English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 75516 CVE Beschreibungen
und 39786 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.54038
Kategorie:SuSE Local Security Checks
Titel:SuSE Security Advisory SUSE-SA:2005:003 (kernel)
Zusammenfassung:SuSE Security Advisory SUSE-SA:2005:003 (kernel)
Beschreibung:
The remote host is missing updates announced in
advisory SUSE-SA:2005:003.

Several exploitable security problems were identified and fixed in
the Linux kernel, the core of every SUSE Linux product.

- Due to missing locking in the sys_uselib system call a local attacker
can gain root access. This was found by Paul Starzetz and is tracked
by the Mitre CVE ID CVE-2004-1235.

- Paul Starzetz also found a race condition in SMP page table handling
which could lead to a local attacker gaining root access on SMP
machines. This is tracked by the Mitre CVE ID CVE-2005-0001.


- A local denial of service was found in the auditing subsystem which
have lead a local attacker crashing the machine. This was reported
and fixed by Redhat.

- The sendmsg / cmsg fix from the previous kernel update was faulty
on 64bit systems with 32bit compatibility layer and could lead to
32bit applications not working correctly on those 64bit systems.

- The smbfs security fixes from a before-previous kernel update were
faulty for some file write cases.

- A local denial of service with Direct I/O access to NFS file systems
could lead a local attacker to crash a machine with NFS mounts.

- grsecurity reported a signed integer problem in the SCSI ioctl
handling which had a missing boundary check.
Due to C language specifics, this evaluation was not correct and
there actually is no problem in this code.
The signed / unsigned mismatch was fixed nevertheless.

- Several more small non security problems were fixed.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2005:003

Risk factor : High
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-1235
Bugtraq: 20050107 Linux kernel sys_uselib local root vulnerability (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=110512575901427&w=2
http://isec.pl/vulnerabilities/isec-0021-uselib.txt
Conectiva Linux advisory: CLA-2005:930
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
Debian Security Information: DSA-1070 (Google Search)
http://www.debian.org/security/2006/dsa-1070
Debian Security Information: DSA-1067 (Google Search)
http://www.debian.org/security/2006/dsa-1067
Debian Security Information: DSA-1069 (Google Search)
http://www.debian.org/security/2006/dsa-1069
Debian Security Information: DSA-1082 (Google Search)
http://www.debian.org/security/2006/dsa-1082
http://www.securityfocus.com/advisories/7806
http://www.securityfocus.com/advisories/7805
https://bugzilla.fedora.us/show_bug.cgi?id=2336
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
http://www.redhat.com/support/errata/RHSA-2005-043.html
http://www.redhat.com/support/errata/RHSA-2005-092.html
http://www.redhat.com/support/errata/RHSA-2005-016.html
http://www.redhat.com/support/errata/RHSA-2005-017.html
SuSE Security Announcement: SUSE-SR:2005:001 (Google Search)
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://www.trustix.org/errata/2005/0001/
BugTraq ID: 12190
http://www.securityfocus.com/bid/12190
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9567
http://secunia.com/advisories/20162
http://secunia.com/advisories/20163
http://secunia.com/advisories/20202
http://secunia.com/advisories/20338
XForce ISS Database: linux-uselib-gain-privileges(18800)
http://xforce.iss.net/xforce/xfdb/18800
Common Vulnerability Exposure (CVE) ID: CVE-2005-0001
Bugtraq: 20050112 Linux kernel i386 SMP page fault handler privilege escalation (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=110554694522719&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html
http://isec.pl/vulnerabilities/isec-0022-pagefault.txt
Bugtraq: 20050114 [USN-60-0] Linux kernel vulnerabilities (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=110581146702951&w=2
BugTraq ID: 12244
http://www.securityfocus.com/bid/12244
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10322
http://securitytracker.com/id?1012862
http://secunia.com/advisories/13822
XForce ISS Database: linux-fault-handler-gain-privileges(18849)
http://xforce.iss.net/xforce/xfdb/18849
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 39786 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.