English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.58945
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2007:0705
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0705.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the following security issues:

* a flaw in the DRM driver for Intel graphics cards that allowed a local
user to access any part of the main memory. To access the DRM functionality
a user must have access to the X server which is granted through the
graphical login. This also only affected systems with an Intel 965 or later
graphic chipset. (CVE-2007-3851, Important)

* a flaw in the VFAT compat ioctl handling on 64-bit systems that allowed a
local user to corrupt a kernel_dirent struct and cause a denial of service
(system crash). (CVE-2007-2878, Important)

* a flaw in the connection tracking support for SCTP that allowed a remote
user to cause a denial of service by dereferencing a NULL pointer.
(CVE-2007-2876, Important)

* flaw in the CIFS filesystem which could cause the umask values of a
process to not be honored. This affected CIFS filesystems where the Unix
extensions are supported. (CVE-2007-3740, Important)

* a flaw in the stack expansion when using the hugetlb kernel on PowerPC
systems that allowed a local user to cause a denial of service.
(CVE-2007-3739, Moderate)

* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a
denial of service or potential remote access. Exploitation would require
the attacker to be able to send arbitrary frames over the ISDN network to
the victim's machine. (CVE-2007-1217, Moderate)

* a flaw in the cpuset support that allowed a local user to obtain
sensitive information from kernel memory. To exploit this the cpuset
filesystem would have to already be mounted. (CVE-2007-2875, Moderate)

* a flaw in the CIFS handling of the mount option sec= that didn't enable
integrity checking and didn't produce any error message. (CVE-2007-3843,
Low)

Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,
which contain backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0705.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
6.9

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-1217
BugTraq ID: 23333
http://www.securityfocus.com/bid/23333
http://security.gentoo.org/glsa/glsa-200704-23.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:078
http://osvdb.org/34742
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10503
http://www.redhat.com/support/errata/RHSA-2007-0671.html
http://www.redhat.com/support/errata/RHSA-2007-0672.html
http://www.redhat.com/support/errata/RHSA-2007-0673.html
http://www.redhat.com/support/errata/RHSA-2007-0705.html
http://www.redhat.com/support/errata/RHSA-2007-0774.html
http://www.securitytracker.com/id?1018539
http://secunia.com/advisories/24777
http://secunia.com/advisories/26379
http://secunia.com/advisories/26478
http://secunia.com/advisories/26709
http://secunia.com/advisories/26760
http://secunia.com/advisories/27528
Common Vulnerability Exposure (CVE) ID: CVE-2007-2875
BugTraq ID: 24389
http://www.securityfocus.com/bid/24389
Debian Security Information: DSA-1363 (Google Search)
http://www.debian.org/security/2007/dsa-1363
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=541
http://www.mandriva.com/security/advisories?name=MDKSA-2007:171
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
http://osvdb.org/37113
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9251
http://www.securitytracker.com/id?1018211
http://secunia.com/advisories/26133
http://secunia.com/advisories/26139
http://secunia.com/advisories/26620
http://secunia.com/advisories/26647
http://secunia.com/advisories/27227
SuSE Security Announcement: SUSE-SA:2007:053 (Google Search)
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.ubuntu.com/usn/usn-486-1
http://www.ubuntu.com/usn/usn-489-1
http://www.ubuntu.com/usn/usn-510-1
http://www.vupen.com/english/advisories/2007/2105
XForce ISS Database: kernel-cpusettasksread-info-disclosure(34779)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34779
Common Vulnerability Exposure (CVE) ID: CVE-2007-2876
BugTraq ID: 24376
http://www.securityfocus.com/bid/24376
Debian Security Information: DSA-1356 (Google Search)
http://www.debian.org/security/2007/dsa-1356
http://marc.info/?l=linux-kernel&m=118128610219959&w=2
http://marc.info/?l=linux-kernel&m=118128622431272&w=2
http://osvdb.org/37112
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10116
RedHat Security Advisories: RHSA-2007:0488
http://rhn.redhat.com/errata/RHSA-2007-0488.html
http://secunia.com/advisories/25838
http://secunia.com/advisories/25961
http://secunia.com/advisories/26289
http://secunia.com/advisories/26450
http://secunia.com/advisories/26664
SuSE Security Announcement: SUSE-SA:2007:043 (Google Search)
http://www.novell.com/linux/security/advisories/2007_43_kernel.html
SuSE Security Announcement: SUSE-SA:2007:051 (Google Search)
http://www.novell.com/linux/security/advisories/2007_51_kernel.html
XForce ISS Database: kernel-sctpnew-dos(34777)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34777
Common Vulnerability Exposure (CVE) ID: CVE-2007-2878
BugTraq ID: 24134
http://www.securityfocus.com/bid/24134
Debian Security Information: DSA-1479 (Google Search)
http://www.debian.org/security/2008/dsa-1479
http://osvdb.org/35926
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11674
http://www.redhat.com/support/errata/RHSA-2007-0939.html
http://secunia.com/advisories/25505
http://secunia.com/advisories/27436
http://secunia.com/advisories/27747
http://secunia.com/advisories/28626
http://www.vupen.com/english/advisories/2007/2023
XForce ISS Database: kernel-vfatioctls-dos(34669)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34669
Common Vulnerability Exposure (CVE) ID: CVE-2007-3739
23955
http://secunia.com/advisories/23955
26760
26955
http://secunia.com/advisories/26955
26978
http://secunia.com/advisories/26978
27436
27747
27913
http://secunia.com/advisories/27913
29058
http://secunia.com/advisories/29058
DSA-1378
http://www.debian.org/security/2007/dsa-1378
DSA-1504
http://www.debian.org/security/2008/dsa-1504
RHSA-2007:0705
RHSA-2007:0939
RHSA-2007:1049
http://www.redhat.com/support/errata/RHSA-2007-1049.html
USN-518-1
http://www.ubuntu.com/usn/usn-518-1
[lkml] 20070129 [PATCH] Don't allow the stack to grow into hugetlb reserved regions
http://lkml.org/lkml/2007/1/29/180
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
https://bugzilla.redhat.com/show_bug.cgi?id=253313
kernel-stack-expansion-dos(36592)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36592
oval:org.mitre.oval:def:11455
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11455
Common Vulnerability Exposure (CVE) ID: CVE-2007-3740
25672
http://www.securityfocus.com/bid/25672
27912
http://secunia.com/advisories/27912
28806
http://secunia.com/advisories/28806
MDVSA-2008:008
http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
MDVSA-2008:105
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
SUSE-SA:2007:064
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
SUSE-SA:2008:006
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
https://bugzilla.redhat.com/show_bug.cgi?id=253314
kernel-cifs-filesystem-dos(36593)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36593
oval:org.mitre.oval:def:9953
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9953
Common Vulnerability Exposure (CVE) ID: CVE-2007-3843
25244
http://www.securityfocus.com/bid/25244
26366
http://secunia.com/advisories/26366
26647
DSA-1363
USN-510-1
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246595
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc1
oval:org.mitre.oval:def:9670
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9670
Common Vulnerability Exposure (CVE) ID: CVE-2007-3851
25263
http://www.securityfocus.com/bid/25263
26389
http://secunia.com/advisories/26389
26450
26500
http://secunia.com/advisories/26500
26643
http://secunia.com/advisories/26643
26664
27227
ADV-2007-2854
http://www.vupen.com/english/advisories/2007/2854
DSA-1356
SUSE-SA:2007:051
SUSE-SA:2007:053
USN-509-1
http://www.ubuntu.com/usn/usn-509-1
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
https://issues.rpath.com/browse/RPL-1620
oval:org.mitre.oval:def:11196
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.