English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.64668
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2009:1222
Resumen:The remote host is missing updates announced in;advisory RHSA-2009:1222.;;The kernel packages contain the Linux kernel, the core of any Linux;operating system.;;These updated packages fix the following security issues:;; * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This;macro did not initialize the sendpage operation in the proto_ops structure;correctly. A local, unprivileged user could use this flaw to cause a local;denial of service or escalate their privileges. (CVE-2009-2692, Important);; * a flaw was found in the udp_sendmsg() implementation in the Linux kernel;when using the MSG_MORE flag on UDP sockets. A local, unprivileged user;could use this flaw to cause a local denial of service or escalate their;privileges. (CVE-2009-2698, Important);;Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google;Security Team for responsibly reporting these flaws.;;These updated packages also fix the following bug:;; * in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was;not freed in the error exit path. This bug led to a memory leak and an;unresponsive system. A reported case of this bug occurred after running;cman_tool kill -n [nodename]. (BZ#515432);;Users should upgrade to these updated packages, which contain backported;patches to correct these issues. The system must be rebooted for this;update to take effect.
Descripción:Summary:
The remote host is missing updates announced in
advisory RHSA-2009:1222.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

* a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
macro did not initialize the sendpage operation in the proto_ops structure
correctly. A local, unprivileged user could use this flaw to cause a local
denial of service or escalate their privileges. (CVE-2009-2692, Important)

* a flaw was found in the udp_sendmsg() implementation in the Linux kernel
when using the MSG_MORE flag on UDP sockets. A local, unprivileged user
could use this flaw to cause a local denial of service or escalate their
privileges. (CVE-2009-2698, Important)

Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google
Security Team for responsibly reporting these flaws.

These updated packages also fix the following bug:

* in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was
not freed in the error exit path. This bug led to a memory leak and an
unresponsive system. A reported case of this bug occurred after running
cman_tool kill -n [nodename]. (BZ#515432)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2692
BugTraq ID: 36038
http://www.securityfocus.com/bid/36038
Bugtraq: 20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations (Google Search)
http://www.securityfocus.com/archive/1/505751/100/0/threaded
Bugtraq: 20090818 rPSA-2009-0121-1 kernel open-vm-tools (Google Search)
http://www.securityfocus.com/archive/1/505912/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/512019/100/0/threaded
Debian Security Information: DSA-1865 (Google Search)
http://www.debian.org/security/2009/dsa-1865
http://www.exploit-db.com/exploits/19933
http://www.exploit-db.com/exploits/9477
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:233
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
http://grsecurity.net/~spender/wunderbar_emporium.tgz
http://zenthought.org/content/file/android-root-2009-08-16-source
http://www.openwall.com/lists/oss-security/2009/08/14/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657
RedHat Security Advisories: RHSA-2009:1222
http://rhn.redhat.com/errata/RHSA-2009-1222.html
RedHat Security Advisories: RHSA-2009:1223
http://rhn.redhat.com/errata/RHSA-2009-1223.html
http://www.redhat.com/support/errata/RHSA-2009-1233.html
http://secunia.com/advisories/36278
http://secunia.com/advisories/36289
http://secunia.com/advisories/36327
http://secunia.com/advisories/36430
http://secunia.com/advisories/37298
http://secunia.com/advisories/37471
SuSE Security Announcement: SUSE-SR:2009:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://www.vupen.com/english/advisories/2009/2272
http://www.vupen.com/english/advisories/2009/3316
Common Vulnerability Exposure (CVE) ID: CVE-2009-2698
BugTraq ID: 36108
http://www.securityfocus.com/bid/36108
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://www.openwall.com/lists/oss-security/2009/08/25/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142
http://www.securitytracker.com/id?1022761
http://secunia.com/advisories/23073
http://secunia.com/advisories/36510
http://secunia.com/advisories/37105
SuSE Security Announcement: SUSE-SA:2009:046 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html
http://www.ubuntu.com/usn/USN-852-1
CopyrightCopyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.