ID de Prueba:	1.3.6.1.4.1.25623.1.0.881684
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for kernel CESA-2013:0621 centos5
Resumen:	The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the referenced advisory. Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way file permission checks for the files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important) * A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Affected Software/OS: kernel on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0268 SUSE-SU-2013:0674 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html [oss-security] 20130207 Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation http://www.openwall.com/lists/oss-security/2013/02/07/12 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c903f0456bc69176912dee6dd25c6a66ee1aed00 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.6 https://bugzilla.redhat.com/show_bug.cgi?id=908693 https://github.com/torvalds/linux/commit/c903f0456bc69176912dee6dd25c6a66ee1aed00 openSUSE-SU-2013:1187 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2013-0871 Debian Security Information: DSA-2632 (Google Search) http://www.debian.org/security/2013/dsa-2632 http://www.openwall.com/lists/oss-security/2013/02/15/16 RedHat Security Advisories: RHSA-2013:0567 http://rhn.redhat.com/errata/RHSA-2013-0567.html RedHat Security Advisories: RHSA-2013:0661 http://rhn.redhat.com/errata/RHSA-2013-0661.html RedHat Security Advisories: RHSA-2013:0662 http://rhn.redhat.com/errata/RHSA-2013-0662.html RedHat Security Advisories: RHSA-2013:0695 http://rhn.redhat.com/errata/RHSA-2013-0695.html SuSE Security Announcement: SUSE-SU-2013:0341 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00022.html SuSE Security Announcement: SUSE-SU-2013:0674 (Google Search) SuSE Security Announcement: openSUSE-SU-2013:0925 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://www.ubuntu.com/usn/USN-1736-1 http://www.ubuntu.com/usn/USN-1737-1 http://www.ubuntu.com/usn/USN-1738-1 http://www.ubuntu.com/usn/USN-1739-1 http://www.ubuntu.com/usn/USN-1740-1 http://www.ubuntu.com/usn/USN-1741-1 http://www.ubuntu.com/usn/USN-1742-1 http://www.ubuntu.com/usn/USN-1743-1 http://www.ubuntu.com/usn/USN-1744-1 http://www.ubuntu.com/usn/USN-1745-1
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.