Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:275

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52718

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:275

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:275.

A flaw was found in the binfmt_elf loader of the Linux kernel which also
affects the IA-32 Execution Layer. A local user could create an
interpreter name string that is not NULL terminated, leading to a denial of
service (crash). The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-1072 to this issue.

This update also addresses the following issues:

- -- Fixed execve to invoke ia32 interpreter
- -- Credential fixes
- -- Fixed a bug causing ibm-jvm to fail
- -- Other minor bug fixes

Please refer to the package release notes for detailed information about
these changes.

All users of ia32el should upgrade to this updated package, which
resolves these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-275.html

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: BugTraq ID: 11646
Common Vulnerability Exposure (CVE) ID: CVE-2004-1072
http://www.securityfocus.com/bid/11646
Debian Security Information: DSA-1067 (Google Search)
http://www.debian.org/security/2006/dsa-1067
Debian Security Information: DSA-1069 (Google Search)
http://www.debian.org/security/2006/dsa-1069
Debian Security Information: DSA-1070 (Google Search)
http://www.debian.org/security/2006/dsa-1070
Debian Security Information: DSA-1082 (Google Search)
http://www.debian.org/security/2006/dsa-1082
https://bugzilla.fedora.us/show_bug.cgi?id=2336
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11195
http://www.redhat.com/support/errata/RHSA-2004-504.html
http://www.redhat.com/support/errata/RHSA-2004-505.html
http://www.redhat.com/support/errata/RHSA-2004-537.html
http://www.redhat.com/support/errata/RHSA-2005-275.html
http://secunia.com/advisories/19607
http://secunia.com/advisories/20162
http://secunia.com/advisories/20163
http://secunia.com/advisories/20202
http://secunia.com/advisories/20338
SGI Security Advisory: 20060402-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
XForce ISS Database: linux-elf-setuid-gain-privileges(18025)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18025

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52718
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:275
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:275. A flaw was found in the binfmt_elf loader of the Linux kernel which also affects the IA-32 Execution Layer. A local user could create an interpreter name string that is not NULL terminated, leading to a denial of service (crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1072 to this issue. This update also addresses the following issues: - -- Fixed execve to invoke ia32 interpreter - -- Credential fixes - -- Fixed a bug causing ibm-jvm to fail - -- Other minor bug fixes Please refer to the package release notes for detailed information about these changes. All users of ia32el should upgrade to this updated package, which resolves these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-275.html Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	BugTraq ID: 11646 Common Vulnerability Exposure (CVE) ID: CVE-2004-1072 http://www.securityfocus.com/bid/11646 Debian Security Information: DSA-1067 (Google Search) http://www.debian.org/security/2006/dsa-1067 Debian Security Information: DSA-1069 (Google Search) http://www.debian.org/security/2006/dsa-1069 Debian Security Information: DSA-1070 (Google Search) http://www.debian.org/security/2006/dsa-1070 Debian Security Information: DSA-1082 (Google Search) http://www.debian.org/security/2006/dsa-1082 https://bugzilla.fedora.us/show_bug.cgi?id=2336 http://www.mandriva.com/security/advisories?name=MDKSA-2005:022 http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11195 http://www.redhat.com/support/errata/RHSA-2004-504.html http://www.redhat.com/support/errata/RHSA-2004-505.html http://www.redhat.com/support/errata/RHSA-2004-537.html http://www.redhat.com/support/errata/RHSA-2005-275.html http://secunia.com/advisories/19607 http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 SGI Security Advisory: 20060402-01-U ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U XForce ISS Database: linux-elf-setuid-gain-privileges(18025) https://exchange.xforce.ibmcloud.com/vulnerabilities/18025
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com