ID de Prueba:	1.3.6.1.4.1.25623.1.0.64669
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:1223
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:1223.;;The kernel packages contain the Linux kernel, the core of any Linux;operating system.;;These updated packages fix the following security issues:;; * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This;macro did not initialize the sendpage operation in the proto_ops structure;correctly. A local, unprivileged user could use this flaw to cause a local;denial of service or escalate their privileges. (CVE-2009-2692, Important);; * a flaw was found in the udp_sendmsg() implementation in the Linux kernel;when using the MSG_MORE flag on UDP sockets. A local, unprivileged user;could use this flaw to cause a local denial of service or escalate their;privileges. (CVE-2009-2698, Important);;Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google;Security Team for responsibly reporting these flaws.;;Users should upgrade to these updated packages, which contain backported;patches to correct these issues. The system must be rebooted for this;update to take effect.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:1223. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2692 BugTraq ID: 36038 http://www.securityfocus.com/bid/36038 Bugtraq: 20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations (Google Search) http://www.securityfocus.com/archive/1/505751/100/0/threaded Bugtraq: 20090818 rPSA-2009-0121-1 kernel open-vm-tools (Google Search) http://www.securityfocus.com/archive/1/505912/100/0/threaded Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search) http://www.securityfocus.com/archive/1/512019/100/0/threaded Debian Security Information: DSA-1865 (Google Search) http://www.debian.org/security/2009/dsa-1865 http://www.exploit-db.com/exploits/19933 http://www.exploit-db.com/exploits/9477 http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:233 http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html http://grsecurity.net/~spender/wunderbar_emporium.tgz http://zenthought.org/content/file/android-root-2009-08-16-source http://www.openwall.com/lists/oss-security/2009/08/14/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657 RedHat Security Advisories: RHSA-2009:1222 http://rhn.redhat.com/errata/RHSA-2009-1222.html RedHat Security Advisories: RHSA-2009:1223 http://rhn.redhat.com/errata/RHSA-2009-1223.html http://www.redhat.com/support/errata/RHSA-2009-1233.html http://secunia.com/advisories/36278 http://secunia.com/advisories/36289 http://secunia.com/advisories/36327 http://secunia.com/advisories/36430 http://secunia.com/advisories/37298 http://secunia.com/advisories/37471 SuSE Security Announcement: SUSE-SR:2009:015 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://www.vupen.com/english/advisories/2009/2272 http://www.vupen.com/english/advisories/2009/3316 Common Vulnerability Exposure (CVE) ID: CVE-2009-2698 BugTraq ID: 36108 http://www.securityfocus.com/bid/36108 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 http://www.openwall.com/lists/oss-security/2009/08/25/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142 http://www.securitytracker.com/id?1022761 http://secunia.com/advisories/23073 http://secunia.com/advisories/36510 http://secunia.com/advisories/37105 SuSE Security Announcement: SUSE-SA:2009:046 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html http://www.ubuntu.com/usn/USN-852-1
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.