Red Hat Local Security Checks : RedHat Update for rtkit RHSA-2013:1282-01

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.871046

Kategorie: Red Hat Local Security Checks

Titel: RedHat Update for rtkit RHSA-2013:1282-01

Zusammenfassung: The remote host is missing an update for the 'rtkit'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'rtkit'
package(s) announced via the referenced advisory.

Vulnerability Insight:
RealtimeKit is a D-Bus system service that changes the scheduling policy of
user processes/threads to SCHED_RR (that is, realtime scheduling mode) on
request. It is intended to be used as a secure mechanism to allow real-time
scheduling to be used by normal user processes.

It was found that RealtimeKit communicated with PolicyKit for authorization
using a D-Bus API that is vulnerable to a race condition. This could have
led to intended PolicyKit authorizations being bypassed. This update
modifies RealtimeKit to communicate with PolicyKit via a different API that
is not vulnerable to the race condition. (CVE-2013-4326)

All rtkit users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Affected Software/OS:
rtkit on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-4326
RHSA-2013:1282
http://rhn.redhat.com/errata/RHSA-2013-1282.html
[oss-security] 20130918 Re: Fwd: [vs-plain] polkit races
http://www.openwall.com/lists/oss-security/2013/09/18/6
https://bugzilla.redhat.com/show_bug.cgi?id=1006677
openSUSE-SU-2013:1548
http://lists.opensuse.org/opensuse-updates/2013-10/msg00022.html
openSUSE-SU-2013:1597
http://lists.opensuse.org/opensuse-updates/2013-10/msg00051.html

Copyright Copyright (C) 2013 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.871046
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Update for rtkit RHSA-2013:1282-01
Zusammenfassung:	The remote host is missing an update for the 'rtkit'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'rtkit' package(s) announced via the referenced advisory. Vulnerability Insight: RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR (that is, realtime scheduling mode) on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for authorization using a D-Bus API that is vulnerable to a race condition. This could have led to intended PolicyKit authorizations being bypassed. This update modifies RealtimeKit to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4326) All rtkit users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. Affected Software/OS: rtkit on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4326 RHSA-2013:1282 http://rhn.redhat.com/errata/RHSA-2013-1282.html [oss-security] 20130918 Re: Fwd: [vs-plain] polkit races http://www.openwall.com/lists/oss-security/2013/09/18/6 https://bugzilla.redhat.com/show_bug.cgi?id=1006677 openSUSE-SU-2013:1548 http://lists.opensuse.org/opensuse-updates/2013-10/msg00022.html openSUSE-SU-2013:1597 http://lists.opensuse.org/opensuse-updates/2013-10/msg00051.html
Copyright	Copyright (C) 2013 Greenbone AG