Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.54038
Kategorie:SuSE Local Security Checks
Titel:SuSE Security Advisory SUSE-SA:2005:003 (kernel)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory SUSE-SA:2005:003.

Several exploitable security problems were identified and fixed in
the Linux kernel, the core of every SUSE Linux product.

- Due to missing locking in the sys_uselib system call a local attacker
can gain root access. This was found by Paul Starzetz and is tracked
by the Mitre CVE ID CVE-2004-1235.

- Paul Starzetz also found a race condition in SMP page table handling
which could lead to a local attacker gaining root access on SMP
machines. This is tracked by the Mitre CVE ID CVE-2005-0001.


- A local denial of service was found in the auditing subsystem which
have lead a local attacker crashing the machine. This was reported
and fixed by Redhat.

- The sendmsg / cmsg fix from the previous kernel update was faulty
on 64bit systems with 32bit compatibility layer and could lead to
32bit applications not working correctly on those 64bit systems.

- The smbfs security fixes from a before-previous kernel update were
faulty for some file write cases.

- A local denial of service with Direct I/O access to NFS file systems
could lead a local attacker to crash a machine with NFS mounts.

- grsecurity reported a signed integer problem in the SCSI ioctl
handling which had a missing boundary check.
Due to C language specifics, this evaluation was not correct and
there actually is no problem in this code.
The signed / unsigned mismatch was fixed nevertheless.

- Several more small non security problems were fixed.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2005:003

Risk factor : High

CVSS Score:
6.9

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-1235
BugTraq ID: 12190
http://www.securityfocus.com/bid/12190
Bugtraq: 20050107 Linux kernel sys_uselib local root vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110512575901427&w=2
Conectiva Linux advisory: CLA-2005:930
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
Debian Security Information: DSA-1067 (Google Search)
http://www.debian.org/security/2006/dsa-1067
Debian Security Information: DSA-1069 (Google Search)
http://www.debian.org/security/2006/dsa-1069
Debian Security Information: DSA-1070 (Google Search)
http://www.debian.org/security/2006/dsa-1070
Debian Security Information: DSA-1082 (Google Search)
http://www.debian.org/security/2006/dsa-1082
http://www.securityfocus.com/advisories/7806
http://www.securityfocus.com/advisories/7805
https://bugzilla.fedora.us/show_bug.cgi?id=2336
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
http://isec.pl/vulnerabilities/isec-0021-uselib.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9567
http://www.redhat.com/support/errata/RHSA-2005-016.html
http://www.redhat.com/support/errata/RHSA-2005-017.html
http://www.redhat.com/support/errata/RHSA-2005-043.html
http://www.redhat.com/support/errata/RHSA-2005-092.html
http://secunia.com/advisories/20162
http://secunia.com/advisories/20163
http://secunia.com/advisories/20202
http://secunia.com/advisories/20338
SuSE Security Announcement: SUSE-SR:2005:001 (Google Search)
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://www.trustix.org/errata/2005/0001/
XForce ISS Database: linux-uselib-gain-privileges(18800)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18800
Common Vulnerability Exposure (CVE) ID: CVE-2005-0001
BugTraq ID: 12244
http://www.securityfocus.com/bid/12244
Bugtraq: 20050112 Linux kernel i386 SMP page fault handler privilege escalation (Google Search)
http://marc.info/?l=bugtraq&m=110554694522719&w=2
Bugtraq: 20050114 [USN-60-0] Linux kernel vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110581146702951&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html
http://isec.pl/vulnerabilities/isec-0022-pagefault.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10322
http://securitytracker.com/id?1012862
http://secunia.com/advisories/13822
XForce ISS Database: linux-fault-handler-gain-privileges(18849)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18849
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.