ID

VAR-201206-0026


CVE

CVE-2011-1078


TITLE

Linux Kernel of sco_sock_getsockopt_old Vulnerabilities that capture important information in functions

Trust: 0.8

sources: JVNDB: JVNDB-2012-002827

DESCRIPTION

The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option. Hitachi JP1 products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The following products are affected: JP1/IT Resource Management - Manager JP1/IT Service Level Management - Manager. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Hitachi JP1/IT Service Level Management Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47804 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47804/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47804 RELEASE DATE: 2012-01-31 DISCUSS ADVISORY: http://secunia.com/advisories/47804/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47804/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47804 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/IT Service Level Management, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. The vulnerability is reported in version 09-50. SOLUTION: Update to version 09-51. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (English): http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-005/index.html Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-005/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ---------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0001 Synopsis: VMware ESXi and ESX updates to third party library and ESX Service Console Issue date: 2012-01-30 Updated on: 2012-01-30 (initial advisory) CVE numbers: --- COS Kernel --- CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 --- COS cURL --- CVE-2011-2192 --- COS rpm --- CVE-2010-2059, CVE-2011-3378 --- COS samba --- CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522, CVE-2011-2694 --- COS python --- CVE-2009-3720, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521 --- python library --- CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, CVE-2011-1521 ---------------------------------------------------------------------- 1. Summary VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues. 2. Relevant releases ESXi 4.1 without patch ESXi410-201201401-SG ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG, ESX410-201201407-SG 3. Problem Description a. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201401-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. b. ESX third party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201402-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. c. ESX third party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues. A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201404-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. d. ESX third party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201406-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. e. ESX third party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client. Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201407-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. f. ESX third party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201405-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. g. ESXi update to third party component python The python third party library is updated to python 2.5.6 which fixes multiple security issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 5.0 ESXi patch pending ESXi 4.1 ESXi ESXi410-201201401-SG ESXi 4.0 ESXi patch pending ESXi 3.5 ESXi patch pending ESX 4.1 ESX not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware ESXi 4.1 --------------- ESXi410-201201401 http://downloads.vmware.com/go/selfsupport-download md5sum: BDF86F10A973346E26C9C2CD4C424E88 sha1sum: CC0B92869A9AAE4F5E0E5B81BEE109BCD7DA780F http://kb.vmware.com/kb/2009143 ESXi410-201201401 contains ESXi410-201201401-SG VMware ESX 4.1 -------------- ESX410-201201001 http://downloads.vmware.com/go/selfsupport-download md5sum: 16DF9ACD3E74BCABC2494BC23AD0927F sha1sum: 1066AE1436E1A75BA3D541AB65296CFB9AB7A5CC http://kb.vmware.com/kb/2009142 ESX410-201201001 contains ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG and ESX410-201201407-SG 5. References CVE numbers --- COS Kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901 --- COS cURL --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192 --- COS rpm --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378 --- COS samba --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694 --- COS python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 --- python library --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 ---------------------------------------------------------------------- 6. Change log 2012-01-30 VMSA-2012-0001 Initial security advisory in conjunction with the release of patches for ESX 4.1 and ESXi 4.1 on 2012-01-30. ---------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2012 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFPJ5DIDEcm8Vbi9kMRAnzCAKCmaAoDp49d61Mr1emzh/U0N8vbgACdFZk8 f2pLxi537s+ew4dvnYNWlJ8= =OAh4 -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-1256-1 November 09, 2011 linux-lts-backport-natty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux-lts-backport-natty: Linux kernel backport from Natty Details: It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Ryan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478) It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573) Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1576) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581) It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. (CVE-2011-1585) It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767) It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768) Ben Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771) Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183) Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. (CVE-2011-2213) It was discovered that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2479) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Sami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496) Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497) It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517) Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525) It was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2689) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700) Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918) Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service. (CVE-2011-2928) Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2942) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Darren Lavender discovered that the CIFS client incorrectly handled certain large values. (CVE-2011-3191) Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209) Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.38-12-generic 2.6.38-12.51~lucid1 linux-image-2.6.38-12-generic-pae 2.6.38-12.51~lucid1 linux-image-2.6.38-12-server 2.6.38-12.51~lucid1 linux-image-2.6.38-12-virtual 2.6.38-12.51~lucid1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1256-1 CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1160, CVE-2011-1180, CVE-2011-1478, CVE-2011-1479, CVE-2011-1493, CVE-2011-1573, CVE-2011-1576, CVE-2011-1577, CVE-2011-1581, CVE-2011-1585, CVE-2011-1767, CVE-2011-1768, CVE-2011-1771, CVE-2011-1776, CVE-2011-1833, CVE-2011-2183, CVE-2011-2213, CVE-2011-2479, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2493, CVE-2011-2494, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517, CVE-2011-2525, CVE-2011-2689, CVE-2011-2695, CVE-2011-2699, CVE-2011-2700, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909, Package Information: https://launchpad.net/ubuntu/+source/linux-lts-backport-natty/2.6.38-12.51~lucid1 . (CVE-2010-4242) Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2240-1 security@debian.org http://www.debian.org/security/ dann frazier May 24, 2011 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726 CVE-2011-1016 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1476 CVE-2011-1477 CVE-2011-1478 CVE-2011-1493 CVE-2011-1494 CVE-2011-1495 CVE-2011-1585 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1770 CVE-2011-1776 CVE-2011-2022 Debian Bug(s) : Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack. Local users could learn the text location of a process, defeating protections provided by address space layout randomization (ASLR). CVE-2011-1016 Marek Olšák discovered an issue in the driver for ATI/AMD Radeon video chips. Local users could pass arbitrary values to video memory and the graphics translation table, resulting in denial of service or escalated privileges. On default Debian installations, this is exploitable only by members of the 'video' group. CVE-2011-1080 Vasiliy Kulikov discovered an issue in the Netfilter subsystem. CVE-2011-1160 Peter Huewe reported an issue in the Linux kernel's support for TPM security chips. CVE-2011-1163 Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. CVE-2011-1170 Vasiliy Kulikov reported an issue in the Netfilter arp table implementation. CVE-2011-1171 Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. CVE-2011-1172 Vasiliy Kulikov reported an issue in the Netfilter IP6 table implementation. CVE-2011-1173 Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. CVE-2011-1180 Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. CVE-2011-1182 Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information. CVE-2011-1476 Dan Rosenberg reported issues in the Open Sound System MIDI interface that allow local users to cause a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable. CVE-2011-1477 Dan Rosenberg reported issues in the Open Sound System driver for cards that include a Yamaha FM synthesizer chip. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable. CVE-2011-1478 Ryan Sweat reported an issue in the Generic Receive Offload (GRO) support in the Linux networking subsystem. CVE-2011-1493 Dan Rosenburg reported two issues in the Linux implementation of the Amateur Radio X.25 PLP (Rose) protocol. CVE-2011-1494 Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. On default Debian installations this is not exploitable as this interface is only accessible to root. CVE-2011-1495 Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. On default Debian installations this is not exploitable as this interface is only accessible to root. CVE-2011-1585 Jeff Layton reported an issue in the Common Internet File System (CIFS). CVE-2011-1598 Dave Jones reported an issue in the Broadcast Manager Controller Area Network (CAN/BCM) protocol that may allow local users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1745 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1746 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1748 Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw socket implementation which permits ocal users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1759 Dan Rosenberg reported an issue in the support for executing "old ABI" binaries on ARM processors. CVE-2011-1767 Alexecy Dobriyan reported an issue in the GRE over IP implementation. CVE-2011-2022 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian installations, this is exploitable only by users in the video group. This update also includes changes queued for the next point release of Debian 6.0, which also fix various non-security issues. These additional changes are described in the package changelog which can be viewed at: http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-34/changelog For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-34squeeze1. Updates for issues impacting the oldstable distribution (lenny) will be available soon. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+34squeeze1 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJN3I4aAAoJEBv4PF5U/IZAaa4P/j+l40Mp6naHByZt3jpwNWSA RN/jkkrYnYNDyT7crB+/DOdu84zalYa2KqfffOd/faV9+NSCBayjJ5c+FvVgeTay Il8elfcWP/uK0BXJn2xVb7YAsLpIe0HRlhxe72ZqcT4Yxo1/IBnEpUS56JRd2tlA k7x7dbj+smlzlM4qiXQy1F6LNyDqoGDUKNohQHUoyQ5dGq/gdi3C7EnUs4Nx9vjK RU1HUWLXB4qm7JpoK6o3u6Hpe0ynZm74tYvTi0XhayGXGevaBvIQuEWqhY6gZF1P v6a5gvBQC2pRIQXAVUbAhjoXpuF5jahTgicLdJanDqLfhefQ3qV11Ahvui2lzZuT iKbMVGzO/azPLzskH8YNBq6drFPX2ZqRsxGmrTdzEtLWnJCN6nBBe4kF6C3z5T1A 1ez4/F+OhNl2wnimq3CxiyfXun9WWs6IlULpqsKgJjE4bItg5a8+zTYGjkhQxX+X fPzO1xZCtQK4i+59Ejs5FwIfps0fA0m8c1Z5bnIaj4Q+0X5sJt2kwws8yrQKoOH1 eKGOgRqM70rOnyW/TQtXDGnTC4+vCCv89UjZUpG+sxZtWUxeh8CL2scUyceTeSNC IS2+EgvilN+a3hQlYJH4YNshmQCtJDp7qMTLaXLHM9hoV1L383nbJV4AtrFlcsCO KRI5f0ds95H6TsEoTSmO =gx2x -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 2.43

sources: NVD: CVE-2011-1078 // JVNDB: JVNDB-2012-002827 // BID: 51749 // PACKETSTORM: 109259 // PACKETSTORM: 109299 // PACKETSTORM: 106798 // PACKETSTORM: 105266 // PACKETSTORM: 105083 // PACKETSTORM: 101680

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:2.6.38.5

Trust: 1.6

vendor:linuxmodel:kernelscope:eqversion:2.6.38.2

Trust: 1.6

vendor:linuxmodel:kernelscope:eqversion:2.6.38.3

Trust: 1.6

vendor:linuxmodel:kernelscope:eqversion:2.6.38.1

Trust: 1.6

vendor:linuxmodel:kernelscope:eqversion:2.6.38.6

Trust: 1.6

vendor:linuxmodel:kernelscope:eqversion:2.6.38

Trust: 1.6

vendor:linuxmodel:kernelscope:eqversion:2.6.38.4

Trust: 1.0

vendor:linuxmodel:kernelscope:lteversion:2.6.38.8

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:2.6.38.7

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:2.6.39

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:3.5

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:4.1

Trust: 0.8

vendor:hitachimodel:jp1/it service level management managerscope:eqversion:-09-50

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-50

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-11-02

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-11

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-10-03

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:eqversion:09-10

Trust: 0.3

vendor:hitachimodel:jp1/it service level management-managerscope:neversion:09-51

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:neversion:09-50-02

Trust: 0.3

vendor:hitachimodel:jp1/it resource management-managerscope:neversion:09-11-05

Trust: 0.3

sources: BID: 51749 // JVNDB: JVNDB-2012-002827 // CNNVD: CNNVD-201206-404 // NVD: CVE-2011-1078

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2011-1078
value: LOW

Trust: 1.8

CNNVD: CNNVD-201206-404
value: LOW

Trust: 0.6

NVD: CVE-2011-1078
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2012-002827 // CNNVD: CNNVD-201206-404 // NVD: CVE-2011-1078

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2012-002827 // NVD: CVE-2011-1078

THREAT TYPE

local

Trust: 0.9

sources: PACKETSTORM: 106798 // PACKETSTORM: 105266 // PACKETSTORM: 105083 // CNNVD: CNNVD-201206-404

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 109259 // CNNVD: CNNVD-201201-419

CONFIGURATIONS

sources: NVD: CVE-2011-1078

PATCH

title:ASA-2011-208url:http://downloads.avaya.com/css/p8/documents/100145416

Trust: 0.8

title:ChangeLog-2.6.39url:http://ftp.osuosl.org/pub/linux/kernel/v2.6/changelog-2.6.39

Trust: 0.8

title:Bluetooth: sco: fix information leak to userspaceurl:https://github.com/torvalds/linux/commit/c4c896e1471aec3b004a693c689f60be3b17ac86

Trust: 0.8

title:linux/kernel/git/torvalds/linux-2.6.git / commiturl:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c4c896e1471aec3b004a693c689f60be3b17ac86

Trust: 0.8

title:Linux Kernel Archivesurl:http://www.kernel.org

Trust: 0.8

title:Bug 681259url:https://bugzilla.redhat.com/show_bug.cgi?id=681259

Trust: 0.8

title:RHSA-2011:0833url:http://rhn.redhat.com/errata/rhsa-2011-0833.html

Trust: 0.8

title:RHSA-2012:1156url:http://rhn.redhat.com/errata/rhsa-2012-1156.html

Trust: 0.8

title:VMSA-2012-0001url:http://www.vmware.com/security/advisories/vmsa-2012-0001.html

Trust: 0.8

title:linux-3.4.4url:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=43488

Trust: 0.6

sources: JVNDB: JVNDB-2012-002827 // CNNVD: CNNVD-201206-404

EXTERNAL IDS

db:NVDid:CVE-2011-1078

Trust: 2.9

db:OPENWALLid:OSS-SECURITY/2011/03/01/10

Trust: 1.6

db:BIDid:51749

Trust: 0.9

db:JVNDBid:JVNDB-2012-002827

Trust: 0.8

db:SECUNIAid:47804

Trust: 0.8

db:CNNVDid:CNNVD-201201-419

Trust: 0.6

db:MLISTid:[OSS-SECURITY] 20110301 RE: CVE REQUEST: KERNEL: TWO BLUETOOTH AND ONE EBTABLES INFOLEAKS/DOSES

Trust: 0.6

db:SECUNIAid:44682

Trust: 0.6

db:SECUNIAid:46003

Trust: 0.6

db:SECUNIAid:45707

Trust: 0.6

db:SECUNIAid:45392

Trust: 0.6

db:SECUNIAid:44889

Trust: 0.6

db:SECUNIAid:44975

Trust: 0.6

db:SECUNIAid:46824

Trust: 0.6

db:SECUNIAid:44543

Trust: 0.6

db:SECUNIAid:44792

Trust: 0.6

db:SECUNIAid:45997

Trust: 0.6

db:SECUNIAid:45509

Trust: 0.6

db:CNNVDid:CNNVD-201206-404

Trust: 0.6

db:HITACHIid:HS12-005

Trust: 0.4

db:PACKETSTORMid:109259

Trust: 0.1

db:PACKETSTORMid:109299

Trust: 0.1

db:PACKETSTORMid:106798

Trust: 0.1

db:PACKETSTORMid:105266

Trust: 0.1

db:PACKETSTORMid:105083

Trust: 0.1

db:PACKETSTORMid:101680

Trust: 0.1

sources: BID: 51749 // JVNDB: JVNDB-2012-002827 // PACKETSTORM: 109259 // PACKETSTORM: 109299 // PACKETSTORM: 106798 // PACKETSTORM: 105266 // PACKETSTORM: 105083 // PACKETSTORM: 101680 // CNNVD: CNNVD-201201-419 // CNNVD: CNNVD-201206-404 // NVD: CVE-2011-1078

REFERENCES

url:https://github.com/torvalds/linux/commit/c4c896e1471aec3b004a693c689f60be3b17ac86

Trust: 1.6

url:https://bugzilla.redhat.com/show_bug.cgi?id=681259

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2011/03/01/10

Trust: 1.6

url:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c4c896e1471aec3b004a693c689f60be3b17ac86

Trust: 1.6

url:http://ftp.osuosl.org/pub/linux/kernel/v2.6/changelog-2.6.39

Trust: 1.6

url:http://rhn.redhat.com/errata/rhsa-2012-1156.html

Trust: 1.0

url:http://rhn.redhat.com/errata/rhsa-2011-0833.html

Trust: 1.0

url:http://downloads.avaya.com/css/p8/documents/100145416

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1078

Trust: 0.9

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1078

Trust: 0.8

url:http://www.securityfocus.com/bid/51749

Trust: 0.6

url:http://secunia.com/advisories/44543

Trust: 0.6

url:http://secunia.com/advisories/44682

Trust: 0.6

url:http://secunia.com/advisories/44792

Trust: 0.6

url:http://secunia.com/advisories/44889

Trust: 0.6

url:http://secunia.com/advisories/44975

Trust: 0.6

url:http://secunia.com/advisories/45392

Trust: 0.6

url:http://secunia.com/advisories/45509

Trust: 0.6

url:http://secunia.com/advisories/45707

Trust: 0.6

url:http://secunia.com/advisories/45997

Trust: 0.6

url:http://secunia.com/advisories/46003

Trust: 0.6

url:http://secunia.com/advisories/46824

Trust: 0.6

url:http://secunia.com/advisories/47804

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2011-1078

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2011-1079

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2011-1080

Trust: 0.5

url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-005/index.html

Trust: 0.4

url:http://www.hds.com/products/storage-software/hitachi-device-manager.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1170

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1172

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-0726

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1494

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1182

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1495

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1093

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1171

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1020

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1493

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1160

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1180

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-0711

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1163

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-4649

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1573

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-0695

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1044

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-2484

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1581

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1585

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1577

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1771

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1833

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1478

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1598

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1593

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1173

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1745

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1746

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1090

Trust: 0.2

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47804

Trust: 0.1

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-005/index.html

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/47804/#comments

Trust: 0.1

url:http://secunia.com/advisories/47804/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2495

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2901

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1166

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1015

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1573

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1093

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1780

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2525

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1746

Trust: 0.1

url:http://kb.vmware.com/kb/1055

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2192

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4649

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1745

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1015

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3560

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1163

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1936

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1494

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2689

Trust: 0.1

url:http://downloads.vmware.com/go/selfsupport-download

Trust: 0.1

url:http://www.vmware.com/support/policies/eos_vi.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2519

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0726

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3560

Trust: 0.1

url:http://kb.vmware.com/kb/2009143

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1763

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1166

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1044

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2482

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3493

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1521

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0711

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1171

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2213

Trust: 0.1

url:http://www.vmware.com/support/policies/eos.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0547

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0787

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1521

Trust: 0.1

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1577

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2491

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2059

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1172

Trust: 0.1

url:http://www.vmware.com/security/advisories

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2089

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3720

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1678

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1182

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1080

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1634

Trust: 0.1

url:http://www.vmware.com/support/policies/security_response.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0787

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0695

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2517

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1079

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3720

Trust: 0.1

url:http://kb.vmware.com/kb/2009142

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2022

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1593

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1170

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2089

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2694

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0547

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2492

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2059

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3493

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1576

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3378

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1634

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1495

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1776

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2183

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-lts-backport-natty/2.6.38-12.51~lucid1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2494

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2492

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2493

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2491

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1256-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1776

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2479

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1767

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2213

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1479

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1768

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1576

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1748

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1212-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.38-1209.15

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0463

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1017

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1770

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-fsl-imx51/2.6.31-610.28

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4162

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3859

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4163

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4075

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4242

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1010

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4076

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4077

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4805

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4175

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4668

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4251

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1204-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4526

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1082

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4243

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-4158

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1012

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1476

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1477

Trust: 0.1

url:http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-34/changelog

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1016

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3875

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

sources: BID: 51749 // JVNDB: JVNDB-2012-002827 // PACKETSTORM: 109259 // PACKETSTORM: 109299 // PACKETSTORM: 106798 // PACKETSTORM: 105266 // PACKETSTORM: 105083 // PACKETSTORM: 101680 // CNNVD: CNNVD-201201-419 // CNNVD: CNNVD-201206-404 // NVD: CVE-2011-1078

CREDITS

Hitachi

Trust: 0.9

sources: BID: 51749 // CNNVD: CNNVD-201201-419

SOURCES

db:BIDid:51749
db:JVNDBid:JVNDB-2012-002827
db:PACKETSTORMid:109259
db:PACKETSTORMid:109299
db:PACKETSTORMid:106798
db:PACKETSTORMid:105266
db:PACKETSTORMid:105083
db:PACKETSTORMid:101680
db:CNNVDid:CNNVD-201201-419
db:CNNVDid:CNNVD-201206-404
db:NVDid:CVE-2011-1078

LAST UPDATE DATE

2023-02-11T22:29:47.621000+00:00


SOURCES UPDATE DATE

db:BIDid:51749date:2012-01-31T00:00:00
db:JVNDBid:JVNDB-2012-002827date:2016-06-30T00:00:00
db:CNNVDid:CNNVD-201201-419date:2012-02-02T00:00:00
db:CNNVDid:CNNVD-201206-404date:2012-06-25T00:00:00
db:NVDid:CVE-2011-1078date:2015-05-06T01:59:00

SOURCES RELEASE DATE

db:BIDid:51749date:2012-01-31T00:00:00
db:JVNDBid:JVNDB-2012-002827date:2012-06-25T00:00:00
db:PACKETSTORMid:109259date:2012-01-31T06:49:21
db:PACKETSTORMid:109299date:2012-01-30T12:12:00
db:PACKETSTORMid:106798date:2011-11-09T18:56:12
db:PACKETSTORMid:105266date:2011-09-21T14:30:14
db:PACKETSTORMid:105083date:2011-09-14T05:16:17
db:PACKETSTORMid:101680date:2011-05-25T14:08:37
db:CNNVDid:CNNVD-201201-419date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201206-404date:2012-06-25T00:00:00
db:NVDid:CVE-2011-1078date:2012-06-21T23:55:00