Red Hat Local Security Checks : RedHat Security Advisory RHSA-2010:0331

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67169

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2010:0331

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2010:0331.

The GFS-kernel packages contain modules that provide the ability to mount
and use GFS file systems.

A flaw was found in the gfs_lock() implementation. The GFS locking code
could skip the lock operation for files that have the S_ISGID bit
(set-group-ID on execution) in their mode set. A local, unprivileged user
on a system that has a GFS file system mounted could use this flaw to cause
a kernel panic. (CVE-2010-0727)

As well, these updated GFS-kernel packages are in sync with the latest
kernel (2.6.9-89.0.20.EL). The modules in earlier GFS-kernel packages fail
to load because they do not match the running kernel. It is possible to
force-load the modules
however, with this update, force-loading the
modules is not required.

Users are advised to upgrade to these latest GFS-kernel packages, which
resolve this issue and are updated for use with the 2.6.9-89.0.20.EL
kernel.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0331.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
4.7

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0727
1023809
http://securitytracker.com/id?1023809
39830
http://secunia.com/advisories/39830
DSA-2053
http://www.debian.org/security/2010/dsa-2053
MDVSA-2010:066
http://www.mandriva.com/security/advisories?name=MDVSA-2010:066
RHSA-2010:0330
http://www.redhat.com/support/errata/RHSA-2010-0330.html
RHSA-2010:0380
http://www.redhat.com/support/errata/RHSA-2010-0380.html
RHSA-2010:0521
http://www.redhat.com/support/errata/RHSA-2010-0521.html
[linux-kernel] 20100311 [PATCH 3/3] GFS2: Skip check for mandatory locks when unlocking
http://lkml.org/lkml/2010/3/11/269
[oss-security] 20100312 CVE-2010-0727 kernel: gfs/gfs2 locking code DoS flaw
http://www.openwall.com/lists/oss-security/2010/03/12/1
http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2
https://bugzilla.redhat.com/show_bug.cgi?id=570863
oval:org.mitre.oval:def:11392
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11392

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67169
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0331
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0331. The GFS-kernel packages contain modules that provide the ability to mount and use GFS file systems. A flaw was found in the gfs_lock() implementation. The GFS locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727) As well, these updated GFS-kernel packages are in sync with the latest kernel (2.6.9-89.0.20.EL). The modules in earlier GFS-kernel packages fail to load because they do not match the running kernel. It is possible to force-load the modules however, with this update, force-loading the modules is not required. Users are advised to upgrade to these latest GFS-kernel packages, which resolve this issue and are updated for use with the 2.6.9-89.0.20.EL kernel. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0331.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 4.7
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0727 1023809 http://securitytracker.com/id?1023809 39830 http://secunia.com/advisories/39830 DSA-2053 http://www.debian.org/security/2010/dsa-2053 MDVSA-2010:066 http://www.mandriva.com/security/advisories?name=MDVSA-2010:066 RHSA-2010:0330 http://www.redhat.com/support/errata/RHSA-2010-0330.html RHSA-2010:0380 http://www.redhat.com/support/errata/RHSA-2010-0380.html RHSA-2010:0521 http://www.redhat.com/support/errata/RHSA-2010-0521.html [linux-kernel] 20100311 [PATCH 3/3] GFS2: Skip check for mandatory locks when unlocking http://lkml.org/lkml/2010/3/11/269 [oss-security] 20100312 CVE-2010-0727 kernel: gfs/gfs2 locking code DoS flaw http://www.openwall.com/lists/oss-security/2010/03/12/1 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=570863 oval:org.mitre.oval:def:11392 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11392
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com