English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 73247 CVE Beschreibungen
und 39212 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.56733
Kategorie:Trustix Local Security Checks
Titel:Trustix Security Advisory TSLSA-2006-0026 (kernel)
Zusammenfassung:Trustix Security Advisory TSLSA-2006-0026 (kernel)
Beschreibung:
The remote host is missing updates announced in
advisory TSLSA-2006-0026.

kernel < TSL 3.0 >
- New Upstream.
- SECURITY Fix: An error in the Stream Control Transmission Protocol
(SCTP) code that uses incorrect state table entries when certain
ECNE chunks are received in CLOSED state, could be exploited by
attackers to cause a kernel panic via a specially crafted packet.
- An error exist when handling incoming IP-fragmented SCTP control
chunks, which could be exploited by attackers to cause a kernel
panic via a specially crafted packet.
- Linux SCTP (lksctp) allows remote attackers to cause a denial of
service (infinite recursion and crash) via a packet that contains
two or more DATA fragments, which causes an skb pointer to refer
back to itself when the full message is reassembled, leading to
infinite recursion in the sctp_skb_pull function
- Linux SCTP (lksctp) allows remote attackers to cause a denial of
service (deadlock) via a large number of small messages to a receiver
application that cannot process the messages quickly enough, which
leads to spillover of the receive buffer.
- A vulnerability has been identified due to an input
validation error when processing arguments containing backslash
(\\) characters passed to certain commands (e.g. cd),
which could be exploited by authenticated attackers to escape
chroot restrictions for a CIFS or SMBFS mounted filesystem.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-2271, CVE-2006-2272, CVE-2006-2274,
CVE-2006-2275 and CVE-2006-1864 to these issues.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0026

Risk factor : High
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2006-2271
http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html
http://labs.musecurity.com/advisories/MU-200605-01.txt
Debian Security Information: DSA-1097 (Google Search)
http://www.debian.org/security/2006/dsa-1097
Debian Security Information: DSA-1103 (Google Search)
http://www.debian.org/security/2006/dsa-1103
http://www.mandriva.com/security/advisories?name=MDKSA-2006:086
http://www.redhat.com/support/errata/RHSA-2006-0493.html
SuSE Security Announcement: SUSE-SA:2006:028 (Google Search)
http://www.novell.com/linux/security/advisories/2006-05-31.html
http://www.trustix.org/errata/2006/0026
http://www.ubuntu.com/usn/usn-302-1
BugTraq ID: 17910
http://www.securityfocus.com/bid/17910
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10934
http://www.vupen.com/english/advisories/2006/1734
http://www.vupen.com/english/advisories/2006/2554
http://www.osvdb.org/25632
http://secunia.com/advisories/19990
http://secunia.com/advisories/20157
http://secunia.com/advisories/20237
http://secunia.com/advisories/20671
http://secunia.com/advisories/20716
http://secunia.com/advisories/20914
http://secunia.com/advisories/21745
http://secunia.com/advisories/20398
http://secunia.com/advisories/21476
XForce ISS Database: linux-sctp-ecne-chunk-dos(26430)
http://xforce.iss.net/xforce/xfdb/26430
Common Vulnerability Exposure (CVE) ID: CVE-2006-2272
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11243
http://www.osvdb.org/25633
XForce ISS Database: linux-sctp-control-chunk-dos(26431)
http://xforce.iss.net/xforce/xfdb/26431
Common Vulnerability Exposure (CVE) ID: CVE-2006-2274
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
BugTraq ID: 17955
http://www.securityfocus.com/bid/17955
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9531
http://www.osvdb.org/25746
http://secunia.com/advisories/21045
XForce ISS Database: linux-sctp-skb-pull-dos(26432)
http://xforce.iss.net/xforce/xfdb/26432
Common Vulnerability Exposure (CVE) ID: CVE-2006-2275
http://www.redhat.com/support/errata/RHSA-2006-0575.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11295
http://secunia.com/advisories/21465
http://secunia.com/advisories/22417
XForce ISS Database: linux-sctp-receive-dos(26433)
http://xforce.iss.net/xforce/xfdb/26433
Common Vulnerability Exposure (CVE) ID: CVE-2006-1864
Bugtraq: 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/451404/100/0/threaded
Bugtraq: 20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/451419/100/200/threaded
Bugtraq: 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/451417/100/200/threaded
Bugtraq: 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/451426/100/200/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2006:151
http://www.redhat.com/support/errata/RHSA-2006-0579.html
http://www.redhat.com/support/errata/RHSA-2006-0580.html
http://www.redhat.com/support/errata/RHSA-2006-0710.html
BugTraq ID: 17735
http://www.securityfocus.com/bid/17735
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11327
http://www.vupen.com/english/advisories/2006/4502
http://www.osvdb.org/25067
http://secunia.com/advisories/19869
http://secunia.com/advisories/21035
http://secunia.com/advisories/21614
http://secunia.com/advisories/22497
http://secunia.com/advisories/22875
http://secunia.com/advisories/23064
XForce ISS Database: kernel-smbfs-directory-traversal(26137)
http://xforce.iss.net/xforce/xfdb/26137
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 39212 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.