FreeBSD Local Security Checks : FreeBSD Security Advisory (FreeBSD-SA-09:09.pipe.asc)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64206

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Security Advisory (FreeBSD-SA-09:09.pipe.asc)

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-09:09.pipe.asc

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-09:09.pipe.asc

Vulnerability Insight:
One of the most commonly used forms of interprocess communication on
FreeBSD and other UNIX-like systems is the (anonymous) pipe. In this
mechanism, a pair of file descriptors is created, and data written to
one descriptor can be read from the other.

FreeBSD's pipe implementation contains an optimization known as direct
writes. In this optimization, rather than copying data into kernel
memory when the write(2) system call is invoked and then copying the
data again when the read(2) system call is invoked, the FreeBSD kernel
takes advantage of virtual memory mapping to allow the data to be copied
directly between processes.

An integer overflow in computing the set of pages containing data to be
copied can result in virtual-to-physical address lookups not being
performed.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date.

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1935
BugTraq ID: 35279
http://www.securityfocus.com/bid/35279
FreeBSD Security Advisory: FreeBSD-SA-09:09
http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
http://osvdb.org/55044
http://www.securitytracker.com/id?1022365
http://secunia.com/advisories/35398
XForce ISS Database: freebsd-directpipe-info-disclosure(51109)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51109

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64206
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Security Advisory (FreeBSD-SA-09:09.pipe.asc)
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-09:09.pipe.asc
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:09.pipe.asc Vulnerability Insight: One of the most commonly used forms of interprocess communication on FreeBSD and other UNIX-like systems is the (anonymous) pipe. In this mechanism, a pair of file descriptors is created, and data written to one descriptor can be read from the other. FreeBSD's pipe implementation contains an optimization known as direct writes. In this optimization, rather than copying data into kernel memory when the write(2) system call is invoked and then copying the data again when the read(2) system call is invoked, the FreeBSD kernel takes advantage of virtual memory mapping to allow the data to be copied directly between processes. An integer overflow in computing the set of pages containing data to be copied can result in virtual-to-physical address lookups not being performed. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1935 BugTraq ID: 35279 http://www.securityfocus.com/bid/35279 FreeBSD Security Advisory: FreeBSD-SA-09:09 http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc http://osvdb.org/55044 http://www.securitytracker.com/id?1022365 http://secunia.com/advisories/35398 XForce ISS Database: freebsd-directpipe-info-disclosure(51109) https://exchange.xforce.ibmcloud.com/vulnerabilities/51109
Copyright	Copyright (C) 2009 E-Soft Inc.