Test Kennung:	1.3.6.1.4.1.25623.1.0.105417
Kategorie:	F5 Local Security Checks
Titel:	F5 BIG-IP - Linux kernel vulnerability CVE-2015-1805
Zusammenfassung:	The remote host is missing a security patch.
Beschreibung:	Summary: The remote host is missing a security patch. Vulnerability Insight: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O vector array overrun.' (CVE-2015-1805) Vulnerability Impact: A local unprivileged user may use this flaw to crash the system, or potentially escalate their privileges on the system. Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1805 1032454 http://www.securitytracker.com/id/1032454 74951 http://www.securityfocus.com/bid/74951 DSA-3290 http://www.debian.org/security/2015/dsa-3290 RHSA-2015:1042 http://rhn.redhat.com/errata/RHSA-2015-1042.html RHSA-2015:1081 http://rhn.redhat.com/errata/RHSA-2015-1081.html RHSA-2015:1082 http://rhn.redhat.com/errata/RHSA-2015-1082.html RHSA-2015:1120 http://rhn.redhat.com/errata/RHSA-2015-1120.html RHSA-2015:1137 http://rhn.redhat.com/errata/RHSA-2015-1137.html RHSA-2015:1138 http://rhn.redhat.com/errata/RHSA-2015-1138.html RHSA-2015:1190 http://rhn.redhat.com/errata/RHSA-2015-1190.html RHSA-2015:1199 http://rhn.redhat.com/errata/RHSA-2015-1199.html RHSA-2015:1211 http://rhn.redhat.com/errata/RHSA-2015-1211.html SUSE-SU-2015:1224 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html SUSE-SU-2015:1324 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html SUSE-SU-2015:1478 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html SUSE-SU-2015:1487 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html SUSE-SU-2015:1488 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html SUSE-SU-2015:1489 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html SUSE-SU-2015:1490 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html SUSE-SU-2015:1491 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html SUSE-SU-2015:1592 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html SUSE-SU-2015:1611 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html USN-2679-1 http://www.ubuntu.com/usn/USN-2679-1 USN-2680-1 http://www.ubuntu.com/usn/USN-2680-1 USN-2681-1 http://www.ubuntu.com/usn/USN-2681-1 USN-2967-1 http://www.ubuntu.com/usn/USN-2967-1 USN-2967-2 http://www.ubuntu.com/usn/USN-2967-2 [oss-security] 20150606 CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption http://www.openwall.com/lists/oss-security/2015/06/06/2 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045 http://source.android.com/security/bulletin/2016-04-02.html http://source.android.com/security/bulletin/2016-05-01.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1202855 https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1 https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.