English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.58665
Categoría:Mandrake Local Security Checks
Título:Mandrake Security Advisory MDKSA-2007:195 (kernel)
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing an update to kernel
announced via advisory MDKSA-2007:195.

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

A stack-based buffer overflow in the random number generator could
allow local root users to cause a denial of service or gain privileges
by setting the default wakeup threshold to a value greater than the
output pool size (CVE-2007-3105).

The lcd_write function did not limit the amount of memory used by
a caller, which allows local users to cause a denial of service
(memory consumption) (CVE-2007-3513).

The decode_choice function allowed remote attackers to cause a denial
of service (crash) via an encoded out-of-range index value for a choice
field which triggered a NULL pointer dereference (CVE-2007-3642).

The Linux kernel allowed local users to send arbitrary signals
to a child process that is running at higher privileges by
causing a setuid-root parent process to die which delivered an
attacker-controlled parent process death signal (PR_SET_PDEATHSIG)
(CVE-2007-3848).

The aac_cfg_openm and aac_compat_ioctl functions in the SCSI layer
ioctl patch in aacraid did not check permissions for ioctls, which
might allow local users to cause a denial of service or gain privileges
(CVE-2007-4308).

The IA32 system call emulation functionality, when running on the
x86_64 architecture, did not zero extend the eax register after the
32bit entry path to ptrace is used, which could allow local users to
gain privileges by triggering an out-of-bounds access to the system
call table using the %RAX register (CVE-2007-4573).

In addition to these security fixes, other fixes have been included
such as:

- More NVidia PCI ids wre added
- The 3w-9xxx module was updated to version 2.26.02.010
- Fixed the map entry for ICH8
- Added the TG3 5786 PCI id
- Reduced the log verbosity of cx88-mpeg

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Affected: 2007.0, 2007.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:195

Risk factor : High

CVSS Score:
7.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-3105
25348
http://www.securityfocus.com/bid/25348
26500
http://secunia.com/advisories/26500
26643
http://secunia.com/advisories/26643
26647
http://secunia.com/advisories/26647
26651
http://secunia.com/advisories/26651
26664
http://secunia.com/advisories/26664
27212
http://secunia.com/advisories/27212
27227
http://secunia.com/advisories/27227
27322
http://secunia.com/advisories/27322
27436
http://secunia.com/advisories/27436
27747
http://secunia.com/advisories/27747
29058
http://secunia.com/advisories/29058
DSA-1363
http://www.debian.org/security/2007/dsa-1363
DSA-1504
http://www.debian.org/security/2008/dsa-1504
MDKSA-2007:195
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195
MDKSA-2007:196
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
MDKSA-2007:216
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216
RHSA-2007:0939
http://www.redhat.com/support/errata/RHSA-2007-0939.html
RHSA-2007:0940
http://www.redhat.com/support/errata/RHSA-2007-0940.html
SUSE-SA:2007:051
http://www.novell.com/linux/security/advisories/2007_51_kernel.html
SUSE-SA:2007:053
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
USN-508-1
http://www.ubuntu.com/usn/usn-508-1
USN-509-1
http://www.ubuntu.com/usn/usn-509-1
USN-510-1
http://www.ubuntu.com/usn/usn-510-1
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.22-git14.log
https://issues.rpath.com/browse/RPL-1650
oval:org.mitre.oval:def:10371
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10371
Common Vulnerability Exposure (CVE) ID: CVE-2007-3513
BugTraq ID: 24734
http://www.securityfocus.com/bid/24734
Debian Security Information: DSA-1356 (Google Search)
http://www.debian.org/security/2007/dsa-1356
http://osvdb.org/37116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9883
http://secunia.com/advisories/25895
http://secunia.com/advisories/26139
http://secunia.com/advisories/26450
SuSE Security Announcement: SUSE-SA:2007:051 (Google Search)
SuSE Security Announcement: SUSE-SA:2007:053 (Google Search)
http://www.ubuntu.com/usn/usn-489-1
http://www.vupen.com/english/advisories/2007/2403
XForce ISS Database: kernel-lcdwrite-dos(35302)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35302
Common Vulnerability Exposure (CVE) ID: CVE-2007-3642
BugTraq ID: 24818
http://www.securityfocus.com/bid/24818
http://osvdb.org/37117
http://secunia.com/advisories/25955
http://www.vupen.com/english/advisories/2007/2466
Common Vulnerability Exposure (CVE) ID: CVE-2007-3848
20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
http://www.securityfocus.com/archive/1/476464/100/0/threaded
20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process DeathSignal Vulnerability
http://marc.info/?l=bugtraq&m=118711306802632&w=2
20070814 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
http://www.securityfocus.com/archive/1/476538/100/0/threaded
20070815 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
http://www.securityfocus.com/archive/1/476677/100/0/threaded
20070816 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
http://www.securityfocus.com/archive/1/476803/100/0/threaded
25387
http://www.securityfocus.com/bid/25387
26450
27913
http://secunia.com/advisories/27913
28806
http://secunia.com/advisories/28806
29570
http://secunia.com/advisories/29570
33280
http://secunia.com/advisories/33280
DSA-1356
DSA-1503
http://www.debian.org/security/2008/dsa-1503
RHSA-2007:1049
http://www.redhat.com/support/errata/RHSA-2007-1049.html
RHSA-2008:0787
http://www.redhat.com/support/errata/RHSA-2008-0787.html
SUSE-SA:2008:006
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
SUSE-SA:2008:017
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
[openwall-announce] 20070814 Linux 2.4.35-ow2
http://marc.info/?l=openwall-announce&m=118710356812637&w=2
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.4
https://issues.rpath.com/browse/RPL-1648
oval:org.mitre.oval:def:10120
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10120
Common Vulnerability Exposure (CVE) ID: CVE-2007-4308
BugTraq ID: 25216
http://www.securityfocus.com/bid/25216
Bugtraq: 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates (Google Search)
http://www.securityfocus.com/archive/1/488457/100/0/threaded
Debian Security Information: DSA-1363 (Google Search)
Debian Security Information: DSA-1503 (Google Search)
Debian Security Information: DSA-1504 (Google Search)
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8872
http://securitytracker.com/id?1019470
http://secunia.com/advisories/26322
http://secunia.com/advisories/27912
http://secunia.com/advisories/29032
SuSE Security Announcement: SUSE-SA:2007:064 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
SuSE Security Announcement: SUSE-SA:2008:006 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:017 (Google Search)
http://www.vupen.com/english/advisories/2007/2786
http://www.vupen.com/english/advisories/2008/0637
Common Vulnerability Exposure (CVE) ID: CVE-2007-4573
1018748
http://securitytracker.com/id?1018748
20070924 COSEINC Linux Advisory #2: IA32 System Call
http://marc.info/?l=full-disclosure&m=119062587407908&w=2
20070924 COSEINC Linux Advisory #2: IA32 System Call Emulation Vulnerability
http://www.securityfocus.com/archive/1/480451/100/0/threaded
20070926 Re: COSEINC Linux Advisory #2: IA32 System CallEmulation Vulnerability
http://www.securityfocus.com/archive/1/480705/100/0/threaded
25774
http://www.securityfocus.com/bid/25774
26917
http://secunia.com/advisories/26917
26919
http://secunia.com/advisories/26919
26934
http://secunia.com/advisories/26934
26953
http://secunia.com/advisories/26953
26955
http://secunia.com/advisories/26955
26978
http://secunia.com/advisories/26978
26994
http://secunia.com/advisories/26994
26995
http://secunia.com/advisories/26995
27912
ADV-2007-3246
http://www.vupen.com/english/advisories/2007/3246
DSA-1378
http://www.debian.org/security/2007/dsa-1378
DSA-1381
http://www.debian.org/security/2007/dsa-1381
FEDORA-2007-2298
http://fedoranews.org/updates/FEDORA-2007-229.shtml
FEDORA-2007-712
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00355.html
MDVSA-2008:008
http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
MDVSA-2008:105
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
RHSA-2007:0936
http://www.redhat.com/support/errata/RHSA-2007-0936.html
RHSA-2007:0937
http://www.redhat.com/support/errata/RHSA-2007-0937.html
RHSA-2007:0938
http://www.redhat.com/support/errata/RHSA-2007-0938.html
SUSE-SA:2007:064
USN-518-1
http://www.ubuntu.com/usn/usn-518-1
[linux-kernel] 20070921 Linux 2.6.22.7
http://lkml.org/lkml/2007/9/21/512
[linux-kernel] 20070921 Re: Linux 2.6.22.7
http://lkml.org/lkml/2007/9/21/513
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.7
https://issues.rpath.com/browse/RPL-1754
oval:org.mitre.oval:def:9735
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9735
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.