CentOS Local Security Checks : CentOS Update for hypervkvpd-0 CESA-2013:0807 centos5

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881734

Categoría: CentOS Local Security Checks

Título: CentOS Update for hypervkvpd-0 CESA-2013:0807 centos5

Resumen: The remote host is missing an update for the 'hypervkvpd-0'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'hypervkvpd-0'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V
Key-Value Pair (KVP) daemon. The daemon passes basic information to the
host through VMBus, such as the guest IP address, fully qualified domain
name, operating system name, and operating system release number.

A denial of service flaw was found in the way hypervkvpd processed certain
Netlink messages. A local, unprivileged user in a guest (running on
Microsoft Hyper-V) could send a Netlink message that, when processed, would
cause the guest's hypervkvpd daemon to exit. (CVE-2012-5532)

The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat
Product Security Team.

This update also fixes the following bug:

* The hypervkvpd daemon did not close the file descriptors for pool files
when they were updated. This could eventually lead to hypervkvpd crashing
with a 'KVP: Failed to open file, pool: 1' error after consuming all
available file descriptors. With this update, the file descriptors are
closed, correcting this issue. (BZ#953502)

Users of hypervkvpd are advised to upgrade to this updated package, which
contains backported patches to correct these issues. After installing the
update, it is recommended to reboot all guest machines.

Affected Software/OS:
hypervkvpd-0 on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-5532
56710
http://www.securityfocus.com/bid/56710
MDVSA-2013:176
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
RHSA-2013:0807
http://rhn.redhat.com/errata/RHSA-2013-0807.html
[oss-security] 20121127 Re: CVE-2012-5532 hypervkvpd DoS
http://www.openwall.com/lists/oss-security/2012/11/27/12
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95a69adab9acfc3981c504737a2b6578e4d846ef
http://www.kernel.org/pub/linux/kernel/v3.x/testing/
http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2
https://bugzilla.novell.com/show_bug.cgi?id=761200
https://bugzilla.redhat.com/show_bug.cgi?id=877572
https://github.com/torvalds/linux/commit/95a69adab9acfc3981c504737a2b6578e4d846ef
kernel-hypervkvpd-dos(80337)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80337

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881734
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for hypervkvpd-0 CESA-2013:0807 centos5
Resumen:	The remote host is missing an update for the 'hypervkvpd-0'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'hypervkvpd-0' package(s) announced via the referenced advisory. Vulnerability Insight: The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair (KVP) daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest (running on Microsoft Hyper-V) could send a Netlink message that, when processed, would cause the guest's hypervkvpd daemon to exit. (CVE-2012-5532) The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat Product Security Team. This update also fixes the following bug: * The hypervkvpd daemon did not close the file descriptors for pool files when they were updated. This could eventually lead to hypervkvpd crashing with a 'KVP: Failed to open file, pool: 1' error after consuming all available file descriptors. With this update, the file descriptors are closed, correcting this issue. (BZ#953502) Users of hypervkvpd are advised to upgrade to this updated package, which contains backported patches to correct these issues. After installing the update, it is recommended to reboot all guest machines. Affected Software/OS: hypervkvpd-0 on CentOS 5 Solution: Please install the updated packages. CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5532 56710 http://www.securityfocus.com/bid/56710 MDVSA-2013:176 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 RHSA-2013:0807 http://rhn.redhat.com/errata/RHSA-2013-0807.html [oss-security] 20121127 Re: CVE-2012-5532 hypervkvpd DoS http://www.openwall.com/lists/oss-security/2012/11/27/12 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95a69adab9acfc3981c504737a2b6578e4d846ef http://www.kernel.org/pub/linux/kernel/v3.x/testing/ http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2 https://bugzilla.novell.com/show_bug.cgi?id=761200 https://bugzilla.redhat.com/show_bug.cgi?id=877572 https://github.com/torvalds/linux/commit/95a69adab9acfc3981c504737a2b6578e4d846ef kernel-hypervkvpd-dos(80337) https://exchange.xforce.ibmcloud.com/vulnerabilities/80337
Copyright	Copyright (C) 2013 Greenbone AG