Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.63249
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2009:0225
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing updates to the kernel announced in
advisory RHSA-2009:0225.

These updated packages contain 730 bug fixes and enhancements for the Linux
kernel. Space precludes a detailed description of each of these changes in
this advisory and users are therefore directed to the release notes for Red
Hat Enterprise Linux 5.3 for information on 97 of the most significant of
these changes.

Details of three security-related bug fixes are set out below, along with
notes on other broad categories of change not covered in the release notes.
For more detailed information on specific bug fixes or enhancements, please
consult the Bugzilla numbers listed in this advisory.

* when fput() was called to close a socket, the __scm_destroy() function
in the Linux kernel could make indirect recursive calls to itself. This
could, potentially, lead to a denial of service issue. (CVE-2008-5029,
Important)

* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A
local, unprivileged user could use the flaw to listen on the same socket
more than once, possibly causing a denial of service. (CVE-2008-5079,
Important)

* a race condition was found in the Linux kernel inotify watch removal
and umount implementation. This could allow a local, unprivileged user
to cause a privilege escalation or a denial of service. (CVE-2008-5182,
Important)

All users are advised to upgrade to these updated packages, which resolve
these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-0225.html
http://www.redhat.com/security/updates/classification/#important

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-5029
BugTraq ID: 32154
http://www.securityfocus.com/bid/32154
BugTraq ID: 33079
http://www.securityfocus.com/bid/33079
Bugtraq: 20090101 Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit (Google Search)
http://www.securityfocus.com/archive/1/499700/100/0/threaded
Bugtraq: 20090104 Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2009-01/0006.html
http://www.securityfocus.com/archive/1/499744/100/0/threaded
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/512019/100/0/threaded
Debian Security Information: DSA-1681 (Google Search)
http://www.debian.org/security/2008/dsa-1681
Debian Security Information: DSA-1687 (Google Search)
http://www.debian.org/security/2008/dsa-1687
http://www.mandriva.com/security/advisories?name=MDVSA-2008:234
http://darkircop.org/unix.c
http://marc.info/?l=linux-netdev&m=122593044330973&w=2
http://www.openwall.com/lists/oss-security/2008/11/06/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11694
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9558
http://www.redhat.com/support/errata/RHSA-2009-0009.html
http://www.redhat.com/support/errata/RHSA-2009-0014.html
http://www.redhat.com/support/errata/RHSA-2009-0225.html
RedHat Security Advisories: RHSA-2009:1550
https://rhn.redhat.com/errata/RHSA-2009-1550.html
http://www.securitytracker.com/id?1021292
http://www.securitytracker.com/id?1021511
http://secunia.com/advisories/32918
http://secunia.com/advisories/32998
http://secunia.com/advisories/33180
http://secunia.com/advisories/33556
http://secunia.com/advisories/33586
http://secunia.com/advisories/33623
http://secunia.com/advisories/33641
http://secunia.com/advisories/33704
http://securityreason.com/securityalert/4573
SuSE Security Announcement: SUSE-SA:2008:057 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html
SuSE Security Announcement: SUSE-SA:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html
SuSE Security Announcement: SUSE-SA:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html
http://www.ubuntu.com/usn/usn-679-1
XForce ISS Database: linux-kernel-scmdestroy-dos(46538)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46538
Common Vulnerability Exposure (CVE) ID: CVE-2008-5079
BugTraq ID: 32676
http://www.securityfocus.com/bid/32676
Bugtraq: 20081205 CVE-2008-5079: multiple listen()s on same socket corrupts the vcc table (Google Search)
http://www.securityfocus.com/archive/1/498943/100/0/threaded
Bugtraq: 20081209 rPSA-2008-0332-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/499044/100/0/threaded
Debian Security Information: DSA-1787 (Google Search)
http://www.debian.org/security/2009/dsa-1787
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01358.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:032
http://marc.info/?l=linux-netdev&m=122841256115780&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11288
http://www.redhat.com/support/errata/RHSA-2009-0053.html
http://www.securitytracker.com/id?1021360
http://secunia.com/advisories/32913
http://secunia.com/advisories/33083
http://secunia.com/advisories/33348
http://secunia.com/advisories/33706
http://secunia.com/advisories/33756
http://secunia.com/advisories/33854
http://secunia.com/advisories/34981
http://securityreason.com/securityalert/4694
SuSE Security Announcement: SUSE-SA:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
https://usn.ubuntu.com/714-1/
http://www.ubuntu.com/usn/usn-715-1
Common Vulnerability Exposure (CVE) ID: CVE-2008-5182
BugTraq ID: 33503
http://www.securityfocus.com/bid/33503
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10584
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.