Test ID:	1.3.6.1.4.1.25623.1.0.120205
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2014-328)
Summary:	The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2014-328 advisory.
Description:	Summary: The remote host is missing an update for the 'kernel' package(s) announced via the ALAS-2014-328 advisory. Vulnerability Insight: The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. Affected Software/OS: 'kernel' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0055 59386 http://secunia.com/advisories/59386 66441 http://www.securityfocus.com/bid/66441 RHSA-2014:0328 http://rhn.redhat.com/errata/RHSA-2014-0328.html RHSA-2014:0339 http://rhn.redhat.com/errata/RHSA-2014-0339.html https://bugzilla.redhat.com/show_bug.cgi?id=1062577 Common Vulnerability Exposure (CVE) ID: CVE-2014-0077 59599 http://secunia.com/advisories/59599 66678 http://www.securityfocus.com/bid/66678 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d8316f3991d207fe32881a9ac20241be8fa2bad0 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10 https://bugzilla.redhat.com/show_bug.cgi?id=1064440 https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0 Common Vulnerability Exposure (CVE) ID: CVE-2014-2309 BugTraq ID: 66095 http://www.securityfocus.com/bid/66095 http://www.openwall.com/lists/oss-security/2014/03/08/1 http://www.securitytracker.com/id/1029894 http://secunia.com/advisories/57250 SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Common Vulnerability Exposure (CVE) ID: CVE-2014-2523 BugTraq ID: 66279 http://www.securityfocus.com/bid/66279 http://twitter.com/grsecurity/statuses/445496197399461888 http://www.openwall.com/lists/oss-security/2014/03/17/7 http://www.securitytracker.com/id/1029945 http://secunia.com/advisories/57446 http://www.ubuntu.com/usn/USN-2173-1 http://www.ubuntu.com/usn/USN-2174-1 XForce ISS Database: linux-kernel-cve20142523-code-exec(91910) https://exchange.xforce.ibmcloud.com/vulnerabilities/91910
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.