 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.61685 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2008:0892 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2008:0892. The xen packages contain tools for managing the virtual machine monitor in Red Hat Virtualization. It was discovered that the hypervisor's para-virtualized framebuffer (PVFB) backend failed to validate the frontend's framebuffer description properly. This could allow a privileged user in the unprivileged domain (DomU) to cause a denial of service, or, possibly, elevate privileges to the privileged domain (Dom0). (CVE-2008-1952) A flaw was found in the QEMU block format auto-detection, when running fully-virtualized guests and using Qemu images written on removable media (USB storage, 3.5 disks). Privileged users of such fully-virtualized guests (DomU), with a raw-formatted disk image, were able to write a header to that disk image describing another format. This could allow such guests to read arbitrary files in their hypervisor's host (Dom0). (CVE-2008-1945) Additionally, the following bug is addressed in this update: * The qcow-create command terminated when invoked due to glibc bounds checking on the realpath() function. Users of xen are advised to upgrade to these updated packages, which resolve these security issues and fix this bug. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0892.html http://www.redhat.com/security/updates/classification/#important Risk factor : Medium CVSS Score: 4.9 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-1945 1020959 http://www.securitytracker.com/id?1020959 30604 http://www.securityfocus.com/bid/30604 32063 http://secunia.com/advisories/32063 32088 http://secunia.com/advisories/32088 34642 http://secunia.com/advisories/34642 35031 http://secunia.com/advisories/35031 35062 http://secunia.com/advisories/35062 DSA-1799 http://www.debian.org/security/2009/dsa-1799 MDVSA-2008:162 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 RHSA-2008:0892 https://rhn.redhat.com/errata/RHSA-2008-0892.html SUSE-SR:2009:008 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html USN-776-1 http://www.ubuntu.com/usn/usn-776-1 oval:org.mitre.oval:def:9905 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9905 qemu-image-security-bypass(44269) https://exchange.xforce.ibmcloud.com/vulnerabilities/44269 Common Vulnerability Exposure (CVE) ID: CVE-2008-1952 1020957 http://www.securitytracker.com/id?1020957 30646 http://www.securityfocus.com/bid/30646 [Xen-devel] 20080521 [PATCH] ioemu: Fix PVFB backend to limit frame buffer size http://lists.xensource.com/archives/html/xen-devel/2008-05/msg00421.html [oss-security] 20080521 New Xen ioemu: PVFB backend issue http://www.openwall.com/lists/oss-security/2008/05/21/9 http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb30cec385bdca7305bcf7db096721 oval:org.mitre.oval:def:11189 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11189 xen-pvfb-ioemu-dos(43362) https://exchange.xforce.ibmcloud.com/vulnerabilities/43362 |
| Copyright | Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |