Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.57523
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2006:0710
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0710.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described
below:

* a flaw in the IPC shared-memory implementation that allowed a local user
to cause a denial of service (deadlock) that resulted in freezing the
system (CVE-2006-4342, Important)

* an information leak in the copy_from_user() implementation on s390 and
s390x platforms that allowed a local user to read arbitrary kernel memory
(CVE-2006-5174, Important)

* a flaw in the ATM subsystem affecting systems with installed ATM
hardware and configured ATM support that allowed a remote user to cause
a denial of service (panic) by accessing socket buffer memory after it
has been freed (CVE-2006-4997, Moderate)

* a directory traversal vulnerability in smbfs that allowed a local user
to escape chroot restrictions for an SMB-mounted filesystem via ..\\
sequences (CVE-2006-1864, Moderate)

* a flaw in the mprotect system call that allowed enabling write permission
for a read-only attachment of shared memory (CVE-2006-2071, Moderate)

* a flaw in the DVD handling of the CDROM driver that could be used
together with a custom built USB device to gain root privileges
(CVE-2006-2935, Moderate)

In addition to the security issues described above, a bug fix for a clock
skew problem (which could lead to unintended keyboard repeat under X11)
was also included. The problem only occurred when running the 32-bit x86
kernel on 64-bit dual-core x86_64 hardware.

Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels
to the packages associated with their machine architecture and
configurations as listed in this erratum.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0710.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
7.1

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-1864
BugTraq ID: 17735
http://www.securityfocus.com/bid/17735
Bugtraq: 20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 (Google Search)
http://www.securityfocus.com/archive/1/451419/100/200/threaded
Bugtraq: 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 (Google Search)
http://www.securityfocus.com/archive/1/451404/100/0/threaded
Bugtraq: 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 (Google Search)
http://www.securityfocus.com/archive/1/451417/100/200/threaded
Bugtraq: 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 (Google Search)
http://www.securityfocus.com/archive/1/451426/100/200/threaded
Debian Security Information: DSA-1097 (Google Search)
http://www.debian.org/security/2006/dsa-1097
Debian Security Information: DSA-1103 (Google Search)
http://www.debian.org/security/2006/dsa-1103
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
http://www.mandriva.com/security/advisories?name=MDKSA-2006:151
http://www.osvdb.org/25067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11327
http://www.redhat.com/support/errata/RHSA-2006-0493.html
http://www.redhat.com/support/errata/RHSA-2006-0579.html
http://www.redhat.com/support/errata/RHSA-2006-0580.html
http://www.redhat.com/support/errata/RHSA-2006-0710.html
http://secunia.com/advisories/19869
http://secunia.com/advisories/20237
http://secunia.com/advisories/20398
http://secunia.com/advisories/20671
http://secunia.com/advisories/20716
http://secunia.com/advisories/20914
http://secunia.com/advisories/21035
http://secunia.com/advisories/21476
http://secunia.com/advisories/21614
http://secunia.com/advisories/21745
http://secunia.com/advisories/22497
http://secunia.com/advisories/22875
http://secunia.com/advisories/23064
SuSE Security Announcement: SUSE-SA:2006:028 (Google Search)
http://www.novell.com/linux/security/advisories/2006-05-31.html
http://www.trustix.org/errata/2006/0026
http://www.ubuntu.com/usn/usn-302-1
http://www.vupen.com/english/advisories/2006/2554
http://www.vupen.com/english/advisories/2006/4502
XForce ISS Database: kernel-smbfs-directory-traversal(26137)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26137
Common Vulnerability Exposure (CVE) ID: CVE-2006-2071
http://www.mandriva.com/security/advisories?name=MDKSA-2006:086
http://www.osvdb.org/25139
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9978
http://www.redhat.com/support/errata/RHSA-2006-0689.html
http://secunia.com/advisories/20157
http://secunia.com/advisories/22292
http://secunia.com/advisories/22945
http://www.vupen.com/english/advisories/2006/1391
XForce ISS Database: linux-mprotect-security-bypass(26169)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26169
Common Vulnerability Exposure (CVE) ID: CVE-2006-2935
BugTraq ID: 18847
http://www.securityfocus.com/bid/18847
Bugtraq: 20060831 rPSA-2006-0162-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/444887/100/0/threaded
Debian Security Information: DSA-1183 (Google Search)
http://www.debian.org/security/2006/dsa-1183
Debian Security Information: DSA-1184 (Google Search)
http://www.debian.org/security/2006/dsa-1184
http://bugzilla.kernel.org/show_bug.cgi?id=2966
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10886
http://www.redhat.com/support/errata/RHSA-2006-0617.html
http://www.redhat.com/support/errata/RHSA-2007-0012.html
http://www.redhat.com/support/errata/RHSA-2007-0013.html
http://secunia.com/advisories/21179
http://secunia.com/advisories/21298
http://secunia.com/advisories/21498
http://secunia.com/advisories/21605
http://secunia.com/advisories/21695
http://secunia.com/advisories/21934
http://secunia.com/advisories/22082
http://secunia.com/advisories/22093
http://secunia.com/advisories/22174
http://secunia.com/advisories/22822
http://secunia.com/advisories/23788
http://secunia.com/advisories/24288
SuSE Security Announcement: SUSE-SA:2006:042 (Google Search)
http://www.novell.com/linux/security/advisories/2006_42_kernel.html
SuSE Security Announcement: SUSE-SA:2006:047 (Google Search)
http://www.novell.com/linux/security/advisories/2006_47_kernel.html
SuSE Security Announcement: SUSE-SA:2006:049 (Google Search)
http://www.novell.com/linux/security/advisories/2006_49_kernel.html
SuSE Security Announcement: SUSE-SA:2006:064 (Google Search)
http://www.novell.com/linux/security/advisories/2006_64_kernel.html
http://www.ubuntu.com/usn/usn-331-1
http://www.ubuntu.com/usn/usn-346-1
http://www.vupen.com/english/advisories/2006/2680
XForce ISS Database: linux-dvdreadbca-bo(27579)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27579
Common Vulnerability Exposure (CVE) ID: CVE-2006-4342
CERT/CC vulnerability note: VU#245984
http://www.kb.cert.org/vuls/id/245984
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9649
Common Vulnerability Exposure (CVE) ID: CVE-2006-4997
BugTraq ID: 20363
http://www.securityfocus.com/bid/20363
Bugtraq: 20070615 rPSA-2007-0124-1 kernel xen (Google Search)
http://www.securityfocus.com/archive/1/471457
Debian Security Information: DSA-1233 (Google Search)
http://www.us.debian.org/security/2006/dsa-1233
Debian Security Information: DSA-1237 (Google Search)
http://www.us.debian.org/security/2006/dsa-1237
http://www.mandriva.com/security/advisories?name=MDKSA-2006:197
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10388
http://securitytracker.com/id?1017526
http://secunia.com/advisories/22253
http://secunia.com/advisories/22279
http://secunia.com/advisories/22762
http://secunia.com/advisories/23370
http://secunia.com/advisories/23384
http://secunia.com/advisories/23395
http://secunia.com/advisories/23474
http://secunia.com/advisories/23752
http://secunia.com/advisories/25691
SuSE Security Announcement: SUSE-SA:2006:079 (Google Search)
http://www.novell.com/linux/security/advisories/2006_79_kernel.html
http://www.ubuntu.com/usn/usn-395-1
http://www.vupen.com/english/advisories/2006/3937
http://www.vupen.com/english/advisories/2006/3999
XForce ISS Database: kernel-clipmkip-dos(29387)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29387
Common Vulnerability Exposure (CVE) ID: CVE-2006-5174
BugTraq ID: 20379
http://www.securityfocus.com/bid/20379
http://lkml.org/lkml/2006/11/5/46
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9885
RedHat Security Advisories: RHSA-2007:0014
http://rhn.redhat.com/errata/RHSA-2007-0014.html
http://securitytracker.com/id?1017090
http://secunia.com/advisories/22289
http://secunia.com/advisories/23997
http://secunia.com/advisories/24206
http://www.vupen.com/english/advisories/2006/3938
XForce ISS Database: kernel-copyfromuser-information-disclosure(29378)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29378
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.