ID de Prueba:	1.3.6.1.4.1.25623.1.0.55136
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:551
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:551. The Linux kernel handles the basic functions of the operating system. This is a kernel maintenance update to Red Hat Enterprise Linux 2.1. The following security issues are corrected: A flaw between execve() syscall handling and core dumping of ELF-format executables allowed local unprivileged users to cause a denial of service (system crash) or possibly gain privileges. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-1263 to this issue. A flaw in ptrace for Itanium architectures was discovered. A local user could use this flaw to cause a denial of service (crash) or possibly gain privileges. (CVE-2005-1761) A race condition in the ia32 compatibility code for the execve system call was discovered. A local user could use this flaw to cause a denial of service (kernel panic) or possibly gain privileges. (CVE-2005-1768) A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (crash). (CVE-2005-0749) The Direct Rendering Manager (DRM) driver did not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) or possibly modify the video output. (CVE-2004-1056) A flaw in the moxa serial driver could allow a local user to perform privileged operations such as replacing the firmware. (CVE-2005-0504) The following bug fixes were also made: - - busy inodes after unmount error on NFS volumes - - Establish 64-bit limits even for 32-bit threads - - Fix a race condition in __get_lease - - Fix error in IDE disk accounting. This last fix causes IO accounting to occur only on READ and WRITE operations. This fixes several bugs in various accounting and statistic utilities. - - Fix kswapd/dquot deadlock bug - - Fix loop control bug in do_shmem_file_read All Red Hat Enterprise Linux 2.1 Itanium users are advised to upgrade their kernels to the packages associated with their machine configurations as listed in this erratum. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-551.html Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0504 BugTraq ID: 12195 http://www.securityfocus.com/bid/12195 Debian Security Information: DSA-1067 (Google Search) http://www.debian.org/security/2006/dsa-1067 Debian Security Information: DSA-1069 (Google Search) http://www.debian.org/security/2006/dsa-1069 Debian Security Information: DSA-1070 (Google Search) http://www.debian.org/security/2006/dsa-1070 Debian Security Information: DSA-1082 (Google Search) http://www.debian.org/security/2006/dsa-1082 http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9770 http://www.redhat.com/support/errata/RHSA-2005-529.html http://www.redhat.com/support/errata/RHSA-2005-551.html http://www.redhat.com/support/errata/RHSA-2005-663.html http://www.redhat.com/support/errata/RHSA-2008-0237.html http://securitytracker.com/id?1013273 http://secunia.com/advisories/17002 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 http://secunia.com/advisories/26651 http://secunia.com/advisories/30112 http://www.ubuntu.com/usn/usn-508-1 http://www.vupen.com/english/advisories/2005/1878 Common Vulnerability Exposure (CVE) ID: CVE-2005-0749 12935 http://www.securityfocus.com/bid/12935 14713 http://secunia.com/advisories/14713/ 19607 http://secunia.com/advisories/19607 20060402-01-U ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U FLSA:152532 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532 RHSA-2005:293 http://www.redhat.com/support/errata/RHSA-2005-293.html RHSA-2005:366 http://www.redhat.com/support/errata/RHSA-2005-366.html RHSA-2005:529 RHSA-2005:551 USN-103-1 https://usn.ubuntu.com/103-1/ http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6 kernel-loadelflibrary-dos(19867) https://exchange.xforce.ibmcloud.com/vulnerabilities/19867 oval:org.mitre.oval:def:10640 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10640 Common Vulnerability Exposure (CVE) ID: CVE-2005-1263 13589 http://www.securityfocus.com/bid/13589 19185 http://secunia.com/advisories/19185 20050511 Linux kernel ELF core dump privilege elevation http://www.securityfocus.com/archive/1/397966 ADV-2005-0524 http://www.vupen.com/english/advisories/2005/0524 FLSA:157459-1 http://www.securityfocus.com/archive/1/428028/100/0/threaded FLSA:157459-2 http://www.securityfocus.com/archive/1/428058/100/0/threaded FLSA:157459-3 http://www.securityfocus.com/archive/1/427980/100/0/threaded RHSA-2005:472 http://www.redhat.com/support/errata/RHSA-2005-472.html http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt oval:org.mitre.oval:def:10909 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10909 oval:org.mitre.oval:def:1122 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1122 Common Vulnerability Exposure (CVE) ID: CVE-2005-1768 1014442 http://securitytracker.com/id?1014442 14205 http://www.securityfocus.com/bid/14205 15980 http://secunia.com/advisories/15980 17002 18059 http://secunia.com/advisories/18059 20050711 [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) http://marc.info/?l=bugtraq&m=112110120216116&w=2 ADV-2005-1878 DSA-921 http://www.debian.org/security/2005/dsa-921 RHSA-2005:663 SUSE-SA:2005:044 http://www.novell.com/linux/security/advisories/2005_44_kernel.html http://www.suresec.org/advisories/adv4.pdf oval:org.mitre.oval:def:11117 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11117 Common Vulnerability Exposure (CVE) ID: CVE-2005-1761 1014275 http://securitytracker.com/id?1014275 14051 http://www.securityfocus.com/bid/14051 17073 http://secunia.com/advisories/17073 18056 http://secunia.com/advisories/18056 19369 http://secunia.com/advisories/19369 DSA-1018 http://www.debian.org/security/2006/dsa-1018 DSA-922 http://www.debian.org/security/2005/dsa-922 RHSA-2005:514 http://www.redhat.com/support/errata/RHSA-2005-514.html http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ea78729b8dbfc400fe165a57b90a394a7275a54 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1 oval:org.mitre.oval:def:10487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10487 Common Vulnerability Exposure (CVE) ID: CVE-2004-1056 https://bugzilla.fedora.us/show_bug.cgi?id=2336 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9795 http://www.redhat.com/support/errata/RHSA-2005-092.html https://www.ubuntu.com/usn/usn-38-1/ XForce ISS Database: linux-i810-dma-dos(15972) https://exchange.xforce.ibmcloud.com/vulnerabilities/15972
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.