 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.66965 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2010:0125 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2010:0125. SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0125.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 4.9 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-0411 1023664 http://securitytracker.com/id?1023664 38120 http://www.securityfocus.com/bid/38120 38426 http://secunia.com/advisories/38426 38680 http://secunia.com/advisories/38680 38765 http://secunia.com/advisories/38765 38817 http://secunia.com/advisories/38817 39656 http://secunia.com/advisories/39656 ADV-2010-1001 http://www.vupen.com/english/advisories/2010/1001 FEDORA-2010-1373 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035201.html FEDORA-2010-1720 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035261.html RHSA-2010:0124 http://www.redhat.com/support/errata/RHSA-2010-0124.html RHSA-2010:0125 http://www.redhat.com/support/errata/RHSA-2010-0125.html SUSE-SR:2010:010 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html [oss-security] 20100204 systemtap DoS issue (CVE-2010-0411) http://marc.info/?l=oss-security&m=126530657715364&w=2 http://sourceware.org/bugzilla/show_bug.cgi?id=11234 http://sourceware.org/git/gitweb.cgi?p=systemtap.git%3Ba=commit%3Bh=a2d399c87a642190f08ede63dc6fc434a5a8363a https://bugzilla.redhat.com/show_bug.cgi?id=559719 oval:org.mitre.oval:def:9675 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9675 |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |