ID de Prueba:	1.3.6.1.4.1.25623.1.0.55135
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:529
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:529. The Linux kernel handles the basic functions of the operating system. This is a kernel maintenance update to Red Hat Enterprise Linux 2.1. The following security issues were corrected: A flaw between execve() syscall handling and core dumping of ELF-format executables allowed local unprivileged users to cause a denial of service (system crash) or possibly gain privileges. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-1263 to this issue. A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (crash). (CVE-2005-0749) The Direct Rendering Manager (DRM) driver did not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) or possibly modify the video output. (CVE-2004-1056) A flaw in the moxa serial driver could allow a local user to perform privileged operations such as replacing the firmware. (CVE-2005-0504) The following bug fixes were also made: - - Fix a race condition that can cause a panic in __get_lease() - - Fix a race condition that can cause a panic when reading /proc/mdstat - - Fix incorrect ide accounting - - Prevent non-root users from reloading moxa driver firmware - - Fix a null-pointer-dereference bug in rpciod - - Fix legacy-usb handoff for certain IBM platforms - - Fix a bug that caused busy inodes after unmount - - Provide an additional fix for a memory leak in scsi_scan_single. - - Fix a potential kswapd/dquot deadlock. - - Fix a potential local DoS in shmemfs. - - Fix a random poolsize vulnerability. Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine configurations as listed in this erratum. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-529.html Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0504 BugTraq ID: 12195 http://www.securityfocus.com/bid/12195 Debian Security Information: DSA-1067 (Google Search) http://www.debian.org/security/2006/dsa-1067 Debian Security Information: DSA-1069 (Google Search) http://www.debian.org/security/2006/dsa-1069 Debian Security Information: DSA-1070 (Google Search) http://www.debian.org/security/2006/dsa-1070 Debian Security Information: DSA-1082 (Google Search) http://www.debian.org/security/2006/dsa-1082 http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9770 http://www.redhat.com/support/errata/RHSA-2005-529.html http://www.redhat.com/support/errata/RHSA-2005-551.html http://www.redhat.com/support/errata/RHSA-2005-663.html http://www.redhat.com/support/errata/RHSA-2008-0237.html http://securitytracker.com/id?1013273 http://secunia.com/advisories/17002 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 http://secunia.com/advisories/26651 http://secunia.com/advisories/30112 http://www.ubuntu.com/usn/usn-508-1 http://www.vupen.com/english/advisories/2005/1878 Common Vulnerability Exposure (CVE) ID: CVE-2005-0749 12935 http://www.securityfocus.com/bid/12935 14713 http://secunia.com/advisories/14713/ 19607 http://secunia.com/advisories/19607 20060402-01-U ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U FLSA:152532 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 RHSA-2005:293 http://www.redhat.com/support/errata/RHSA-2005-293.html RHSA-2005:366 http://www.redhat.com/support/errata/RHSA-2005-366.html RHSA-2005:529 RHSA-2005:551 USN-103-1 https://usn.ubuntu.com/103-1/ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6 kernel-loadelflibrary-dos(19867) https://exchange.xforce.ibmcloud.com/vulnerabilities/19867 oval:org.mitre.oval:def:10640 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10640 Common Vulnerability Exposure (CVE) ID: CVE-2005-1263 13589 http://www.securityfocus.com/bid/13589 19185 http://secunia.com/advisories/19185 20050511 Linux kernel ELF core dump privilege elevation http://www.securityfocus.com/archive/1/397966 ADV-2005-0524 http://www.vupen.com/english/advisories/2005/0524 FLSA:157459-1 http://www.securityfocus.com/archive/1/428028/100/0/threaded FLSA:157459-2 http://www.securityfocus.com/archive/1/428058/100/0/threaded FLSA:157459-3 http://www.securityfocus.com/archive/1/427980/100/0/threaded RHSA-2005:472 http://www.redhat.com/support/errata/RHSA-2005-472.html http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt oval:org.mitre.oval:def:10909 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10909 oval:org.mitre.oval:def:1122 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1122 Common Vulnerability Exposure (CVE) ID: CVE-2004-1056 https://bugzilla.fedora.us/show_bug.cgi?id=2336 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9795 http://www.redhat.com/support/errata/RHSA-2005-092.html https://www.ubuntu.com/usn/usn-38-1/ XForce ISS Database: linux-i810-dma-dos(15972) https://exchange.xforce.ibmcloud.com/vulnerabilities/15972
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.