FreeBSD Local Security Checks : FreeBSD Security Advisory (FreeBSD-SA-09:09.pipe.asc)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.64206

Kategorie: FreeBSD Local Security Checks

Titel: FreeBSD Security Advisory (FreeBSD-SA-09:09.pipe.asc)

Zusammenfassung: The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-09:09.pipe.asc

Beschreibung: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-09:09.pipe.asc

Vulnerability Insight:
One of the most commonly used forms of interprocess communication on
FreeBSD and other UNIX-like systems is the (anonymous) pipe. In this
mechanism, a pair of file descriptors is created, and data written to
one descriptor can be read from the other.

FreeBSD's pipe implementation contains an optimization known as direct
writes. In this optimization, rather than copying data into kernel
memory when the write(2) system call is invoked and then copying the
data again when the read(2) system call is invoked, the FreeBSD kernel
takes advantage of virtual memory mapping to allow the data to be copied
directly between processes.

An integer overflow in computing the set of pages containing data to be
copied can result in virtual-to-physical address lookups not being
performed.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date.

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1935
BugTraq ID: 35279
http://www.securityfocus.com/bid/35279
FreeBSD Security Advisory: FreeBSD-SA-09:09
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
http://osvdb.org/55044
http://www.securitytracker.com/id?1022365
http://secunia.com/advisories/35398
XForce ISS Database: freebsd-directpipe-info-disclosure(51109)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51109

Copyright Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.64206
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Security Advisory (FreeBSD-SA-09:09.pipe.asc)
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-09:09.pipe.asc
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:09.pipe.asc Vulnerability Insight: One of the most commonly used forms of interprocess communication on FreeBSD and other UNIX-like systems is the (anonymous) pipe. In this mechanism, a pair of file descriptors is created, and data written to one descriptor can be read from the other. FreeBSD's pipe implementation contains an optimization known as direct writes. In this optimization, rather than copying data into kernel memory when the write(2) system call is invoked and then copying the data again when the read(2) system call is invoked, the FreeBSD kernel takes advantage of virtual memory mapping to allow the data to be copied directly between processes. An integer overflow in computing the set of pages containing data to be copied can result in virtual-to-physical address lookups not being performed. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1935 BugTraq ID: 35279 http://www.securityfocus.com/bid/35279 FreeBSD Security Advisory: FreeBSD-SA-09:09 http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc http://osvdb.org/55044 http://www.securitytracker.com/id?1022365 http://secunia.com/advisories/35398 XForce ISS Database: freebsd-directpipe-info-disclosure(51109) https://exchange.xforce.ibmcloud.com/vulnerabilities/51109
Copyright	Copyright (C) 2009 E-Soft Inc.