English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64668
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:1222
Summary:The remote host is missing updates announced in;advisory RHSA-2009:1222.;;The kernel packages contain the Linux kernel, the core of any Linux;operating system.;;These updated packages fix the following security issues:;; * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This;macro did not initialize the sendpage operation in the proto_ops structure;correctly. A local, unprivileged user could use this flaw to cause a local;denial of service or escalate their privileges. (CVE-2009-2692, Important);; * a flaw was found in the udp_sendmsg() implementation in the Linux kernel;when using the MSG_MORE flag on UDP sockets. A local, unprivileged user;could use this flaw to cause a local denial of service or escalate their;privileges. (CVE-2009-2698, Important);;Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google;Security Team for responsibly reporting these flaws.;;These updated packages also fix the following bug:;; * in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was;not freed in the error exit path. This bug led to a memory leak and an;unresponsive system. A reported case of this bug occurred after running;cman_tool kill -n [nodename]. (BZ#515432);;Users should upgrade to these updated packages, which contain backported;patches to correct these issues. The system must be rebooted for this;update to take effect.
Description:Summary:
The remote host is missing updates announced in
advisory RHSA-2009:1222.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

* a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
macro did not initialize the sendpage operation in the proto_ops structure
correctly. A local, unprivileged user could use this flaw to cause a local
denial of service or escalate their privileges. (CVE-2009-2692, Important)

* a flaw was found in the udp_sendmsg() implementation in the Linux kernel
when using the MSG_MORE flag on UDP sockets. A local, unprivileged user
could use this flaw to cause a local denial of service or escalate their
privileges. (CVE-2009-2698, Important)

Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google
Security Team for responsibly reporting these flaws.

These updated packages also fix the following bug:

* in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was
not freed in the error exit path. This bug led to a memory leak and an
unresponsive system. A reported case of this bug occurred after running
cman_tool kill -n [nodename]. (BZ#515432)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2692
BugTraq ID: 36038
http://www.securityfocus.com/bid/36038
Bugtraq: 20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations (Google Search)
http://www.securityfocus.com/archive/1/505751/100/0/threaded
Bugtraq: 20090818 rPSA-2009-0121-1 kernel open-vm-tools (Google Search)
http://www.securityfocus.com/archive/1/505912/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/512019/100/0/threaded
Debian Security Information: DSA-1865 (Google Search)
http://www.debian.org/security/2009/dsa-1865
http://www.exploit-db.com/exploits/19933
http://www.exploit-db.com/exploits/9477
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:233
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
http://grsecurity.net/~spender/wunderbar_emporium.tgz
http://zenthought.org/content/file/android-root-2009-08-16-source
http://www.openwall.com/lists/oss-security/2009/08/14/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657
RedHat Security Advisories: RHSA-2009:1222
http://rhn.redhat.com/errata/RHSA-2009-1222.html
RedHat Security Advisories: RHSA-2009:1223
http://rhn.redhat.com/errata/RHSA-2009-1223.html
http://www.redhat.com/support/errata/RHSA-2009-1233.html
http://secunia.com/advisories/36278
http://secunia.com/advisories/36289
http://secunia.com/advisories/36327
http://secunia.com/advisories/36430
http://secunia.com/advisories/37298
http://secunia.com/advisories/37471
SuSE Security Announcement: SUSE-SR:2009:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://www.vupen.com/english/advisories/2009/2272
http://www.vupen.com/english/advisories/2009/3316
Common Vulnerability Exposure (CVE) ID: CVE-2009-2698
BugTraq ID: 36108
http://www.securityfocus.com/bid/36108
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://www.openwall.com/lists/oss-security/2009/08/25/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142
http://www.securitytracker.com/id?1022761
http://secunia.com/advisories/23073
http://secunia.com/advisories/36510
http://secunia.com/advisories/37105
SuSE Security Announcement: SUSE-SA:2009:046 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html
http://www.ubuntu.com/usn/USN-852-1
CopyrightCopyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.