Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-34)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120219

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-34)

Resumen: The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2012-34 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2012-34 advisory.

Vulnerability Insight:
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.

Affected Software/OS:
'kernel' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4127
48898
http://secunia.com/advisories/48898
SUSE-SU-2012:0554
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
SUSE-SU-2015:0812
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
[oss-security] 20111222 CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl
http://www.openwall.com/lists/oss-security/2011/12/22/5
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0bfc96cb77224736dfa35c3c555d37b3646ef35e
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec8013beddd717d1740cfefb1a9b900deef85462
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2
https://bugzilla.redhat.com/show_bug.cgi?id=752375
https://github.com/torvalds/linux/commit/0bfc96cb77224736dfa35c3c555d37b3646ef35e
https://github.com/torvalds/linux/commit/ec8013beddd717d1740cfefb1a9b900deef85462

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120219
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-34)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2012-34 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2012-34 advisory. Vulnerability Insight: The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume. Affected Software/OS: 'kernel' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4127 48898 http://secunia.com/advisories/48898 SUSE-SU-2012:0554 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html SUSE-SU-2015:0812 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html [oss-security] 20111222 CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl http://www.openwall.com/lists/oss-security/2011/12/22/5 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0bfc96cb77224736dfa35c3c555d37b3646ef35e http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec8013beddd717d1740cfefb1a9b900deef85462 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2 https://bugzilla.redhat.com/show_bug.cgi?id=752375 https://github.com/torvalds/linux/commit/0bfc96cb77224736dfa35c3c555d37b3646ef35e https://github.com/torvalds/linux/commit/ec8013beddd717d1740cfefb1a9b900deef85462
Copyright	Copyright (C) 2015 Greenbone AG