mark :: blog

09 Aug 2011: Red Hat's Most Serious Flaw Types for 2010

A few weeks ago the 2011 update to the CWE/SANS Top 25 Most Dangerous Software Errors was published. As part of our contribution to this update we analysed the most severe vulnerabilities that affected Red Hat since the last update and mapped each one to the appropriate Common Weakness Enumeration (CWE) type.

The table below lists all vulnerabilities which have a CVSS score of 7 or more ('high'), that we fixed in any product during calendar year 2010.

Most common CWE were:

Buffer Copy without Checking Size of Input (CWE-120): 8 vulnerabilities.
Race Condition (CWE-362): 5 vulnerabilities.

CVE CWE 2011 top 25? CVSS base score Fixed in

CVE-2007-4567 CWE-476 no 7.8 Red Hat Enterprise Linux 5 (kernel)

CVE-2009-0778 CWE-770 no 7.1 Red Hat Enterprise Linux 5 (kernel)

CVE-2009-1385 CWE-191 no 7.1 Red Hat Enterprise Linux 5 (kernel)

CVE-2009-3080 CWE-129 no 7.2 Red Hat Enterprise Linux 3, 4, 5, MRG (kernel)

CVE-2009-3245 CWE-252 no 7.6 Red Hat Enterprise Linux 3, 4, 5 (openssl)

CVE-2009-3726 CWE-476 no 7.2 Red Hat Enterprise Linux 4, 5, MRG (kernel)

CVE-2009-4005 CWE-127 no 7.1 Red Hat Enterprise Linux 4 (kernel)

CVE-2009-4027 CWE-362 no 7.8 Red Hat Enterprise Linux 5 (kernel)

CVE-2009-4141 CWE-416 no 7.2 Red Hat Enterprise Linux 5, MRG (kernel)

CVE-2009-4212 CWE-191 no 10.0 Red Hat Enterprise Linux 3, 4, 5 (krb5)

CVE-2009-4272 CWE-764 no 7.8 Red Hat Enterprise Linux 5 (kernel)

CVE-2009-4273 CWE-78 yes 7.9 Red Hat Enterprise Linux 5 (systemtap)

CVE-2009-4537 CWE-120 yes 7.1 Red Hat Enterprise Linux 4, 5, MRG (kernel)

CVE-2009-4895 CWE-362 no 7.2 Red Hat Enterprise MRG (kernel)

CVE-2010-0008 CWE-606 no 7.8 Red Hat Enterprise Linux 4, 5 (kernel)

CVE-2010-0291 CWE-822 no 7.2 Red Hat Enterprise Linux 5 (kernel)

CVE-2010-0738 CWE-424 no 7.5 JBoss Enterprise Application Platform 4.2, 4.3

CVE-2010-0741 CWE-20 no 7.1 Red Hat Enterprise Linux 5 (kvm)

CVE-2010-1084 CWE-120 yes 7.2 Red Hat Enterprise Linux 5 (kernel)

CVE-2010-1086 CWE-20 no 7.8 Red Hat Enterprise Linux 4, 5 (kernel)

CVE-2010-1087 CWE-362 no 7.2 Red Hat Enterprise Linux 5 (kernel)

CVE-2010-1166 CWE-823 no 7.6 Red Hat Enterprise Linux 5 (xorg-x11-server)

CVE-2010-1173 CWE-120 * yes 7.1 Red Hat Enterprise Linux 4, 5 (kernel)

CVE-2010-1188 CWE-416 no 7.8 Red Hat Enterprise Linux 3, 4, 5 (kernel)

CVE-2010-1436 CWE-120 yes 7.2 Red Hat Enterprise Linux 5 (kernel)

CVE-2010-1437 CWE-362 no 7.2 Red Hat Enterprise Linux 4, 5 (kernel)

CVE-2010-2063 CWE-823 no 7.5 Red Hat Enterprise Linux 3, 4, 5 (samba)

CVE-2010-2235 CWE-77 no 7.1 Red Hat Network Satellite Server 5.3 (cobbler)

CVE-2010-2240 CWE-788 no 7.2 Red Hat Enterprise Linux 3, 4, 5, MRG (kernel)

CVE-2010-2248 CWE-682 no 7.1 Red Hat Enterprise Linux 4, 5 (kernel)

CVE-2010-2492 CWE-805 no 7.2 Red Hat Enterprise Linux 5, 6 (kernel)

CVE-2010-2521 CWE-805 no 8.3 Red Hat Enterprise Linux 4, 5, MRG (kernel)

CVE-2010-2798 CWE-476 no 7.2 Red Hat Enterprise Linux 5 (kernel)

CVE-2010-2962 CWE-823 no 7.2 Red Hat Enterprise Linux 6, MRG (kernel)

CVE-2010-3069 CWE-129 no 8.3 Red Hat Enterprise Linux 3, 4, 5, 6 (samba)

CVE-2010-3081 CWE-131 yes 7.2 Red Hat Enterprise Linux 3, 4, 5, 6, MRG (kernel)

CVE-2010-3084 CWE-120 yes 7.2 Red Hat Enterprise Linux 6 (kernel)

CVE-2010-3301 CWE-129 no 7.2 Red Hat Enterprise Linux 6 (kernel)

CVE-2010-3302 CWE-120 yes 7.1 Red Hat Enterprise Linux 6 (openswan)

CVE-2010-3308 CWE-120 yes 7.1 Red Hat Enterprise Linux 6 (openswan)

CVE-2010-3432 CWE-805 * no 7.8 Red Hat Enterprise Linux 4, 5, 6, MRG (kernel)

CVE-2010-3705 CWE-788 no 8.3 Red Hat Enterprise Linux 6, MRG (kernel)

CVE-2010-3708 CWE-77 no 7.5 JBoss Enterprise Application Platform 4.3, SOA Platform 4.2

CVE-2010-3752 CWE-78 yes 7.1 Red Hat Enterprise Linux 6 (openswan)

CVE-2010-3753 CWE-78 yes 7.1 Red Hat Enterprise Linux 6 (openswan)

CVE-2010-3847 CWE-426 no 7.2 Red Hat Enterprise Linux 5, 6 (glibc)

CVE-2010-3856 CWE-426 no 7.2 Red Hat Enterprise Linux 5, 6 (glibc)

CVE-2010-3864 CWE-362 no 7.6 Red Hat Enterprise Linux 6 (openssl)

CVE-2010-3904 CWE-822 no 7.2 Red Hat Enterprise Linux 5, 6 (kernel)

CVE-2010-4170 CWE-88 no 7.2 Red Hat Enterprise Linux 4, 5, 6 (systemtap)

CVE-2010-4179 CWE-862 yes 7.5 Red Hat Enterprise MRG (cumin)

CVE-2010-4344 CWE-120 yes 7.5 Red Hat Enterprise Linux 4, 5 (exim)

CVE	CWE	2011 top 25?	CVSS base score	Fixed in
CVE-2007-4567	CWE-476	no	7.8	Red Hat Enterprise Linux 5 (kernel)
CVE-2009-0778	CWE-770	no	7.1	Red Hat Enterprise Linux 5 (kernel)
CVE-2009-1385	CWE-191	no	7.1	Red Hat Enterprise Linux 5 (kernel)
CVE-2009-3080	CWE-129	no	7.2	Red Hat Enterprise Linux 3, 4, 5, MRG (kernel)
CVE-2009-3245	CWE-252	no	7.6	Red Hat Enterprise Linux 3, 4, 5 (openssl)
CVE-2009-3726	CWE-476	no	7.2	Red Hat Enterprise Linux 4, 5, MRG (kernel)
CVE-2009-4005	CWE-127	no	7.1	Red Hat Enterprise Linux 4 (kernel)
CVE-2009-4027	CWE-362	no	7.8	Red Hat Enterprise Linux 5 (kernel)
CVE-2009-4141	CWE-416	no	7.2	Red Hat Enterprise Linux 5, MRG (kernel)
CVE-2009-4212	CWE-191	no	10.0	Red Hat Enterprise Linux 3, 4, 5 (krb5)
CVE-2009-4272	CWE-764	no	7.8	Red Hat Enterprise Linux 5 (kernel)
CVE-2009-4273	CWE-78	yes	7.9	Red Hat Enterprise Linux 5 (systemtap)
CVE-2009-4537	CWE-120	yes	7.1	Red Hat Enterprise Linux 4, 5, MRG (kernel)
CVE-2009-4895	CWE-362	no	7.2	Red Hat Enterprise MRG (kernel)
CVE-2010-0008	CWE-606	no	7.8	Red Hat Enterprise Linux 4, 5 (kernel)
CVE-2010-0291	CWE-822	no	7.2	Red Hat Enterprise Linux 5 (kernel)
CVE-2010-0738	CWE-424	no	7.5	JBoss Enterprise Application Platform 4.2, 4.3
CVE-2010-0741	CWE-20	no	7.1	Red Hat Enterprise Linux 5 (kvm)
CVE-2010-1084	CWE-120	yes	7.2	Red Hat Enterprise Linux 5 (kernel)
CVE-2010-1086	CWE-20	no	7.8	Red Hat Enterprise Linux 4, 5 (kernel)
CVE-2010-1087	CWE-362	no	7.2	Red Hat Enterprise Linux 5 (kernel)
CVE-2010-1166	CWE-823	no	7.6	Red Hat Enterprise Linux 5 (xorg-x11-server)
CVE-2010-1173	CWE-120 *	yes	7.1	Red Hat Enterprise Linux 4, 5 (kernel)
CVE-2010-1188	CWE-416	no	7.8	Red Hat Enterprise Linux 3, 4, 5 (kernel)
CVE-2010-1436	CWE-120	yes	7.2	Red Hat Enterprise Linux 5 (kernel)
CVE-2010-1437	CWE-362	no	7.2	Red Hat Enterprise Linux 4, 5 (kernel)
CVE-2010-2063	CWE-823	no	7.5	Red Hat Enterprise Linux 3, 4, 5 (samba)
CVE-2010-2235	CWE-77	no	7.1	Red Hat Network Satellite Server 5.3 (cobbler)
CVE-2010-2240	CWE-788	no	7.2	Red Hat Enterprise Linux 3, 4, 5, MRG (kernel)
CVE-2010-2248	CWE-682	no	7.1	Red Hat Enterprise Linux 4, 5 (kernel)
CVE-2010-2492	CWE-805	no	7.2	Red Hat Enterprise Linux 5, 6 (kernel)
CVE-2010-2521	CWE-805	no	8.3	Red Hat Enterprise Linux 4, 5, MRG (kernel)
CVE-2010-2798	CWE-476	no	7.2	Red Hat Enterprise Linux 5 (kernel)
CVE-2010-2962	CWE-823	no	7.2	Red Hat Enterprise Linux 6, MRG (kernel)
CVE-2010-3069	CWE-129	no	8.3	Red Hat Enterprise Linux 3, 4, 5, 6 (samba)
CVE-2010-3081	CWE-131	yes	7.2	Red Hat Enterprise Linux 3, 4, 5, 6, MRG (kernel)
CVE-2010-3084	CWE-120	yes	7.2	Red Hat Enterprise Linux 6 (kernel)
CVE-2010-3301	CWE-129	no	7.2	Red Hat Enterprise Linux 6 (kernel)
CVE-2010-3302	CWE-120	yes	7.1	Red Hat Enterprise Linux 6 (openswan)
CVE-2010-3308	CWE-120	yes	7.1	Red Hat Enterprise Linux 6 (openswan)
CVE-2010-3432	CWE-805 *	no	7.8	Red Hat Enterprise Linux 4, 5, 6, MRG (kernel)
CVE-2010-3705	CWE-788	no	8.3	Red Hat Enterprise Linux 6, MRG (kernel)
CVE-2010-3708	CWE-77	no	7.5	JBoss Enterprise Application Platform 4.3, SOA Platform 4.2
CVE-2010-3752	CWE-78	yes	7.1	Red Hat Enterprise Linux 6 (openswan)
CVE-2010-3753	CWE-78	yes	7.1	Red Hat Enterprise Linux 6 (openswan)
CVE-2010-3847	CWE-426	no	7.2	Red Hat Enterprise Linux 5, 6 (glibc)
CVE-2010-3856	CWE-426	no	7.2	Red Hat Enterprise Linux 5, 6 (glibc)
CVE-2010-3864	CWE-362	no	7.6	Red Hat Enterprise Linux 6 (openssl)
CVE-2010-3904	CWE-822	no	7.2	Red Hat Enterprise Linux 5, 6 (kernel)
CVE-2010-4170	CWE-88	no	7.2	Red Hat Enterprise Linux 4, 5, 6 (systemtap)
CVE-2010-4179	CWE-862	yes	7.5	Red Hat Enterprise MRG (cumin)
CVE-2010-4344	CWE-120	yes	7.5	Red Hat Enterprise Linux 4, 5 (exim)

* - in both these cases the outcome is not a buffer overflow as the possible overflow is detected and instead converted into an abort (DoS)