Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2014-328)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120205

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2014-328)

Resumen: The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2014-328 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2014-328 advisory.

Vulnerability Insight:
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.

Affected Software/OS:
'kernel' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-0055
59386
http://secunia.com/advisories/59386
66441
http://www.securityfocus.com/bid/66441
RHSA-2014:0328
http://rhn.redhat.com/errata/RHSA-2014-0328.html
RHSA-2014:0339
http://rhn.redhat.com/errata/RHSA-2014-0339.html
https://bugzilla.redhat.com/show_bug.cgi?id=1062577
Common Vulnerability Exposure (CVE) ID: CVE-2014-0077
59599
http://secunia.com/advisories/59599
66678
http://www.securityfocus.com/bid/66678
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10
https://bugzilla.redhat.com/show_bug.cgi?id=1064440
https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0
Common Vulnerability Exposure (CVE) ID: CVE-2014-2309
BugTraq ID: 66095
http://www.securityfocus.com/bid/66095
http://www.openwall.com/lists/oss-security/2014/03/08/1
http://www.securitytracker.com/id/1029894
http://secunia.com/advisories/57250
SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-2523
BugTraq ID: 66279
http://www.securityfocus.com/bid/66279
http://twitter.com/grsecurity/statuses/445496197399461888
http://www.openwall.com/lists/oss-security/2014/03/17/7
http://www.securitytracker.com/id/1029945
http://secunia.com/advisories/57446
http://www.ubuntu.com/usn/USN-2173-1
http://www.ubuntu.com/usn/USN-2174-1
XForce ISS Database: linux-kernel-cve20142523-code-exec(91910)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91910

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120205
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2014-328)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2014-328 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2014-328 advisory. Vulnerability Insight: The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. Affected Software/OS: 'kernel' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0055 59386 http://secunia.com/advisories/59386 66441 http://www.securityfocus.com/bid/66441 RHSA-2014:0328 http://rhn.redhat.com/errata/RHSA-2014-0328.html RHSA-2014:0339 http://rhn.redhat.com/errata/RHSA-2014-0339.html https://bugzilla.redhat.com/show_bug.cgi?id=1062577 Common Vulnerability Exposure (CVE) ID: CVE-2014-0077 59599 http://secunia.com/advisories/59599 66678 http://www.securityfocus.com/bid/66678 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10 https://bugzilla.redhat.com/show_bug.cgi?id=1064440 https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0 Common Vulnerability Exposure (CVE) ID: CVE-2014-2309 BugTraq ID: 66095 http://www.securityfocus.com/bid/66095 http://www.openwall.com/lists/oss-security/2014/03/08/1 http://www.securitytracker.com/id/1029894 http://secunia.com/advisories/57250 SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2523 BugTraq ID: 66279 http://www.securityfocus.com/bid/66279 http://twitter.com/grsecurity/statuses/445496197399461888 http://www.openwall.com/lists/oss-security/2014/03/17/7 http://www.securitytracker.com/id/1029945 http://secunia.com/advisories/57446 http://www.ubuntu.com/usn/USN-2173-1 http://www.ubuntu.com/usn/USN-2174-1 XForce ISS Database: linux-kernel-cve20142523-code-exec(91910) https://exchange.xforce.ibmcloud.com/vulnerabilities/91910
Copyright	Copyright (C) 2015 Greenbone AG