ID de Prueba:	1.3.6.1.4.1.25623.1.0.60390
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2008-042-01)
Resumen:	The remote host is missing an update for the 'kernel' package(s) announced via the SSA:2008-042-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the SSA:2008-042-01 advisory. Vulnerability Insight: New kernel packages are available for Slackware 12.0, and -current to fix a local root exploit. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [links moved to references] Here are the details from the Slackware 12.0 ChangeLog: +--------------------------+ patches/packages/kernel-generic-2.6.21.5-i486-2_slack12.0.tgz: All of these kernel upgrades fix yesterday's local root exploit. For more information, see: [links moved to references] (* Security fix *) patches/packages/kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz: (* Security fix *) patches/packages/kernel-huge-2.6.21.5-i486-2_slack12.0.tgz: (* Security fix *) patches/packages/kernel-huge-smp-2.6.21.5_smp-i686-2_slack12.0.tgz: (* Security fix *) If you use lilo, don't forget to run it again after the upgrade. +--------------------------+ Affected Software/OS: 'kernel' package(s) on Slackware 12.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0010 20080212 CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference http://www.securityfocus.com/archive/1/487982/100/0/threaded 27704 http://www.securityfocus.com/bid/27704 27796 http://www.securityfocus.com/bid/27796 28835 http://secunia.com/advisories/28835 28875 http://secunia.com/advisories/28875 28896 http://secunia.com/advisories/28896 5093 https://www.exploit-db.com/exploits/5093 ADV-2008-0487 http://www.vupen.com/english/advisories/2008/0487/references DSA-1494 http://www.debian.org/security/2008/dsa-1494 FEDORA-2008-1422 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html FEDORA-2008-1423 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 Common Vulnerability Exposure (CVE) ID: CVE-2008-0163 BugTraq ID: 27704 BugTraq ID: 27798 http://www.securityfocus.com/bid/27798 Debian Security Information: DSA-1494 (Google Search) XForce ISS Database: linux-kernel-proc-unauth-access(40486) https://exchange.xforce.ibmcloud.com/vulnerabilities/40486 Common Vulnerability Exposure (CVE) ID: CVE-2008-0600 1019393 http://securitytracker.com/id?1019393 20080212 rPSA-2008-0052-1 kernel http://www.securityfocus.com/archive/1/488009/100/0/threaded 27801 http://www.securityfocus.com/bid/27801 28858 http://secunia.com/advisories/28858 28889 http://secunia.com/advisories/28889 28912 http://secunia.com/advisories/28912 28925 http://secunia.com/advisories/28925 28933 http://secunia.com/advisories/28933 28937 http://secunia.com/advisories/28937 29245 http://secunia.com/advisories/29245 30818 http://secunia.com/advisories/30818 5092 https://www.exploit-db.com/exploits/5092 FEDORA-2008-1433 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00270.html FEDORA-2008-1629 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00485.html MDVSA-2008:043 http://www.mandriva.com/security/advisories?name=MDVSA-2008:043 MDVSA-2008:044 http://www.mandriva.com/security/advisories?name=MDVSA-2008:044 RHSA-2008:0129 http://www.redhat.com/support/errata/RHSA-2008-0129.html SUSE-SA:2008:007 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html SUSE-SA:2008:013 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html SUSE-SA:2008:030 http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html USN-577-1 http://www.ubuntu.com/usn/usn-577-1 [linux-kernel] 20080210 Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit http://marc.info/?l=linux-kernel&m=120263652322197&w=2 http://marc.info/?l=linux-kernel&m=120264520431307&w=2 http://marc.info/?l=linux-kernel&m=120264773202422&w=2 http://marc.info/?l=linux-kernel&m=120266328220808&w=2 http://marc.info/?l=linux-kernel&m=120266353621139&w=2 http://wiki.rpath.com/Advisories:rPSA-2008-0052 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0052 https://bugzilla.redhat.com/show_bug.cgi?id=432229 https://bugzilla.redhat.com/show_bug.cgi?id=432517 https://issues.rpath.com/browse/RPL-2237 oval:org.mitre.oval:def:11358 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11358
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.