5.ia64.rpm kernel-xen-2.6.18-238.12.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.12.1.el5.ia64.rpm
noarch: kernel-doc-2.6.18-238.12.1.el5.noarch.rpm
ppc: kernel-2.6.18-238.12.1.el5.ppc64.rpm kernel-debug-2.6.18-238.12.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.ppc64.rpm kernel-devel-2.6.18-238.12.1.el5.ppc64.rpm kernel-headers-2.6.18-238.12.1.el5.ppc.rpm kernel-headers-2.6.18-238.12.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.12.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.12.1.el5.ppc64.rpm
s390x: kernel-2.6.18-238.12.1.el5.s390x.rpm kernel-debug-2.6.18-238.12.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.12.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.12.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.s390x.rpm kernel-devel-2.6.18-238.12.1.el5.s390x.rpm kernel-headers-2.6.18-238.12.1.el5.s390x.rpm kernel-kdump-2.6.18-238.12.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.12.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.12.1.el5.s390x.rpm
x86_64: kernel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2012-0001 Synopsis: VMware ESXi and ESX updates to third party library and ESX Service Console Issue date: 2012-01-30 Updated on: 2012-01-30 (initial advisory)
CVE numbers: --- COS Kernel --- CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 --- COS cURL --- CVE-2011-2192 --- COS rpm --- CVE-2010-2059, CVE-2011-3378 --- COS samba --- CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522, CVE-2011-2694 --- COS python --- CVE-2009-3720, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521 --- python library --- CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, CVE-2011-1521
- Summary
VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues.
- Relevant releases
ESXi 4.1 without patch ESXi410-201201401-SG
ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG, ESX410-201201407-SG
- Problem Description
a. ESX third party update for Service Console kernel
The ESX Service Console Operating System (COS) kernel is updated to
kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the
COS kernel.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201401-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
- hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console cURL RPM
The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9
resolving a security issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201402-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
c. ESX third party update for Service Console nspr and nss RPMs
The ESX Service Console (COS) nspr and nss RPMs are updated to
nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving
a security issues.
A Certificate Authority (CA) issued fraudulent SSL certificates and
Netscape Portable Runtime (NSPR) and Network Security Services (NSS)
contain the built-in tokens of this fraudulent Certificate
Authority. This update renders all SSL certificates signed by the
fraudulent CA as untrusted for all uses.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201404-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
d. ESX third party update for Service Console rpm RPMs
The ESX Service Console Operating System (COS) rpm packages are
updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2,
rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2
which fixes multiple security issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201406-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
e. ESX third party update for Service Console samba RPMs
The ESX Service Console Operating System (COS) samba packages are
updated to samba-client-3.0.33-3.29.el5_7.4,
samba-common-3.0.33-3.29.el5_7.4 and
libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security
issues in the Samba client.
Note that ESX does not include the Samba Web Administration Tool
(SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and
CVE-2011-2694.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201407-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
f. ESX third party update for Service Console python package
The ESX Service Console (COS) python package is updated to
2.4.3-44 which fixes multiple security issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201405-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
g. ESXi update to third party component python
The python third party library is updated to python 2.5.6 which
fixes multiple security issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 5.0 ESXi patch pending
ESXi 4.1 ESXi ESXi410-201201401-SG
ESXi 4.0 ESXi patch pending
ESXi 3.5 ESXi patch pending
ESX 4.1 ESX not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Fusion.
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware ESXi 4.1
ESXi410-201201401
http://downloads.vmware.com/go/selfsupport-download
md5sum: BDF86F10A973346E26C9C2CD4C424E88
sha1sum: CC0B92869A9AAE4F5E0E5B81BEE109BCD7DA780F
http://kb.vmware.com/kb/2009143
ESXi410-201201401 contains ESXi410-201201401-SG
VMware ESX 4.1
ESX410-201201001
http://downloads.vmware.com/go/selfsupport-download
md5sum: 16DF9ACD3E74BCABC2494BC23AD0927F
sha1sum: 1066AE1436E1A75BA3D541AB65296CFB9AB7A5CC
http://kb.vmware.com/kb/2009142
ESX410-201201001 contains ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG and ESX410-201201407-SG
- References
CVE numbers
--- COS Kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901 --- COS cURL --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192 --- COS rpm --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378 --- COS samba --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694 --- COS python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 --- python library --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
- Change log
2012-01-30 VMSA-2012-0001 Initial security advisory in conjunction with the release of patches for ESX 4.1 and ESXi 4.1 on 2012-01-30.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2012 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8
wj8DBQFPJ5DIDEcm8Vbi9kMRAnzCAKCmaAoDp49d61Mr1emzh/U0N8vbgACdFZk8 f2pLxi537s+ew4dvnYNWlJ8= =OAh4 -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-1256-1 November 09, 2011
linux-lts-backport-natty vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description: - linux-lts-backport-natty: Linux kernel backport from Natty
Details:
It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020)
Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078)
Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079)
Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080)
Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093)
Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160)
Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180)
Ryan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478)
It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479)
Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493)
It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573)
Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1576)
Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577)
Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581)
It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. (CVE-2011-1585)
It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767)
It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768)
Ben Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771)
Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)
Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833)
Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)
Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. (CVE-2011-2213)
It was discovered that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2479)
Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484)
Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)
It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)
Sami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493)
Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)
Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)
Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)
Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)
It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)
Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)
It was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2689)
It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)
Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699)
Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)
Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)
Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905)
Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909)
The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918)
Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service. (CVE-2011-2928)
Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2942)
Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)
Darren Lavender discovered that the CIFS client incorrectly handled certain large values. (CVE-2011-3191)
Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209)
Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.04 LTS: linux-image-2.6.38-12-generic 2.6.38-12.51~lucid1 linux-image-2.6.38-12-generic-pae 2.6.38-12.51~lucid1 linux-image-2.6.38-12-server 2.6.38-12.51~lucid1 linux-image-2.6.38-12-virtual 2.6.38-12.51~lucid1
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: http://www.ubuntu.com/usn/usn-1256-1 CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1160, CVE-2011-1180, CVE-2011-1478, CVE-2011-1479, CVE-2011-1493, CVE-2011-1573, CVE-2011-1576, CVE-2011-1577, CVE-2011-1581, CVE-2011-1585, CVE-2011-1767, CVE-2011-1768, CVE-2011-1771, CVE-2011-1776, CVE-2011-1833, CVE-2011-2183, CVE-2011-2213, CVE-2011-2479, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2493, CVE-2011-2494, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517, CVE-2011-2525, CVE-2011-2689, CVE-2011-2695, CVE-2011-2699, CVE-2011-2700, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909,
Package Information: https://launchpad.net/ubuntu/+source/linux-lts-backport-natty/2.6.38-12.51~lucid1
. (CVE-2010-4242)
Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2240-1 security@debian.org http://www.debian.org/security/ dann frazier May 24, 2011 http://www.debian.org/security/faq
Package : linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726 CVE-2011-1016 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1476 CVE-2011-1477 CVE-2011-1478 CVE-2011-1493 CVE-2011-1494 CVE-2011-1495 CVE-2011-1585 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1770 CVE-2011-1776 CVE-2011-2022 Debian Bug(s) :
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-3875
Vasiliy Kulikov discovered an issue in the Linux implementation of the
Amateur Radio AX.25 Level 2 protocol.
CVE-2011-0695
Jens Kuehnel reported an issue in the InfiniBand stack. Local
users could learn the text location of a process, defeating protections
provided by address space layout randomization (ASLR).
CVE-2011-1016
Marek Olšák discovered an issue in the driver for ATI/AMD Radeon video
chips. Local users could pass arbitrary values to video memory and the
graphics translation table, resulting in denial of service or escalated
privileges. On default Debian installations, this is exploitable only by
members of the 'video' group.
CVE-2011-1080
Vasiliy Kulikov discovered an issue in the Netfilter subsystem.
CVE-2011-1160
Peter Huewe reported an issue in the Linux kernel's support for TPM security
chips.
CVE-2011-1163
Timo Warns reported an issue in the kernel support for Alpha OSF format disk
partitions.
CVE-2011-1170
Vasiliy Kulikov reported an issue in the Netfilter arp table
implementation.
CVE-2011-1171
Vasiliy Kulikov reported an issue in the Netfilter IP table
implementation.
CVE-2011-1172
Vasiliy Kulikov reported an issue in the Netfilter IP6 table
implementation.
CVE-2011-1173
Vasiliy Kulikov reported an issue in the Acorn Econet protocol
implementation.
CVE-2011-1180
Dan Rosenberg reported a buffer overflow in the Information Access Service
of the IrDA protocol, used for Infrared devices.
CVE-2011-1182
Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local
users can generate signals with falsified source pid and uid information.
CVE-2011-1476
Dan Rosenberg reported issues in the Open Sound System MIDI interface that
allow local users to cause a denial of service. This issue does not affect
official Debian Linux image packages as they no longer provide support for
OSS. However, custom kernels built from Debians linux-source-2.6.32 may
have enabled this configuration and would therefore be vulnerable.
CVE-2011-1477
Dan Rosenberg reported issues in the Open Sound System driver for cards that
include a Yamaha FM synthesizer chip. This issue does not affect
official Debian Linux image packages as they no longer provide support for
OSS. However, custom kernels built from Debians linux-source-2.6.32 may
have enabled this configuration and would therefore be vulnerable.
CVE-2011-1478
Ryan Sweat reported an issue in the Generic Receive Offload (GRO) support in
the Linux networking subsystem.
CVE-2011-1493
Dan Rosenburg reported two issues in the Linux implementation of the Amateur
Radio X.25 PLP (Rose) protocol.
CVE-2011-1494
Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided by
the driver for LSI MPT Fusion SAS 2.0 controllers. On default Debian
installations this is not exploitable as this interface is only accessible
to root.
CVE-2011-1495
Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface
provided by the driver for LSI MPT Fusion SAS 2.0 controllers. On default Debian installations this is not
exploitable as this interface is only accessible to root.
CVE-2011-1585
Jeff Layton reported an issue in the Common Internet File System (CIFS).
CVE-2011-1598
Dave Jones reported an issue in the Broadcast Manager Controller Area
Network (CAN/BCM) protocol that may allow local users to cause a NULL
pointer dereference, resulting in a denial of service.
CVE-2011-1745
Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian
installations, this is exploitable only by users in the video group.
CVE-2011-1746
Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian installations, this is exploitable
only by users in the video group.
CVE-2011-1748
Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw
socket implementation which permits ocal users to cause a NULL pointer
dereference, resulting in a denial of service.
CVE-2011-1759
Dan Rosenberg reported an issue in the support for executing "old ABI"
binaries on ARM processors.
CVE-2011-1767
Alexecy Dobriyan reported an issue in the GRE over IP implementation.
CVE-2011-2022
Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian
installations, this is exploitable only by users in the video group.
This update also includes changes queued for the next point release of Debian 6.0, which also fix various non-security issues. These additional changes are described in the package changelog which can be viewed at:
http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-34/changelog
For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-34squeeze1. Updates for issues impacting the oldstable distribution (lenny) will be available soon.
The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update:
Debian 6.0 (squeeze)
user-mode-linux 2.6.32-1um-4+34squeeze1
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJN3I4aAAoJEBv4PF5U/IZAaa4P/j+l40Mp6naHByZt3jpwNWSA RN/jkkrYnYNDyT7crB+/DOdu84zalYa2KqfffOd/faV9+NSCBayjJ5c+FvVgeTay Il8elfcWP/uK0BXJn2xVb7YAsLpIe0HRlhxe72ZqcT4Yxo1/IBnEpUS56JRd2tlA k7x7dbj+smlzlM4qiXQy1F6LNyDqoGDUKNohQHUoyQ5dGq/gdi3C7EnUs4Nx9vjK RU1HUWLXB4qm7JpoK6o3u6Hpe0ynZm74tYvTi0XhayGXGevaBvIQuEWqhY6gZF1P v6a5gvBQC2pRIQXAVUbAhjoXpuF5jahTgicLdJanDqLfhefQ3qV11Ahvui2lzZuT iKbMVGzO/azPLzskH8YNBq6drFPX2ZqRsxGmrTdzEtLWnJCN6nBBe4kF6C3z5T1A 1ez4/F+OhNl2wnimq3CxiyfXun9WWs6IlULpqsKgJjE4bItg5a8+zTYGjkhQxX+X fPzO1xZCtQK4i+59Ejs5FwIfps0fA0m8c1Z5bnIaj4Q+0X5sJt2kwws8yrQKoOH1 eKGOgRqM70rOnyW/TQtXDGnTC4+vCCv89UjZUpG+sxZtWUxeh8CL2scUyceTeSNC IS2+EgvilN+a3hQlYJH4YNshmQCtJDp7qMTLaXLHM9hoV1L383nbJV4AtrFlcsCO KRI5f0ds95H6TsEoTSmO =gx2x -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201206-0028", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "kernel", "scope": "eq", "trust": 1.6, "vendor": "linux", "version": "2.6.38.7" }, { "model": "kernel", "scope": "eq", "trust": 1.6, "vendor": "linux", "version": "2.6.38.2" }, { "model": "kernel", "scope": "eq", "trust": 1.6, "vendor": "linux", "version": "2.6.38" }, { "model": "kernel", "scope": "eq", "trust": 1.6, "vendor": "linux", "version": "2.6.38.1" }, { "model": "kernel", "scope": "eq", "trust": 1.6, "vendor": "linux", "version": "2.6.38.5" }, { "model": "kernel", "scope": "eq", "trust": 1.0, "vendor": "linux", "version": "2.6.38.4" }, { "model": "kernel", "scope": "lte", "trust": 1.0, "vendor": "linux", "version": "2.6.38.8" }, { "model": "kernel", "scope": "eq", "trust": 1.0, "vendor": "linux", "version": "2.6.38.3" }, { "model": "kernel", "scope": "eq", "trust": 1.0, "vendor": "linux", "version": "2.6.38.6" }, { "model": "jp1/it service level management manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50" }, { "model": "jp1/it resource management-manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "jp1/it resource management-manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-11-02" }, { "model": "jp1/it resource management-manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-11" }, { "model": "jp1/it resource management-manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-10-03" }, { "model": "jp1/it resource management-manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-10" }, { "model": "jp1/it service level management-manager", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-51" }, { "model": "jp1/it resource management-manager", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-50-02" }, { "model": "jp1/it resource management-manager", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "09-11-05" } ], "sources": [ { "db": "BID", "id": "51749" }, { "db": "CNNVD", "id": "CNNVD-201206-406" }, { "db": "NVD", "id": "CVE-2011-1080" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.6.38.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.38.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-1080" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Hitachi", "sources": [ { "db": "BID", "id": "51749" }, { "db": "CNNVD", "id": "CNNVD-201201-419" } ], "trust": 0.9 }, "cve": "CVE-2011-1080", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-1080", "trust": 1.0, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-201206-406", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-201206-406" }, { "db": "NVD", "id": "CVE-2011-1080" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a \u0027\\0\u0027 character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line. Hitachi JP1 products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \nThe following products are affected:\nJP1/IT Resource Management - Manager\nJP1/IT Service Level Management - Manager. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64\n\n3. (CVE-2011-1093, Important)\n\n* Multiple buffer overflow flaws were found in the Linux kernel\u0027s\nManagement Module Support for Message Passing Technology (MPT) based\ncontrollers. (CVE-2011-1079, Moderate)\n\n* Missing error checking in the way page tables were handled in the Xen\nhypervisor implementation could allow a privileged guest user to cause the\nhost, and the guests, to lock up. (CVE-2011-1166, Moderate)\n\n* A flaw was found in the way the Xen hypervisor implementation checked for\nthe upper boundary when getting a new event channel port. (CVE-2011-1763, Moderate)\n\n* The start_code and end_code values in \"/proc/[pid]/stat\" were not\nprotected. \n(CVE-2011-1078, Low)\n\n* A missing validation of a null-terminated string data structure element\nin the do_replace() function could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)\n\n* A buffer overflow flaw in the DEC Alpha OSF partition implementation in\nthe Linux kernel could allow a local attacker to cause an information leak\nby mounting a disk that contains specially-crafted partition tables. \n(CVE-2011-1163, Low)\n\n* Missing validations of null-terminated string data structure elements in\nthe do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),\nand do_arpt_get_ctl() functions could allow a local user who has the\nCAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,\nCVE-2011-1171, CVE-2011-1172, Low)\n\n* A heap overflow flaw in the Linux kernel\u0027s EFI GUID Partition Table (GPT)\nimplementation could allow a local attacker to cause a denial of service\nby mounting a disk that contains specially-crafted partition tables. \n(CVE-2011-1577, Low)\n\nRed Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and\nCVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078,\nCVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook\nfor reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163\nand CVE-2011-1577. \n\nThis update also fixes several bugs. Documentation for these bug fixes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section. \n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system. Bugs fixed (http://bugzilla.redhat.com/):\n\n681259 - CVE-2011-1078 kernel: bt sco_conninfo infoleak\n681260 - CVE-2011-1079 kernel: bnep device field missing NULL terminator\n681262 - CVE-2011-1080 kernel: ebtables stack infoleak\n682954 - CVE-2011-1093 kernel: dccp: fix oops on Reset after close\n684569 - CVE-2011-0726 kernel: proc: protect mm start_code/end_code in /proc/pid/stat\n688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak\n688156 - [5.6][REG]for some uses of \u0027nfsservctl\u0027 system call, the kernel crashes. [rhel-5.6.z]\n688579 - CVE-2011-1166 kernel: xen: x86_64: fix error checking in arch_set_info_guest()\n689321 - CVE-2011-1170 ipv4: netfilter: arp_tables: fix infoleak to userspace\n689327 - CVE-2011-1171 ipv4: netfilter: ip_tables: fix infoleak to userspace\n689345 - CVE-2011-1172 ipv6: netfilter: ip6_tables: fix infoleak to userspace\n689699 - Deadlock between device driver attachment and device removal with a USB device [rhel-5.6.z]\n689700 - [NetApp 5.6 Bug] QLogic 8G FC firmware dumps seen during IO [rhel-5.6.z]\n690134 - Time runs too fast in a VM on processors with \u0026gt; 4GHZ freq [rhel-5.6.z]\n690239 - gfs2: creating large files suddenly slow to a crawl [rhel-5.6.z]\n694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows\n695976 - CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops\n696136 - RHEL 5.6 (kernel -238) causes audio issues [rhel-5.6.z]\n697448 - slab corruption after seeing some nfs-related BUG: warning [rhel-5.6.z]\n699808 - dasd: fix race between open and offline [rhel-5.6.z]\n701240 - CVE-2011-1763 kernel: xen: improper upper boundary check in get_free_port() function\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm\n\ni386:\nkernel-2.6.18-238.12.1.el5.i686.rpm\nkernel-PAE-2.6.18-238.12.1.el5.i686.rpm\nkernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm\nkernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm\nkernel-debug-2.6.18-238.12.1.el5.i686.rpm\nkernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm\nkernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm\nkernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm\nkernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm\nkernel-devel-2.6.18-238.12.1.el5.i686.rpm\nkernel-headers-2.6.18-238.12.1.el5.i386.rpm\nkernel-xen-2.6.18-238.12.1.el5.i686.rpm\nkernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm\nkernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm\n\nnoarch:\nkernel-doc-2.6.18-238.12.1.el5.noarch.rpm\n\nx86_64:\nkernel-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-debug-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-devel-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-headers-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-xen-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm\n\ni386:\nkernel-2.6.18-238.12.1.el5.i686.rpm\nkernel-PAE-2.6.18-238.12.1.el5.i686.rpm\nkernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm\nkernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm\nkernel-debug-2.6.18-238.12.1.el5.i686.rpm\nkernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm\nkernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm\nkernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm\nkernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm\nkernel-devel-2.6.18-238.12.1.el5.i686.rpm\nkernel-headers-2.6.18-238.12.1.el5.i386.rpm\nkernel-xen-2.6.18-238.12.1.el5.i686.rpm\nkernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm\nkernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm\n\nia64:\nkernel-2.6.18-238.12.1.el5.ia64.rpm\nkernel-debug-2.6.18-238.12.1.el5.ia64.rpm\nkernel-debug-debuginfo-2.6.18-238.12.1.el5.ia64.rpm\nkernel-debug-devel-2.6.18-238.12.1.el5.ia64.rpm\nkernel-debuginfo-2.6.18-238.12.1.el5.ia64.rpm\nkernel-debuginfo-common-2.6.18-238.12.1.el5.ia64.rpm\nkernel-devel-2.6.18-238.12.1.el5.ia64.rpm\nkernel-headers-2.6.18-238.12.1.el5.ia64.rpm\nkernel-xen-2.6.18-238.12.1.el5.ia64.rpm\nkernel-xen-debuginfo-2.6.18-238.12.1.el5.ia64.rpm\nkernel-xen-devel-2.6.18-238.12.1.el5.ia64.rpm\n\nnoarch:\nkernel-doc-2.6.18-238.12.1.el5.noarch.rpm\n\nppc:\nkernel-2.6.18-238.12.1.el5.ppc64.rpm\nkernel-debug-2.6.18-238.12.1.el5.ppc64.rpm\nkernel-debug-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm\nkernel-debug-devel-2.6.18-238.12.1.el5.ppc64.rpm\nkernel-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm\nkernel-debuginfo-common-2.6.18-238.12.1.el5.ppc64.rpm\nkernel-devel-2.6.18-238.12.1.el5.ppc64.rpm\nkernel-headers-2.6.18-238.12.1.el5.ppc.rpm\nkernel-headers-2.6.18-238.12.1.el5.ppc64.rpm\nkernel-kdump-2.6.18-238.12.1.el5.ppc64.rpm\nkernel-kdump-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm\nkernel-kdump-devel-2.6.18-238.12.1.el5.ppc64.rpm\n\ns390x:\nkernel-2.6.18-238.12.1.el5.s390x.rpm\nkernel-debug-2.6.18-238.12.1.el5.s390x.rpm\nkernel-debug-debuginfo-2.6.18-238.12.1.el5.s390x.rpm\nkernel-debug-devel-2.6.18-238.12.1.el5.s390x.rpm\nkernel-debuginfo-2.6.18-238.12.1.el5.s390x.rpm\nkernel-debuginfo-common-2.6.18-238.12.1.el5.s390x.rpm\nkernel-devel-2.6.18-238.12.1.el5.s390x.rpm\nkernel-headers-2.6.18-238.12.1.el5.s390x.rpm\nkernel-kdump-2.6.18-238.12.1.el5.s390x.rpm\nkernel-kdump-debuginfo-2.6.18-238.12.1.el5.s390x.rpm\nkernel-kdump-devel-2.6.18-238.12.1.el5.s390x.rpm\n\nx86_64:\nkernel-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-debug-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-devel-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-headers-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-xen-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm\nkernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. Contact:\n\nThe Red Hat security contact is \u0026lt;secalert@redhat.com\u0026gt;. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n ----------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2012-0001\nSynopsis: VMware ESXi and ESX updates to third party library\n and ESX Service Console\nIssue date: 2012-01-30\nUpdated on: 2012-01-30 (initial advisory)\n\nCVE numbers: --- COS Kernel ---\n CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,\n CVE-2011-1080, CVE-2011-1093, CVE-2011-1163,\n CVE-2011-1166, CVE-2011-1170, CVE-2011-1171,\n CVE-2011-1172, CVE-2011-1494, CVE-2011-1495,\n CVE-2011-1577, CVE-2011-1763, CVE-2010-4649,\n CVE-2011-0695, CVE-2011-0711, CVE-2011-1044,\n CVE-2011-1182, CVE-2011-1573, CVE-2011-1576,\n CVE-2011-1593, CVE-2011-1745, CVE-2011-1746,\n CVE-2011-1776, CVE-2011-1936, CVE-2011-2022,\n CVE-2011-2213, CVE-2011-2492, CVE-2011-1780,\n CVE-2011-2525, CVE-2011-2689, CVE-2011-2482,\n CVE-2011-2491, CVE-2011-2495, CVE-2011-2517,\n CVE-2011-2519, CVE-2011-2901\n --- COS cURL ---\n CVE-2011-2192\n --- COS rpm ---\n CVE-2010-2059, CVE-2011-3378\n --- COS samba ---\n CVE-2010-0547, CVE-2010-0787, CVE-2011-1678,\n CVE-2011-2522, CVE-2011-2694\n --- COS python ---\n CVE-2009-3720, CVE-2010-3493, CVE-2011-1015,\n CVE-2011-1521\n --- python library ---\n CVE-2009-3560, CVE-2009-3720, CVE-2010-1634,\n CVE-2010-2089, CVE-2011-1521\n ----------------------------------------------------------------------\n\n1. Summary\n\n VMware ESXi and ESX updates to third party library and ESX Service\n Console address several security issues. \n\n2. Relevant releases\n\n ESXi 4.1 without patch ESXi410-201201401-SG\n\n ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG,\n ESX410-201201404-SG, ESX410-201201405-SG,\n ESX410-201201406-SG, ESX410-201201407-SG\n\n3. Problem Description\n\n a. ESX third party update for Service Console kernel\n\n The ESX Service Console Operating System (COS) kernel is updated to\n kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the\n COS kernel. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201201401-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n b. ESX third party update for Service Console cURL RPM\n\n The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9\n resolving a security issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201201402-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n c. ESX third party update for Service Console nspr and nss RPMs\n\n The ESX Service Console (COS) nspr and nss RPMs are updated to\n nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving\n a security issues. \n\n A Certificate Authority (CA) issued fraudulent SSL certificates and\n Netscape Portable Runtime (NSPR) and Network Security Services (NSS)\n contain the built-in tokens of this fraudulent Certificate\n Authority. This update renders all SSL certificates signed by the\n fraudulent CA as untrusted for all uses. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201201404-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n d. ESX third party update for Service Console rpm RPMs\n\n The ESX Service Console Operating System (COS) rpm packages are\n updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2,\n rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2\n which fixes multiple security issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201201406-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n\n e. ESX third party update for Service Console samba RPMs\n\n The ESX Service Console Operating System (COS) samba packages are\n updated to samba-client-3.0.33-3.29.el5_7.4,\n samba-common-3.0.33-3.29.el5_7.4 and\n libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security\n issues in the Samba client. \n\n Note that ESX does not include the Samba Web Administration Tool\n (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and\n CVE-2011-2694. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201201407-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n f. ESX third party update for Service Console python package\n\n The ESX Service Console (COS) python package is updated to\n 2.4.3-44 which fixes multiple security issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.1 ESX ESX410-201201405-SG\n ESX 4.0 ESX patch pending\n ESX 3.5 ESX not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n g. ESXi update to third party component python\n\n The python third party library is updated to python 2.5.6 which\n fixes multiple security issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 5.0 ESXi patch pending\n ESXi 4.1 ESXi ESXi410-201201401-SG\n ESXi 4.0 ESXi patch pending\n ESXi 3.5 ESXi patch pending\n\n ESX 4.1 ESX not affected\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n\n * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the checksum of your downloaded file. \n\n VMware ESXi 4.1\n ---------------\n ESXi410-201201401\n http://downloads.vmware.com/go/selfsupport-download\n md5sum: BDF86F10A973346E26C9C2CD4C424E88 \n sha1sum: CC0B92869A9AAE4F5E0E5B81BEE109BCD7DA780F\n http://kb.vmware.com/kb/2009143\n ESXi410-201201401 contains ESXi410-201201401-SG\n\n VMware ESX 4.1\n --------------\n ESX410-201201001\n http://downloads.vmware.com/go/selfsupport-download\n md5sum: 16DF9ACD3E74BCABC2494BC23AD0927F \n sha1sum: 1066AE1436E1A75BA3D541AB65296CFB9AB7A5CC\n http://kb.vmware.com/kb/2009142\n\n ESX410-201201001 contains ESX410-201201401-SG, ESX410-201201402-SG,\n ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG and\n ESX410-201201407-SG\n\n5. References\n\n CVE numbers\n\n --- COS Kernel ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1780\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2519\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901\n --- COS cURL ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192\n --- COS rpm ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378\n --- COS samba ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694\n --- COS python ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521\n --- python library ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521\n\n ----------------------------------------------------------------------\n\n6. Change log\n\n 2012-01-30 VMSA-2012-0001\n Initial security advisory in conjunction with the release of patches\n for ESX 4.1 and ESXi 4.1 on 2012-01-30. \n\n ----------------------------------------------------------------------\n\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisories\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2012 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.8.3 (Build 4028)\nCharset: utf-8\n\nwj8DBQFPJ5DIDEcm8Vbi9kMRAnzCAKCmaAoDp49d61Mr1emzh/U0N8vbgACdFZk8\nf2pLxi537s+ew4dvnYNWlJ8=\n=OAh4\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-1256-1\nNovember 09, 2011\n\nlinux-lts-backport-natty vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the kernel. \n\nSoftware Description:\n- linux-lts-backport-natty: Linux kernel backport from Natty\n\nDetails:\n\nIt was discovered that the /proc filesystem did not correctly handle\npermission changes when programs executed. A local attacker could hold open\nfiles to examine details about programs running with higher privileges,\npotentially increasing the chances of exploiting additional\nvulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear\nmemory. A local attacker could exploit this to read kernel stack memory,\nleading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check\nthat device name strings were NULL terminated. A local attacker could\nexploit this to crash the system, leading to a denial of service, or leak\ncontents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that\nname fields were NULL terminated. A local attacker could exploit this to\nleak contents of kernel stack memory, leading to a loss of privacy. \n(CVE-2011-1080)\n\nJohan Hovold discovered that the DCCP network stack did not correctly\nhandle certain packet combinations. A remote attacker could send specially\ncrafted network traffic that would crash the system, leading to a denial of\nservice. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly initialize\nmemory. A local attacker could exploit this to read kernel heap memory\ncontents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check\ncertain field sizes. If a system was using IRDA, a remote attacker could\nsend specially crafted traffic to crash the system or gain root privileges. \n(CVE-2011-1180)\n\nRyan Sweat discovered that the GRO code did not correctly validate memory. \nIn some configurations on systems using VLANs, a remote attacker could send\nspecially crafted traffic to crash the system, leading to a denial of\nservice. (CVE-2011-1478)\n\nIt was discovered that the security fix for CVE-2010-4250 introduced a\nregression. A remote attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-1479)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not correctly\nhandle certain fields. If a system was running with Rose enabled, a remote\nattacker could send specially crafted traffic to gain root privileges. \n(CVE-2011-1493)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP)\nimplementation incorrectly calculated lengths. If the net.sctp.addip_enable\nvariable was turned on, a remote attacker could send specially crafted\ntraffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN\npackets. On some systems, a remote attacker could send specially crafted\ntraffic to crash the system, leading to a denial of service. \n(CVE-2011-1576)\n\nTimo Warns discovered that the GUID partition parsing routines did not\ncorrectly validate certain structures. A local attacker with physical\naccess could plug in a specially crafted block device to crash the system,\nleading to a denial of service. (CVE-2011-1577)\n\nPhil Oester discovered that the network bonding system did not correctly\nhandle large queues. On some systems, a remote attacker could send\nspecially crafted traffic to crash the system, leading to a denial of\nservice. (CVE-2011-1581)\n\nIt was discovered that CIFS incorrectly handled authentication. When a user\nhad a CIFS share mounted that required authentication, a local user could\nmount the same share without knowing the correct password. (CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ip_gre\nmodule was loading, and crash the system, leading to a denial of service. \n(CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ipip module\nwas loading, and crash the system, leading to a denial of service. \n(CVE-2011-1768)\n\nBen Greear discovered that CIFS did not correctly handle direct I/O. A\nlocal attacker with access to a CIFS partition could exploit this to crash\nthe system, leading to a denial of service. (CVE-2011-1771)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly\nparsed. A physically local attacker that could insert mountable devices\ncould exploit this to crash the system or possibly gain root privileges. \n(CVE-2011-1776)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\ncorrectly check the origin of mount points. A local attacker could exploit\nthis to trick the system into unmounting arbitrary mount points, leading to\na denial of service. (CVE-2011-1833)\n\nAndrea Righi discovered a race condition in the KSM memory merging support. \nIf KSM was being used, a local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2183)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit this to\nconsume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\nIt was discovered that an mmap() call with the MAP_PRIVATE flag on\n\"/dev/zero\" was incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2479)\n\nVasiliy Kulikov discovered that taskstats listeners were not correctly\nhandled. A local attacker could expoit this to exhaust memory and CPU\nresources, leading to a denial of service. (CVE-2011-2484)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause a\ndenial of service. (CVE-2011-2491)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly\ninitialize structures. A local attacker could exploit this to read portions\nof the kernel stack, leading to a loss of privacy. (CVE-2011-2492)\n\nSami Liedes discovered that ext4 did not correctly handle missing root\ninodes. A local attacker could trigger the mount of a specially crafted\nfilesystem to cause the system to crash, leading to a denial of service. \n(CVE-2011-2493)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. \nA local attacker could exploit this to crash the system, leading to a\ndenial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote attacker\ncould send specially crafted traffic to crash the system or gain root\nprivileges. (CVE-2011-2497)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of service\nor gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\nincorrectly handled. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that GFS2 did not correctly check block sizes. A local\nattacker could exploit this to crash the system, leading to a denial of\nservice. (CVE-2011-2689)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one\nflaws. A local attacker could exploit this to crash the system, leading to\na denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment\nidentification numbers. A remote attacker could exploit this to exhaust\nnetwork resources, leading to a denial of service. (CVE-2011-2699)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not\ncorrectly check the length of memory copies. If this hardware was\navailable, a local attacker could exploit this to crash the system or gain\nroot privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled when\nGeneric Receive Offload (CVE-2011-2723)\n\nChristian Ohm discovered that the perf command looks for configuration\nfiles in the current directory. If a privileged user were tricked into\nrunning perf in a directory containing a malicious configuration file, an\nattacker could run arbitrary commands and possibly gain privileges. \n(CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear\nmemory. A local attacker could exploit this to read kernel stack memory,\nleading to a loss of privacy. (CVE-2011-2909)\n\nThe performance counter subsystem did not correctly handle certain\ncounters. A local attacker could exploit this to crash the system, leading\nto a denial of service. (CVE-2011-2918)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be\nfilesystems. A local attacker could exploit this with a malformed Be\nfilesystem and crash the system, leading to a denial of service. \n(CVE-2011-2928)\n\nQianfeng Zhang discovered that the bridge networking interface incorrectly\nhandled certain network packets. A remote attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2942)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence\nnumber generation. An attacker could use this flaw to possibly predict\nsequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain\nlarge values. \n(CVE-2011-3191)\n\nYasuaki Ishimatsu discovered a flaw in the kernel\u0027s clock implementation. A\nlocal unprivileged attacker could exploit this causing a denial of service. \n(CVE-2011-3209)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had\nno prefixpaths. A local attacker with access to a CIFS partition could\nexploit this to crash the system, leading to a denial of service. \n(CVE-2011-3363)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.04 LTS:\n linux-image-2.6.38-12-generic 2.6.38-12.51~lucid1\n linux-image-2.6.38-12-generic-pae 2.6.38-12.51~lucid1\n linux-image-2.6.38-12-server 2.6.38-12.51~lucid1\n linux-image-2.6.38-12-virtual 2.6.38-12.51~lucid1\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. If\nyou use linux-restricted-modules, you have to update that package as\nwell to get modules which work with the new kernel version. Unless you\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\nlinux-server, linux-powerpc), a standard system upgrade will automatically\nperform this as well. \n\nReferences:\n http://www.ubuntu.com/usn/usn-1256-1\n CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080,\n CVE-2011-1093, CVE-2011-1160, CVE-2011-1180, CVE-2011-1478,\n CVE-2011-1479, CVE-2011-1493, CVE-2011-1573, CVE-2011-1576,\n CVE-2011-1577, CVE-2011-1581, CVE-2011-1585, CVE-2011-1767,\n CVE-2011-1768, CVE-2011-1771, CVE-2011-1776, CVE-2011-1833,\n CVE-2011-2183, CVE-2011-2213, CVE-2011-2479, CVE-2011-2484,\n CVE-2011-2491, CVE-2011-2492, CVE-2011-2493, CVE-2011-2494,\n CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517,\n CVE-2011-2525, CVE-2011-2689, CVE-2011-2695, CVE-2011-2699,\n CVE-2011-2700, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909,\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux-lts-backport-natty/2.6.38-12.51~lucid1\n\n\n. (CVE-2010-4242)\n\nBrad Spengler discovered that the kernel did not correctly account for\nuserspace memory allocations during exec() calls. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ----------------------------------------------------------------------\nDebian Security Advisory DSA-2240-1 security@debian.org\nhttp://www.debian.org/security/ dann frazier\nMay 24, 2011 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : privilege escalation/denial of service/information leak\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726\n CVE-2011-1016 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080\n CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170\n CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180\n CVE-2011-1182 CVE-2011-1476 CVE-2011-1477 CVE-2011-1478\n CVE-2011-1493 CVE-2011-1494 CVE-2011-1495 CVE-2011-1585\n CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746\n CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1770\n CVE-2011-1776 CVE-2011-2022\nDebian Bug(s) : \n \nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service or privilege escalation. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-3875\n\n Vasiliy Kulikov discovered an issue in the Linux implementation of the\n Amateur Radio AX.25 Level 2 protocol. \n\nCVE-2011-0695\n\n Jens Kuehnel reported an issue in the InfiniBand stack. Local\n users could learn the text location of a process, defeating protections\n provided by address space layout randomization (ASLR). \n\nCVE-2011-1016\n\n Marek Ol\u0161\u00e1k discovered an issue in the driver for ATI/AMD Radeon video\n chips. Local users could pass arbitrary values to video memory and the\n graphics translation table, resulting in denial of service or escalated\n privileges. On default Debian installations, this is exploitable only by\n members of the \u0027video\u0027 group. \n \nCVE-2011-1080\n\n Vasiliy Kulikov discovered an issue in the Netfilter subsystem. \n\nCVE-2011-1160\n\n Peter Huewe reported an issue in the Linux kernel\u0027s support for TPM security\n chips. \n\nCVE-2011-1163\n\n Timo Warns reported an issue in the kernel support for Alpha OSF format disk\n partitions. \n\nCVE-2011-1170\n\n Vasiliy Kulikov reported an issue in the Netfilter arp table\n implementation. \n\nCVE-2011-1171\n\n Vasiliy Kulikov reported an issue in the Netfilter IP table\n implementation. \n \nCVE-2011-1172\n\n Vasiliy Kulikov reported an issue in the Netfilter IP6 table\n implementation. \n \nCVE-2011-1173\n\n Vasiliy Kulikov reported an issue in the Acorn Econet protocol\n implementation. \n\nCVE-2011-1180\n\n Dan Rosenberg reported a buffer overflow in the Information Access Service\n of the IrDA protocol, used for Infrared devices. \n\nCVE-2011-1182\n\n Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local\n users can generate signals with falsified source pid and uid information. \n\nCVE-2011-1476\n\n Dan Rosenberg reported issues in the Open Sound System MIDI interface that\n allow local users to cause a denial of service. This issue does not affect\n official Debian Linux image packages as they no longer provide support for\n OSS. However, custom kernels built from Debians linux-source-2.6.32 may\n have enabled this configuration and would therefore be vulnerable. \n\nCVE-2011-1477\n\n Dan Rosenberg reported issues in the Open Sound System driver for cards that\n include a Yamaha FM synthesizer chip. This issue does not affect\n official Debian Linux image packages as they no longer provide support for\n OSS. However, custom kernels built from Debians linux-source-2.6.32 may\n have enabled this configuration and would therefore be vulnerable. \n\nCVE-2011-1478\n\n Ryan Sweat reported an issue in the Generic Receive Offload (GRO) support in\n the Linux networking subsystem. \n\nCVE-2011-1493\n\n Dan Rosenburg reported two issues in the Linux implementation of the Amateur\n Radio X.25 PLP (Rose) protocol. \n\nCVE-2011-1494\n\n Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided by\n the driver for LSI MPT Fusion SAS 2.0 controllers. On default Debian\n installations this is not exploitable as this interface is only accessible\n to root. \n\nCVE-2011-1495\n\n Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface\n provided by the driver for LSI MPT Fusion SAS 2.0 controllers. On default Debian installations this is not\n exploitable as this interface is only accessible to root. \n\nCVE-2011-1585\n\n Jeff Layton reported an issue in the Common Internet File System (CIFS). \n\nCVE-2011-1598\n\n Dave Jones reported an issue in the Broadcast Manager Controller Area\n Network (CAN/BCM) protocol that may allow local users to cause a NULL\n pointer dereference, resulting in a denial of service. \n\nCVE-2011-1745\n\n Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian\n installations, this is exploitable only by users in the video group. \n\nCVE-2011-1746\n\n Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian installations, this is exploitable\n only by users in the video group. \n\nCVE-2011-1748\n\n Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw\n socket implementation which permits ocal users to cause a NULL pointer\n dereference, resulting in a denial of service. \n \nCVE-2011-1759\n\n Dan Rosenberg reported an issue in the support for executing \"old ABI\"\n binaries on ARM processors. \n\nCVE-2011-1767\n\n Alexecy Dobriyan reported an issue in the GRE over IP implementation. \n\nCVE-2011-2022\n\n Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian\n installations, this is exploitable only by users in the video group. \n\nThis update also includes changes queued for the next point release of\nDebian 6.0, which also fix various non-security issues. These additional\nchanges are described in the package changelog which can be viewed at:\n\n http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-34/changelog\n\nFor the stable distribution (squeeze), this problem has been fixed in version\n2.6.32-34squeeze1. Updates for issues impacting the oldstable distribution\n(lenny) will be available soon. \n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n Debian 6.0 (squeeze)\n user-mode-linux 2.6.32-1um-4+34squeeze1\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niQIcBAEBAgAGBQJN3I4aAAoJEBv4PF5U/IZAaa4P/j+l40Mp6naHByZt3jpwNWSA\nRN/jkkrYnYNDyT7crB+/DOdu84zalYa2KqfffOd/faV9+NSCBayjJ5c+FvVgeTay\nIl8elfcWP/uK0BXJn2xVb7YAsLpIe0HRlhxe72ZqcT4Yxo1/IBnEpUS56JRd2tlA\nk7x7dbj+smlzlM4qiXQy1F6LNyDqoGDUKNohQHUoyQ5dGq/gdi3C7EnUs4Nx9vjK\nRU1HUWLXB4qm7JpoK6o3u6Hpe0ynZm74tYvTi0XhayGXGevaBvIQuEWqhY6gZF1P\nv6a5gvBQC2pRIQXAVUbAhjoXpuF5jahTgicLdJanDqLfhefQ3qV11Ahvui2lzZuT\niKbMVGzO/azPLzskH8YNBq6drFPX2ZqRsxGmrTdzEtLWnJCN6nBBe4kF6C3z5T1A\n1ez4/F+OhNl2wnimq3CxiyfXun9WWs6IlULpqsKgJjE4bItg5a8+zTYGjkhQxX+X\nfPzO1xZCtQK4i+59Ejs5FwIfps0fA0m8c1Z5bnIaj4Q+0X5sJt2kwws8yrQKoOH1\neKGOgRqM70rOnyW/TQtXDGnTC4+vCCv89UjZUpG+sxZtWUxeh8CL2scUyceTeSNC\nIS2+EgvilN+a3hQlYJH4YNshmQCtJDp7qMTLaXLHM9hoV1L383nbJV4AtrFlcsCO\nKRI5f0ds95H6TsEoTSmO\n=gx2x\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/", "sources": [ { "db": "NVD", "id": "CVE-2011-1080" }, { "db": "BID", "id": "51749" }, { "db": "PACKETSTORM", "id": "101861" }, { "db": "PACKETSTORM", "id": "109299" }, { "db": "PACKETSTORM", "id": "106798" }, { "db": "PACKETSTORM", "id": "105266" }, { "db": "PACKETSTORM", "id": "105083" }, { "db": "PACKETSTORM", "id": "101680" }, { "db": "PACKETSTORM", "id": "104250" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-1080", "trust": 2.3 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2011/03/01/10", "trust": 1.6 }, { "db": "BID", "id": "51749", "trust": 0.9 }, { "db": "CNNVD", "id": "CNNVD-201201-419", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201206-406", "trust": 0.6 }, { "db": "HITACHI", "id": "HS12-005", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "101861", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109299", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106798", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105266", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105083", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101680", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "104250", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "51749" }, { "db": "PACKETSTORM", "id": "101861" }, { "db": "PACKETSTORM", "id": "109299" }, { "db": "PACKETSTORM", "id": "106798" }, { "db": "PACKETSTORM", "id": "105266" }, { "db": "PACKETSTORM", "id": "105083" }, { "db": "PACKETSTORM", "id": "101680" }, { "db": "PACKETSTORM", "id": "104250" }, { "db": "CNNVD", "id": "CNNVD-201201-419" }, { "db": "CNNVD", "id": "CNNVD-201206-406" }, { "db": "NVD", "id": "CVE-2011-1080" } ] }, "id": "VAR-201206-0028", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.225 }, "last_update_date": "2024-07-04T21:55:06.733000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "linux-3.4.4", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=43488" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-201206-406" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-1080" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2011-0833.html" }, { "trust": 1.6, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681262" }, { "trust": 1.6, "url": "https://github.com/torvalds/linux/commit/d846f71195d57b0bbb143382647c2c6638b04c5a" }, { "trust": 1.6, "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/changelog-2.6.39" }, { "trust": 1.6, "url": "http://www.openwall.com/lists/oss-security/2011/03/01/10" }, { "trust": 1.6, "url": "http://downloads.avaya.com/css/p8/documents/100145416" }, { "trust": 1.6, "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3ba=commit%3bh=d846f71195d57b0bbb143382647c2c6638b04c5a" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1078" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1080" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1079" }, { "trust": 0.6, "url": "http://www.securityfocus.com/bid/51749" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1093" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1172" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0726" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1170" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1495" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1494" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1171" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1020" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1493" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1160" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1180" }, { "trust": 0.3, "url": "http://www.hds.com/products/storage-software/hitachi-device-manager.html" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-005/index.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1163" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1577" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1166" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0711" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4649" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1573" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0695" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1044" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2484" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1581" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1585" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2492" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1771" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1833" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1478" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1598" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1593" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1173" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1745" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1746" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1090" }, { "trust": 0.1, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1170.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1163.html" }, { "trust": 0.1, "url": "http://docs.redhat.com/docs/en-us/red_hat_enterprise_linux/5/html/5.6_technical_notes/kernel.html#rhsa-2011-0833" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1763.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1577.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1494.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-0726.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1079.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1763" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1171.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1093.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1172.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1166.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1080.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1078.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1495.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2495" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2901" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2522" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1015" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1573" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1093" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1780" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2525" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1746" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2192" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4649" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1078" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1745" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1015" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3560" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1163" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1936" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1494" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2689" }, { "trust": 0.1, "url": "http://downloads.vmware.com/go/selfsupport-download" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2519" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0726" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3560" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2009143" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1763" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1166" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1044" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2482" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3493" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1521" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0711" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1171" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2213" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0787" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1521" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1577" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2491" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2059" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1172" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2089" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3720" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1678" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1182" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1080" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1634" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0787" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0695" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2517" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1079" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3720" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2009142" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2022" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1593" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1170" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2089" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2694" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0547" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2059" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3493" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1576" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3378" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1634" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1495" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1776" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2183" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-lts-backport-natty/2.6.38-12.51~lucid1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2494" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2493" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2491" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1256-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1776" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2479" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1767" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2213" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1479" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1768" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1576" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1748" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1212-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.38-1209.15" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0463" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2022" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1770" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-fsl-imx51/2.6.31-610.28" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3859" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4075" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4242" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1010" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4076" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4077" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4175" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4668" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4251" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1204-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4526" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1082" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4243" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4158" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1012" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1476" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1477" }, { "trust": 0.1, "url": "http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-34/changelog" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3875" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1189-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux/2.6.24-29.93" } ], "sources": [ { "db": "BID", "id": "51749" }, { "db": "PACKETSTORM", "id": "101861" }, { "db": "PACKETSTORM", "id": "109299" }, { "db": "PACKETSTORM", "id": "106798" }, { "db": "PACKETSTORM", "id": "105266" }, { "db": "PACKETSTORM", "id": "105083" }, { "db": "PACKETSTORM", "id": "101680" }, { "db": "PACKETSTORM", "id": "104250" }, { "db": "CNNVD", "id": "CNNVD-201201-419" }, { "db": "CNNVD", "id": "CNNVD-201206-406" }, { "db": "NVD", "id": "CVE-2011-1080" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "51749" }, { "db": "PACKETSTORM", "id": "101861" }, { "db": "PACKETSTORM", "id": "109299" }, { "db": "PACKETSTORM", "id": "106798" }, { "db": "PACKETSTORM", "id": "105266" }, { "db": "PACKETSTORM", "id": "105083" }, { "db": "PACKETSTORM", "id": "101680" }, { "db": "PACKETSTORM", "id": "104250" }, { "db": "CNNVD", "id": "CNNVD-201201-419" }, { "db": "CNNVD", "id": "CNNVD-201206-406" }, { "db": "NVD", "id": "CVE-2011-1080" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-01-31T00:00:00", "db": "BID", "id": "51749" }, { "date": "2011-06-01T03:46:58", "db": "PACKETSTORM", "id": "101861" }, { "date": "2012-01-30T12:12:00", "db": "PACKETSTORM", "id": "109299" }, { "date": "2011-11-09T18:56:12", "db": "PACKETSTORM", "id": "106798" }, { "date": "2011-09-21T14:30:14", "db": "PACKETSTORM", "id": "105266" }, { "date": "2011-09-14T05:16:17", "db": "PACKETSTORM", "id": "105083" }, { "date": "2011-05-25T14:08:37", "db": "PACKETSTORM", "id": "101680" }, { "date": "2011-08-20T00:00:39", "db": "PACKETSTORM", "id": "104250" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-419" }, { "date": "2012-06-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201206-406" }, { "date": "2012-06-21T23:55:02.097000", "db": "NVD", "id": "CVE-2011-1080" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-01-31T00:00:00", "db": "BID", "id": "51749" }, { "date": "2012-02-02T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-419" }, { "date": "2023-02-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201206-406" }, { "date": "2023-02-13T04:29:03.420000", "db": "NVD", "id": "CVE-2011-1080" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "PACKETSTORM", "id": "106798" }, { "db": "PACKETSTORM", "id": "105266" }, { "db": "PACKETSTORM", "id": "105083" }, { "db": "PACKETSTORM", "id": "104250" }, { "db": "CNNVD", "id": "CNNVD-201206-406" } ], "trust": 1.0 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Hitachi JP1 Cross-site scripting vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201201-419" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input Validation Error", "sources": [ { "db": "BID", "id": "51749" }, { "db": "CNNVD", "id": "CNNVD-201206-406" } ], "trust": 0.9 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.