Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
http://secunia.com/advisories/37435
http://secunia.com/advisories/37720
http://secunia.com/advisories/37909
http://secunia.com/advisories/38017
http://secunia.com/advisories/38276
http://support.avaya.com/css/P8/documents/100073666
http://www.debian.org/security/2010/dsa-2005
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8
http://www.mandriva.com/security/advisories?name=MDVSA-2010:030
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://www.redhat.com/support/errata/RHSA-2010-0041.html
http://www.redhat.com/support/errata/RHSA-2010-0882.html
http://www.securityfocus.com/bid/37068
http://www.ubuntu.com/usn/usn-864-1
http://www.vmware.com/security/advisories/VMSA-2011-0009.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101
https://rhn.redhat.com/errata/RHSA-2010-0046.html
https://rhn.redhat.com/errata/RHSA-2010-0095.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 2.6.31.6 (inclusive)
cpe:2.3:o:linux:linux_kernel:2.6.32:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*
OR
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
OR
OR
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
OR
OR
cpe:2.3:a:redhat:virtualization:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_workstation:5.0:*:*:*:*:*:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
89740 | VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check) | Nessus | VMware ESX Local Security Checks | critical |
89678 | VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0009) (remote check) | Nessus | Misc. | high |
79507 | OracleVM 2.2 : kernel (OVMSA-2013-0039) | Nessus | OracleVM Local Security Checks | critical |
67992 | Oracle Linux 4 : kernel (ELSA-2010-0076) | Nessus | Oracle Linux Local Security Checks | high |
67988 | Oracle Linux 5 : kernel (ELSA-2010-0046) | Nessus | Oracle Linux Local Security Checks | high |
60728 | Scientific Linux Security Update : kernel on SL4.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
59143 | SuSE 10 Security Update : the Linux Kernel (x86_64) (ZYPP Patch Number 6730) | Nessus | SuSE Local Security Checks | high |
59142 | SuSE 10 Security Update : Linux Kernel (x86_64) (ZYPP Patch Number 6697) | Nessus | SuSE Local Security Checks | high |
54968 | VMSA-2011-0009 : VMware hosted product updates, ESX patches and VI Client update resolve multiple security issues | Nessus | VMware ESX Local Security Checks | high |
52685 | SuSE 11 Security Update : Linux kernel (SAT Patch Number 1753) | Nessus | SuSE Local Security Checks | critical |
49868 | SuSE 10 Security Update : Linux Kernel (x86) (ZYPP Patch Number 6694) | Nessus | SuSE Local Security Checks | high |
46765 | VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates | Nessus | VMware ESX Local Security Checks | critical |
44951 | Debian DSA-2005-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak | Nessus | Debian Local Security Checks | critical |
44867 | Debian DSA-2003-1 : linux-2.6 - privilege escalation/denial of service | Nessus | Debian Local Security Checks | high |
44654 | SuSE9 Security Update : the Linux kernel (YOU Patch Number 12578) | Nessus | SuSE Local Security Checks | high |
44408 | Mandriva Linux Security Advisory : kernel (MDVSA-2010:034) | Nessus | Mandriva Local Security Checks | high |
44395 | CentOS 4 : kernel (CESA-2010:0076) | Nessus | CentOS Local Security Checks | high |
44386 | RHEL 4 : kernel (RHSA-2010:0076) | Nessus | Red Hat Local Security Checks | high |
44356 | Mandriva Linux Security Advisory : kernel (MDVSA-2010:030) | Nessus | Mandriva Local Security Checks | high |
44096 | CentOS 5 : kernel (CESA-2010:0046) | Nessus | CentOS Local Security Checks | high |
44062 | RHEL 5 : kernel (RHSA-2010:0046) | Nessus | Red Hat Local Security Checks | high |
44037 | SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1754 / 1760) | Nessus | SuSE Local Security Checks | critical |
44034 | openSUSE Security Update : kernel (kernel-1749) | Nessus | SuSE Local Security Checks | critical |
43631 | SuSE 11.2 Security Update: kernel (2009-12-18) | Nessus | SuSE Local Security Checks | high |
43398 | SuSE 10 Security Update : the Linux Kernel (i386) (ZYPP Patch Number 6726) | Nessus | SuSE Local Security Checks | high |
43125 | Fedora 10 : kernel-2.6.27.41-170.2.117.fc10 (2009-13098) | Nessus | Fedora Local Security Checks | high |
43026 | Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-864-1) | Nessus | Ubuntu Local Security Checks | high |
801486 | CentOS RHSA-2010-0076 Security Check | Log Correlation Engine | Generic | high |
801485 | CentOS RHSA-2010-0046 Security Check | Log Correlation Engine | Generic | high |