English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 114770 CVE Beschreibungen
und 58768 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.63309
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu USN-715-1 (linux)
Zusammenfassung:Ubuntu USN-715-1 (linux)
Beschreibung:Description:
The remote host is missing an update to linux
announced via advisory USN-715-1.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

Details follow:

Hugo Dias discovered that the ATM subsystem did not correctly manage
socket counts. A local attacker could exploit this to cause a system hang,
leading to a denial of service. (CVE-2008-5079)

It was discovered that the inotify subsystem contained watch removal
race conditions. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2008-5182)

Dann Frazier discovered that in certain situations sendmsg did not
correctly release allocated memory. A local attacker could exploit
this to force the system to run out of free memory, leading to a denial
of service. (CVE-2008-5300)

Helge Deller discovered that PA-RISC stack unwinding was not handled
correctly. A local attacker could exploit this to crash the system,
leading do a denial of service. This did not affect official Ubuntu
kernels, but was fixed in the source for anyone performing HPPA kernel
builds. (CVE-2008-5395)

It was discovered that the ATA subsystem did not correctly set timeouts. A
local attacker could exploit this to cause a system hang, leading to a
denial of service. (CVE-2008-5700)

It was discovered that the ib700 watchdog timer did not correctly check
buffer sizes. A local attacker could send a specially crafted ioctl
to the device to cause a system crash, leading to a denial of service.
(CVE-2008-5702)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
linux-image-2.6.27-11-generic 2.6.27-11.27
linux-image-2.6.27-11-server 2.6.27-11.27
linux-image-2.6.27-11-virtual 2.6.27-11.27

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-715-1

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-5079
Bugtraq: 20081205 CVE-2008-5079: multiple listen()s on same socket corrupts the vcc table (Google Search)
http://www.securityfocus.com/archive/1/archive/1/498943/100/0/threaded
Bugtraq: 20081209 rPSA-2008-0332-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/499044/100/0/threaded
http://marc.info/?l=linux-netdev&m=122841256115780&w=2
Debian Security Information: DSA-1787 (Google Search)
http://www.debian.org/security/2009/dsa-1787
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01358.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:032
http://www.redhat.com/support/errata/RHSA-2009-0225.html
http://www.redhat.com/support/errata/RHSA-2009-0053.html
SuSE Security Announcement: SUSE-SA:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html
SuSE Security Announcement: SUSE-SA:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html
SuSE Security Announcement: SUSE-SA:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
http://www.ubuntu.com/usn/usn-715-1
http://www.ubuntulinux.org/support/documentation/usn/usn-714-1
BugTraq ID: 32676
http://www.securityfocus.com/bid/32676
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11288
http://www.securitytracker.com/id?1021360
http://secunia.com/advisories/32913
http://secunia.com/advisories/33623
http://secunia.com/advisories/33641
http://secunia.com/advisories/33704
http://secunia.com/advisories/33756
http://secunia.com/advisories/33706
http://secunia.com/advisories/33854
http://secunia.com/advisories/33348
http://secunia.com/advisories/33083
http://secunia.com/advisories/34981
http://securityreason.com/securityalert/4694
Common Vulnerability Exposure (CVE) ID: CVE-2008-5182
Debian Security Information: DSA-1681 (Google Search)
http://www.debian.org/security/2008/dsa-1681
BugTraq ID: 33503
http://www.securityfocus.com/bid/33503
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10584
http://secunia.com/advisories/32998
Common Vulnerability Exposure (CVE) ID: CVE-2008-5300
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/512019/100/0/threaded
http://marc.info/?l=linux-netdev&m=122721862313564&w=2
http://marc.info/?l=linux-netdev&m=122765505415944&w=2
http://www.redhat.com/support/errata/RHSA-2009-0014.html
RedHat Security Advisories: RHSA-2009:1550
https://rhn.redhat.com/errata/RHSA-2009-1550.html
BugTraq ID: 32516
http://www.securityfocus.com/bid/32516
http://osvdb.org/50272
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10283
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11427
http://secunia.com/advisories/33556
http://securityreason.com/securityalert/4673
XForce ISS Database: linux-kernel-sendmsg-dos(46943)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46943
Common Vulnerability Exposure (CVE) ID: CVE-2008-5395
http://marc.info/?l=linux-parisc&m=121736357203624&w=2
Debian Security Information: DSA-1794 (Google Search)
http://www.debian.org/security/2009/dsa-1794
BugTraq ID: 32636
http://www.securityfocus.com/bid/32636
http://secunia.com/advisories/32933
http://secunia.com/advisories/35011
XForce ISS Database: linux-kernel-pariscshowstack-dos(47075)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47075
Common Vulnerability Exposure (CVE) ID: CVE-2008-5700
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
http://openwall.com/lists/oss-security/2008/12/09/2
http://www.redhat.com/support/errata/RHSA-2009-0331.html
http://www.redhat.com/support/errata/RHSA-2009-0326.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10948
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8606
http://secunia.com/advisories/34252
http://secunia.com/advisories/33758
http://secunia.com/advisories/34762
http://secunia.com/advisories/37471
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: linux-kernel-libata-dos(47669)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47669
Common Vulnerability Exposure (CVE) ID: CVE-2008-5702
http://lkml.org/lkml/2008/10/5/173
http://openwall.com/lists/oss-security/2008/12/10/2
http://openwall.com/lists/oss-security/2008/12/17/6
http://openwall.com/lists/oss-security/2008/12/17/9
http://openwall.com/lists/oss-security/2008/12/17/20
SuSE Security Announcement: SUSE-SA:2009:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11344
http://secunia.com/advisories/35390
XForce ISS Database: linux-kernel-ibwdtioctl-unknown(47667)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47667
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 58768 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2017 E-Soft Inc. Alle Rechte vorbehalten.