CentOS Local Security Checks : CentOS Update for rtkit CESA-2013:1282 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881798

Categoría: CentOS Local Security Checks

Título: CentOS Update for rtkit CESA-2013:1282 centos6

Resumen: The remote host is missing an update for the 'rtkit'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'rtkit'
package(s) announced via the referenced advisory.

Vulnerability Insight:
RealtimeKit is a D-Bus system service that changes the scheduling policy of
user processes/threads to SCHED_RR (that is, realtime scheduling mode) on
request. It is intended to be used as a secure mechanism to allow real-time
scheduling to be used by normal user processes.

It was found that RealtimeKit communicated with PolicyKit for authorization
using a D-Bus API that is vulnerable to a race condition. This could have
led to intended PolicyKit authorizations being bypassed. This update
modifies RealtimeKit to communicate with PolicyKit via a different API that
is not vulnerable to the race condition. (CVE-2013-4326)

All rtkit users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Affected Software/OS:
rtkit on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-4326
RHSA-2013:1282
http://rhn.redhat.com/errata/RHSA-2013-1282.html
[oss-security] 20130918 Re: Fwd: [vs-plain] polkit races
http://www.openwall.com/lists/oss-security/2013/09/18/6
https://bugzilla.redhat.com/show_bug.cgi?id=1006677
openSUSE-SU-2013:1548
http://lists.opensuse.org/opensuse-updates/2013-10/msg00022.html
openSUSE-SU-2013:1597
http://lists.opensuse.org/opensuse-updates/2013-10/msg00051.html

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881798
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for rtkit CESA-2013:1282 centos6
Resumen:	The remote host is missing an update for the 'rtkit'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'rtkit' package(s) announced via the referenced advisory. Vulnerability Insight: RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR (that is, realtime scheduling mode) on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for authorization using a D-Bus API that is vulnerable to a race condition. This could have led to intended PolicyKit authorizations being bypassed. This update modifies RealtimeKit to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4326) All rtkit users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. Affected Software/OS: rtkit on CentOS 6 Solution: Please install the updated packages. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4326 RHSA-2013:1282 http://rhn.redhat.com/errata/RHSA-2013-1282.html [oss-security] 20130918 Re: Fwd: [vs-plain] polkit races http://www.openwall.com/lists/oss-security/2013/09/18/6 https://bugzilla.redhat.com/show_bug.cgi?id=1006677 openSUSE-SU-2013:1548 http://lists.opensuse.org/opensuse-updates/2013-10/msg00022.html openSUSE-SU-2013:1597 http://lists.opensuse.org/opensuse-updates/2013-10/msg00051.html
Copyright	Copyright (C) 2013 Greenbone AG