ID de Prueba:	1.3.6.1.4.1.25623.1.0.120566
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-603)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2015-603 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2015-603 advisory. Vulnerability Insight: A race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. (CVE-2015-7613) Linux kernels built with the name spaces support(CONFIG_NAMESPACE) is vulnerable to a potential privilege escalation flaw. It could occur when a process within a container escapes the intended bind mounts to access the full file system. A privileged user inside a container could use this flaw to potentially gain full privileges on a system. (CVE-2015-2925) A NULL-pointer dereference vulnerability was found in the Linux kernel's TCP stack, in net/netfilter/nf_nat_redirect.c in the nf_nat_redirect_ipv4() function. A remote, unauthenticated user could exploit this flaw to create a system crash (denial of service). (CVE-2015-8787) Affected Software/OS: 'kernel' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2925 BugTraq ID: 73926 http://www.securityfocus.com/bid/73926 Debian Security Information: DSA-3364 (Google Search) http://www.debian.org/security/2015/dsa-3364 Debian Security Information: DSA-3372 (Google Search) http://www.debian.org/security/2015/dsa-3372 http://permalink.gmane.org/gmane.linux.kernel.containers/29173 http://permalink.gmane.org/gmane.linux.kernel.containers/29177 http://www.openwall.com/lists/oss-security/2015/04/04/4 RedHat Security Advisories: RHSA-2015:2636 http://rhn.redhat.com/errata/RHSA-2015-2636.html RedHat Security Advisories: RHSA-2016:0068 http://rhn.redhat.com/errata/RHSA-2016-0068.html SuSE Security Announcement: SUSE-SU-2015:2194 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html SuSE Security Announcement: SUSE-SU-2015:2292 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html SuSE Security Announcement: SUSE-SU-2016:0335 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html SuSE Security Announcement: SUSE-SU-2016:0337 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html SuSE Security Announcement: SUSE-SU-2016:0380 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html SuSE Security Announcement: SUSE-SU-2016:0381 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html SuSE Security Announcement: SUSE-SU-2016:0383 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html SuSE Security Announcement: SUSE-SU-2016:0384 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html SuSE Security Announcement: SUSE-SU-2016:0386 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html SuSE Security Announcement: SUSE-SU-2016:0387 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html SuSE Security Announcement: SUSE-SU-2016:0434 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html http://www.ubuntu.com/usn/USN-2792-1 http://www.ubuntu.com/usn/USN-2794-1 http://www.ubuntu.com/usn/USN-2795-1 http://www.ubuntu.com/usn/USN-2798-1 http://www.ubuntu.com/usn/USN-2799-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-7613 BugTraq ID: 76977 http://www.securityfocus.com/bid/76977 http://www.openwall.com/lists/oss-security/2015/10/01/8 http://www.securitytracker.com/id/1034094 http://www.securitytracker.com/id/1034592 SuSE Security Announcement: SUSE-SU-2015:1727 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html SuSE Security Announcement: SUSE-SU-2015:2084 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html SuSE Security Announcement: SUSE-SU-2015:2085 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html SuSE Security Announcement: SUSE-SU-2015:2086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html SuSE Security Announcement: SUSE-SU-2015:2087 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html SuSE Security Announcement: SUSE-SU-2015:2089 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html SuSE Security Announcement: SUSE-SU-2015:2090 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html SuSE Security Announcement: SUSE-SU-2015:2091 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html http://www.ubuntu.com/usn/USN-2761-1 http://www.ubuntu.com/usn/USN-2762-1 http://www.ubuntu.com/usn/USN-2763-1 http://www.ubuntu.com/usn/USN-2764-1 http://www.ubuntu.com/usn/USN-2765-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-8787 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://www.openwall.com/lists/oss-security/2016/01/27/6 SuSE Security Announcement: openSUSE-SU-2016:1008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://www.ubuntu.com/usn/USN-2889-1 http://www.ubuntu.com/usn/USN-2889-2 http://www.ubuntu.com/usn/USN-2890-1 http://www.ubuntu.com/usn/USN-2890-2 http://www.ubuntu.com/usn/USN-2890-3 Common Vulnerability Exposure (CVE) ID: CVE-2017-1000253 BugTraq ID: 101010 http://www.securityfocus.com/bid/101010 https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt RedHat Security Advisories: RHSA-2017:2793 https://access.redhat.com/errata/RHSA-2017:2793 RedHat Security Advisories: RHSA-2017:2794 https://access.redhat.com/errata/RHSA-2017:2794 RedHat Security Advisories: RHSA-2017:2795 https://access.redhat.com/errata/RHSA-2017:2795 RedHat Security Advisories: RHSA-2017:2796 https://access.redhat.com/errata/RHSA-2017:2796 RedHat Security Advisories: RHSA-2017:2797 https://access.redhat.com/errata/RHSA-2017:2797 RedHat Security Advisories: RHSA-2017:2798 https://access.redhat.com/errata/RHSA-2017:2798 RedHat Security Advisories: RHSA-2017:2799 https://access.redhat.com/errata/RHSA-2017:2799 RedHat Security Advisories: RHSA-2017:2800 https://access.redhat.com/errata/RHSA-2017:2800 RedHat Security Advisories: RHSA-2017:2801 https://access.redhat.com/errata/RHSA-2017:2801 RedHat Security Advisories: RHSA-2017:2802 https://access.redhat.com/errata/RHSA-2017:2802 http://www.securitytracker.com/id/1039434
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.