English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.61729
Kategorie:Mandrake Local Security Checks
Titel:Mandrake Security Advisory MDVSA-2008:220 (kernel)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to kernel
announced via advisory MDVSA-2008:220.

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The snd_seq_oss_synth_make_info function in
sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux
kernel before 2.6.27-rc2 does not verify that the device number is
within the range defined by max_synthdev before returning certain
data to the caller, which allows local users to obtain sensitive
information. (CVE-2008-3272)

Unspecified vulnerability in the 32-bit and 64-bit emulation in the
Linux kernel 2.6.9, 2.6.18, and probably other versions allows local
users to read uninitialized memory via unknown vectors involving a
crafted binary. (CVE-2008-0598)

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c
in the vfs implementation in the Linux kernel before 2.6.25.15 does
not prevent creation of a child dentry for a deleted (aka S_DEAD)
directory, which allows local users to cause a denial of service
(overflow of the UBIFS orphan area) via a series of attempted file
creations within deleted directories. (CVE-2008-3275)

Integer overflow in the sctp_setsockopt_auth_key function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows
remote attackers to cause a denial of service (panic) or possibly have
unspecified other impact via a crafted sca_keylength field associated
with the SCTP_AUTH_KEY option. (CVE-2008-3525)

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23
does not properly zero out the dio struct, which allows local users
to cause a denial of service (OOPS), as demonstrated by a certain
fio test. (CVE-2007-6716)

fs/open.c in the Linux kernel before 2.6.22 does not properly strip
setuid and setgid bits when there is a write to a file, which allows
local users to gain the privileges of a different group, and obtain
sensitive information or possibly have unspecified other impact,
by creating an executable file in a setgid directory through the (1)
truncate or (2) ftruncate function in conjunction with memory-mapped
I/O. (CVE-2008-4210)

Additionaly, support for Intel's ICH9 controller was added, and 'tg3'
driver was updated to version 3.71b.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Affected: Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:220

Risk factor : High

CVSS Score:
7.2

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-3272
1020636
http://www.securitytracker.com/id?1020636
30559
http://www.securityfocus.com/bid/30559
31366
http://secunia.com/advisories/31366
31551
http://secunia.com/advisories/31551
31614
http://secunia.com/advisories/31614
31836
http://secunia.com/advisories/31836
31881
http://secunia.com/advisories/31881
32023
http://secunia.com/advisories/32023
32103
http://secunia.com/advisories/32103
32104
http://secunia.com/advisories/32104
32190
http://secunia.com/advisories/32190
32370
http://secunia.com/advisories/32370
32759
http://secunia.com/advisories/32759
32799
http://secunia.com/advisories/32799
ADV-2008-2307
http://www.vupen.com/english/advisories/2008/2307
DSA-1630
http://www.debian.org/security/2008/dsa-1630
DSA-1636
http://www.debian.org/security/2008/dsa-1636
MDVSA-2008:220
http://www.mandriva.com/security/advisories?name=MDVSA-2008:220
RHSA-2008:0857
http://www.redhat.com/support/errata/RHSA-2008-0857.html
RHSA-2008:0885
http://www.redhat.com/support/errata/RHSA-2008-0885.html
RHSA-2008:0972
http://rhn.redhat.com/errata/RHSA-2008-0972.html
SUSE-SA:2008:047
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html
SUSE-SA:2008:048
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html
SUSE-SA:2008:049
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
SUSE-SA:2008:052
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
SUSE-SR:2008:025
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
USN-637-1
https://usn.ubuntu.com/637-1/
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=82e68f7ffec3800425f2391c8c86277606860442
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2
linux-kernel-seqosssynth-info-disclosure(44225)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44225
oval:org.mitre.oval:def:11182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11182
Common Vulnerability Exposure (CVE) ID: CVE-2008-0598
1020367
http://www.securitytracker.com/id?1020367
29942
http://www.securityfocus.com/bid/29942
30849
http://secunia.com/advisories/30849
30850
http://secunia.com/advisories/30850
31107
http://secunia.com/advisories/31107
33201
http://secunia.com/advisories/33201
33586
http://secunia.com/advisories/33586
RHSA-2008:0508
http://rhn.redhat.com/errata/RHSA-2008-0508.html
RHSA-2008:0519
http://www.redhat.com/support/errata/RHSA-2008-0519.html
RHSA-2008:0973
http://www.redhat.com/support/errata/RHSA-2008-0973.html
RHSA-2009:0009
http://www.redhat.com/support/errata/RHSA-2009-0009.html
USN-625-1
http://www.ubuntu.com/usn/usn-625-1
https://bugzilla.redhat.com/show_bug.cgi?id=433938
linux-kernel-emulation-disclosure(43554)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43554
oval:org.mitre.oval:def:10721
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10721
oval:org.mitre.oval:def:6201
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6201
Common Vulnerability Exposure (CVE) ID: CVE-2008-3275
1020739
http://www.securitytracker.com/id?1020739
30647
http://www.securityfocus.com/bid/30647
32344
http://secunia.com/advisories/32344
33280
http://secunia.com/advisories/33280
33556
http://secunia.com/advisories/33556
ADV-2008-2430
http://www.vupen.com/english/advisories/2008/2430
RHSA-2008:0787
http://www.redhat.com/support/errata/RHSA-2008-0787.html
RHSA-2009:0014
http://www.redhat.com/support/errata/RHSA-2009-0014.html
[linux-kernel] 20080702 Is VFS behavior fine?
http://lkml.org/lkml/2008/7/2/83
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d70b67c8bc72ee23b55381bd6a884f4796692f77
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.15
https://bugzilla.redhat.com/show_bug.cgi?id=457858
linux-kernel-ubifs-dos(44410)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44410
oval:org.mitre.oval:def:10744
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10744
oval:org.mitre.oval:def:6551
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6551
Common Vulnerability Exposure (CVE) ID: CVE-2008-3525
1020969
http://www.securitytracker.com/id?1020969
32237
http://secunia.com/advisories/32237
32315
http://secunia.com/advisories/32315
32356
http://secunia.com/advisories/32356
32386
http://secunia.com/advisories/32386
32393
http://secunia.com/advisories/32393
ADV-2008-2511
http://www.vupen.com/english/advisories/2008/2511
ADV-2008-2714
http://www.vupen.com/english/advisories/2008/2714
DSA-1653
http://www.debian.org/security/2008/dsa-1653
DSA-1655
http://www.debian.org/security/2008/dsa-1655
FEDORA-2008-8929
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html
FEDORA-2008-8980
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html
MDVSA-2008:223
http://www.mandriva.com/security/advisories?name=MDVSA-2008:223
SUSE-SA:2008:051
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html
SUSE-SA:2008:053
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html
USN-659-1
http://www.ubuntu.com/usn/usn-659-1
[oss-security] 20080829 CVE-2008-3525 kernel: missing capability checks in sbni_ioctl()
http://www.openwall.com/lists/oss-security/2008/08/29/2
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7
oval:org.mitre.oval:def:5671
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5671
oval:org.mitre.oval:def:9364
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9364
Common Vulnerability Exposure (CVE) ID: CVE-2007-6716
BugTraq ID: 31515
http://www.securityfocus.com/bid/31515
Debian Security Information: DSA-1653 (Google Search)
http://lkml.org/lkml/2007/7/30/448
http://www.openwall.com/lists/oss-security/2008/09/04/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10053
RedHat Security Advisories: RHSA-2008:0972
SuSE Security Announcement: SUSE-SA:2008:047 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:051 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:052 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2008-4210
BugTraq ID: 31368
http://www.securityfocus.com/bid/31368
http://www.openwall.com/lists/oss-security/2008/09/24/5
http://www.openwall.com/lists/oss-security/2008/09/24/8
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6386
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9511
http://www.redhat.com/support/errata/RHSA-2008-0957.html
http://secunia.com/advisories/32485
http://secunia.com/advisories/32918
SuSE Security Announcement: SUSE-SA:2008:057 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html
http://www.ubuntu.com/usn/usn-679-1
XForce ISS Database: linux-kernel-open-privilege-escalation(45539)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45539
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.