ID de Prueba:	1.3.6.1.4.1.25623.1.0.51073
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:689
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:689. The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for several security issues: Petr Vandrovec discovered a flaw in the 32bit emulation code affecting the Linux 2.4 kernel on the AMD64 architecture. A local attacker could use this flaw to gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1144 to this issue. ISEC security research discovered multiple vulnerabilities in the IGMP functionality which was backported in the Red Hat Enterprise Linux 3 kernels. These flaws could allow a local user to cause a denial of service (crash) or potentially gain privileges. Where multicast applications are being used on a system, these flaws may also allow remote users to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1137 to this issue. ISEC security research and Georgi Guninski independantly discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1016 to this issue. A floating point information leak was discovered in the ia64 architecture context switch code. A local user could use this flaw to read register values of other processes by setting the MFH bit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0565 to this issue. Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.26. A local user could create a carefully crafted binary in such a way that it would cause a denial of service (system crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1234 to this issue. These packages also fix issues in the io_edgeport driver, and a memory leak in ip_options_get. Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-689.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0565 BugTraq ID: 10687 http://www.securityfocus.com/bid/10687 Debian Security Information: DSA-1067 (Google Search) http://www.debian.org/security/2006/dsa-1067 Debian Security Information: DSA-1069 (Google Search) http://www.debian.org/security/2006/dsa-1069 Debian Security Information: DSA-1070 (Google Search) http://www.debian.org/security/2006/dsa-1070 Debian Security Information: DSA-1082 (Google Search) http://www.debian.org/security/2006/dsa-1082 http://www.mandriva.com/security/advisories?name=MDKSA-2004:066 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734 http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10714 http://www.redhat.com/support/errata/RHSA-2004-504.html http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 XForce ISS Database: linux-ia64-info-disclosure(16644) https://exchange.xforce.ibmcloud.com/vulnerabilities/16644 Common Vulnerability Exposure (CVE) ID: CVE-2004-1016 BugTraq ID: 11921 http://www.securityfocus.com/bid/11921 https://bugzilla.fedora.us/show_bug.cgi?id=2336 http://www.mandriva.com/security/advisories?name=MDKSA-2005:022 http://isec.pl/vulnerabilities/isec-0019-scm.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11816 http://www.redhat.com/support/errata/RHSA-2004-689.html http://www.redhat.com/support/errata/RHSA-2005-016.html http://www.redhat.com/support/errata/RHSA-2005-017.html SuSE Security Announcement: SUSE-SA:2004:044 (Google Search) http://www.novell.com/linux/security/advisories/2004_44_kernel.html https://www.ubuntu.com/usn/usn-38-1/ XForce ISS Database: linux-scmsend-dos(18483) https://exchange.xforce.ibmcloud.com/vulnerabilities/18483 Common Vulnerability Exposure (CVE) ID: CVE-2004-1017 BugTraq ID: 12102 http://www.securityfocus.com/bid/12102 Debian Security Information: DSA-1017 (Google Search) http://www.debian.org/security/2006/dsa-1017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9786 http://secunia.com/advisories/19374 XForce ISS Database: linux-ioedgeport-bo(18433) https://exchange.xforce.ibmcloud.com/vulnerabilities/18433 Common Vulnerability Exposure (CVE) ID: CVE-2004-1137 Bugtraq: 20041214 Linux kernel IGMP vulnerabilities (Google Search) Bugtraq: 20041214 [USN-38-1] Linux kernel vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110306397320336&w=2 Conectiva Linux advisory: CLA-2005:930 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 http://isec.pl/vulnerabilities/isec-0018-igmp.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11144 http://www.redhat.com/support/errata/RHSA-2005-092.html XForce ISS Database: linux-igmpmarksources-dos(18482) https://exchange.xforce.ibmcloud.com/vulnerabilities/18482 XForce ISS Database: linux-ipmcsource-code-execution(18481) https://exchange.xforce.ibmcloud.com/vulnerabilities/18481 Common Vulnerability Exposure (CVE) ID: CVE-2004-1144 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10439 SuSE Security Announcement: SUSE-SA:2004:046 (Google Search) http://marc.info/?l=bugtraq&m=110376890429798&w=2 XForce ISS Database: linux-32bit-emulation-gain-privileges(18686) https://exchange.xforce.ibmcloud.com/vulnerabilities/18686 Common Vulnerability Exposure (CVE) ID: CVE-2004-1234 BugTraq ID: 12101 http://www.securityfocus.com/bid/12101 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10608 XForce ISS Database: linux-loadelfbinary-dos(18687) https://exchange.xforce.ibmcloud.com/vulnerabilities/18687
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.