CentOS Local Security Checks : CentOS Update for kernel CESA-2009:1233 centos3 i386

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.880685

Categoría: CentOS Local Security Checks

Título: CentOS Update for kernel CESA-2009:1233 centos3 i386

Resumen: The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

* a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
macro did not initialize the sendpage operation in the proto_ops structure
correctly. A local, unprivileged user could use this flaw to cause a local
denial of service or escalate their privileges. (CVE-2009-2692, Important)

* a flaw was found in the udp_sendmsg() implementation in the Linux kernel
when using the MSG_MORE flag on UDP sockets. A local, unprivileged user
could use this flaw to cause a local denial of service or escalate their
privileges. (CVE-2009-2698, Important)

Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google
Security Team for responsibly reporting these flaws.

All Red Hat Enterprise Linux 3 users should upgrade to these updated
packages, which contain backported patches to resolve these issues. The
system must be rebooted for this update to take effect.

Affected Software/OS:
kernel on CentOS 3

Solution:
Please install the updated packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2692
BugTraq ID: 36038
http://www.securityfocus.com/bid/36038
Bugtraq: 20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations (Google Search)
http://www.securityfocus.com/archive/1/505751/100/0/threaded
Bugtraq: 20090818 rPSA-2009-0121-1 kernel open-vm-tools (Google Search)
http://www.securityfocus.com/archive/1/505912/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/512019/100/0/threaded
Debian Security Information: DSA-1865 (Google Search)
http://www.debian.org/security/2009/dsa-1865
http://www.exploit-db.com/exploits/19933
http://www.exploit-db.com/exploits/9477
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:233
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
http://grsecurity.net/~spender/wunderbar_emporium.tgz
http://zenthought.org/content/file/android-root-2009-08-16-source
http://www.openwall.com/lists/oss-security/2009/08/14/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657
RedHat Security Advisories: RHSA-2009:1222
http://rhn.redhat.com/errata/RHSA-2009-1222.html
RedHat Security Advisories: RHSA-2009:1223
http://rhn.redhat.com/errata/RHSA-2009-1223.html
http://www.redhat.com/support/errata/RHSA-2009-1233.html
http://secunia.com/advisories/36278
http://secunia.com/advisories/36289
http://secunia.com/advisories/36327
http://secunia.com/advisories/36430
http://secunia.com/advisories/37298
http://secunia.com/advisories/37471
SuSE Security Announcement: SUSE-SR:2009:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://www.vupen.com/english/advisories/2009/2272
http://www.vupen.com/english/advisories/2009/3316
Common Vulnerability Exposure (CVE) ID: CVE-2009-2698
BugTraq ID: 36108
http://www.securityfocus.com/bid/36108
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://www.openwall.com/lists/oss-security/2009/08/25/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142
http://www.securitytracker.com/id?1022761
http://secunia.com/advisories/23073
http://secunia.com/advisories/36510
http://secunia.com/advisories/37105
SuSE Security Announcement: SUSE-SA:2009:046 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html
http://www.ubuntu.com/usn/USN-852-1

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.880685
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for kernel CESA-2009:1233 centos3 i386
Resumen:	The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the referenced advisory. Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. All Red Hat Enterprise Linux 3 users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect. Affected Software/OS: kernel on CentOS 3 Solution: Please install the updated packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2692 BugTraq ID: 36038 http://www.securityfocus.com/bid/36038 Bugtraq: 20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations (Google Search) http://www.securityfocus.com/archive/1/505751/100/0/threaded Bugtraq: 20090818 rPSA-2009-0121-1 kernel open-vm-tools (Google Search) http://www.securityfocus.com/archive/1/505912/100/0/threaded Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search) http://www.securityfocus.com/archive/1/512019/100/0/threaded Debian Security Information: DSA-1865 (Google Search) http://www.debian.org/security/2009/dsa-1865 http://www.exploit-db.com/exploits/19933 http://www.exploit-db.com/exploits/9477 http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:233 http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html http://grsecurity.net/~spender/wunderbar_emporium.tgz http://zenthought.org/content/file/android-root-2009-08-16-source http://www.openwall.com/lists/oss-security/2009/08/14/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657 RedHat Security Advisories: RHSA-2009:1222 http://rhn.redhat.com/errata/RHSA-2009-1222.html RedHat Security Advisories: RHSA-2009:1223 http://rhn.redhat.com/errata/RHSA-2009-1223.html http://www.redhat.com/support/errata/RHSA-2009-1233.html http://secunia.com/advisories/36278 http://secunia.com/advisories/36289 http://secunia.com/advisories/36327 http://secunia.com/advisories/36430 http://secunia.com/advisories/37298 http://secunia.com/advisories/37471 SuSE Security Announcement: SUSE-SR:2009:015 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://www.vupen.com/english/advisories/2009/2272 http://www.vupen.com/english/advisories/2009/3316 Common Vulnerability Exposure (CVE) ID: CVE-2009-2698 BugTraq ID: 36108 http://www.securityfocus.com/bid/36108 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 http://www.openwall.com/lists/oss-security/2009/08/25/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142 http://www.securitytracker.com/id?1022761 http://secunia.com/advisories/23073 http://secunia.com/advisories/36510 http://secunia.com/advisories/37105 SuSE Security Announcement: SUSE-SA:2009:046 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html http://www.ubuntu.com/usn/USN-852-1
Copyright	Copyright (C) 2011 Greenbone AG