English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56014
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-922-1)
Summary:The remote host is missing an update for the Debian 'kernel-image-2.6.8-alpha, kernel-image-2.6.8-amd64, kernel-image-2.6.8-hppa, kernel-image-2.6.8-i386, kernel-image-2.6.8-ia64, kernel-image-2.6.8-m68k, kernel-image-2.6.8-s390, kernel-image-2.6.8-sparc, kernel-patch-powerpc-2.6.8, kernel-source-2.6.8' package(s) announced via the DSA-922-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'kernel-image-2.6.8-alpha, kernel-image-2.6.8-amd64, kernel-image-2.6.8-hppa, kernel-image-2.6.8-i386, kernel-image-2.6.8-ia64, kernel-image-2.6.8-m68k, kernel-image-2.6.8-s390, kernel-image-2.6.8-sparc, kernel-patch-powerpc-2.6.8, kernel-source-2.6.8' package(s) announced via the DSA-922-1 advisory.

Vulnerability Insight:
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2004-2302

A race condition in the sysfs filesystem allows local users to read kernel memory and cause a denial of service (crash).

CVE-2005-0756

Alexander Nyberg discovered that the ptrace() system call does not properly verify addresses on the amd64 architecture which can be exploited by a local attacker to crash the kernel.

CVE-2005-0757

A problem in the offset handling in the xattr file system code for ext3 has been discovered that may allow users on 64-bit systems that have access to an ext3 filesystem with extended attributes to cause the kernel to crash.

CVE-2005-1265

Chris Wright discovered that the mmap() function could create illegal memory maps that could be exploited by a local user to crash the kernel or potentially execute arbitrary code.

CVE-2005-1761

A vulnerability on the IA-64 architecture can lead local attackers to overwrite kernel memory and crash the kernel.

CVE-2005-1762

A vulnerability has been discovered in the ptrace() system call on the amd64 architecture that allows a local attacker to cause the kernel to crash.

CVE-2005-1763

A buffer overflow in the ptrace system call for 64-bit architectures allows local users to write bytes into arbitrary kernel memory.

CVE-2005-1765

Zou Nan Hai has discovered that a local user could cause the kernel to hang on the amd64 architecture after invoking syscall() with specially crafted arguments.

CVE-2005-1767

A vulnerability has been discovered in the stack segment fault handler that could allow a local attacker to cause a stack exception that will lead the kernel to crash under certain circumstances.

CVE-2005-2456

Balazs Scheidler discovered that a local attacker could call setsockopt() with an invalid xfrm_user policy message which would cause the kernel to write beyond the boundaries of an array and crash.

CVE-2005-2458

Vladimir Volovich discovered a bug in the zlib routines which are also present in the Linux kernel and allows remote attackers to crash the kernel.

CVE-2005-2459

Another vulnerability has been discovered in the zlib routines which are also present in the Linux kernel and allows remote attackers to crash the kernel.

CVE-2005-2548

Peter Sandstrom noticed that snmpwalk from a remote host could cause a denial of service (kernel oops from null dereference) via certain UDP packets that lead to a function call with the wrong argument.

CVE-2005-2801

Andreas Gruenbacher discovered a bug in the ext2 and ext3 file systems. When data areas are to be shared among two inodes not all information were compared for equality, which could expose wrong ACLs for files.

CVE-2005-2872

Chad Walstrom discovered that the ipt_recent kernel module on ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kernel-image-2.6.8-alpha, kernel-image-2.6.8-amd64, kernel-image-2.6.8-hppa, kernel-image-2.6.8-i386, kernel-image-2.6.8-ia64, kernel-image-2.6.8-m68k, kernel-image-2.6.8-s390, kernel-image-2.6.8-sparc, kernel-patch-powerpc-2.6.8, kernel-source-2.6.8' package(s) on Debian 3.1.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-2302
BugTraq ID: 13091
http://www.securityfocus.com/bid/13091
Debian Security Information: DSA-922 (Google Search)
http://www.debian.org/security/2005/dsa-922
http://www.mandriva.com/security/advisories?name=MDKSA-2005:218
http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
http://secunia.com/advisories/17826
http://secunia.com/advisories/18056
SuSE Security Announcement: SUSE-SA:2005:044 (Google Search)
http://www.novell.com/linux/security/advisories/2005_44_kernel.html
Common Vulnerability Exposure (CVE) ID: CVE-2005-0756
13891
http://www.securityfocus.com/bid/13891
17002
http://secunia.com/advisories/17002
17073
http://secunia.com/advisories/17073
18056
18059
http://secunia.com/advisories/18059
ADV-2005-1878
http://www.vupen.com/english/advisories/2005/1878
DSA-921
http://www.debian.org/security/2005/dsa-921
DSA-922
FLSA:157459-2
http://www.securityfocus.com/archive/1/428058/100/0/threaded
FLSA:157459-3
http://www.securityfocus.com/archive/1/427980/100/0/threaded
RHSA-2005:514
http://www.redhat.com/support/errata/RHSA-2005-514.html
RHSA-2005:663
http://www.redhat.com/support/errata/RHSA-2005-663.html
USN-137-1
https://usn.ubuntu.com/137-1/
oval:org.mitre.oval:def:11119
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11119
Common Vulnerability Exposure (CVE) ID: CVE-2005-0757
13680
http://www.securityfocus.com/bid/13680
RHSA-2005:294
http://www.redhat.com/support/errata/RHSA-2005-294.html
oval:org.mitre.oval:def:11406
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11406
Common Vulnerability Exposure (CVE) ID: CVE-2005-1265
1014152
http://securitytracker.com/id?1014152
13893
http://www.securityfocus.com/bid/13893
oval:org.mitre.oval:def:10466
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10466
Common Vulnerability Exposure (CVE) ID: CVE-2005-1761
1014275
http://securitytracker.com/id?1014275
14051
http://www.securityfocus.com/bid/14051
19369
http://secunia.com/advisories/19369
DSA-1018
http://www.debian.org/security/2006/dsa-1018
RHSA-2005:551
http://www.redhat.com/support/errata/RHSA-2005-551.html
SUSE-SA:2005:044
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ea78729b8dbfc400fe165a57b90a394a7275a54
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1
oval:org.mitre.oval:def:10487
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10487
Common Vulnerability Exposure (CVE) ID: CVE-2005-1762
13904
http://www.securityfocus.com/bid/13904
15786
http://secunia.com/advisories/15786
SUSE-SA:2005:029
http://www.novell.com/linux/security/advisories/2005_29_kernel.html
USN-143-1
https://usn.ubuntu.com/143-1/
oval:org.mitre.oval:def:10630
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10630
Common Vulnerability Exposure (CVE) ID: CVE-2005-1763
13903
http://www.securityfocus.com/bid/13903
oval:org.mitre.oval:def:10182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10182
Common Vulnerability Exposure (CVE) ID: CVE-2005-1765
BugTraq ID: 13904
SuSE Security Announcement: SUSE-SA:2005:029 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2005-1767
14467
http://www.securityfocus.com/bid/14467
18977
http://secunia.com/advisories/18977
MDKSA-2006:044
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044
USN-187-1
http://www.ubuntu.com/usn/usn-187-1
http://kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=51e31546a2fc46cb978da2ee0330a6a68f07541e
oval:org.mitre.oval:def:11101
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11101
Common Vulnerability Exposure (CVE) ID: CVE-2005-2456
BugTraq ID: 14477
http://www.securityfocus.com/bid/14477
Debian Security Information: DSA-921 (Google Search)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
http://www.mail-archive.com/netdev@vger.kernel.org/msg00520.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10858
http://secunia.com/advisories/16298
http://secunia.com/advisories/16500
SuSE Security Announcement: SUSE-SA:2005:050 (Google Search)
http://www.novell.com/linux/security/advisories/2005_50_kernel.html
https://usn.ubuntu.com/169-1/
XForce ISS Database: linux-kernel-xfrm-dos(21710)
https://exchange.xforce.ibmcloud.com/vulnerabilities/21710
Common Vulnerability Exposure (CVE) ID: CVE-2005-2458
BugTraq ID: 14719
http://www.securityfocus.com/bid/14719
http://www.securityfocus.com/archive/1/428028/100/0/threaded
http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10785
http://www.redhat.com/support/errata/RHSA-2006-0101.html
http://www.redhat.com/support/errata/RHSA-2006-0144.html
http://www.redhat.com/support/errata/RHSA-2006-0190.html
http://www.redhat.com/support/errata/RHSA-2006-0191.html
http://secunia.com/advisories/16355/
http://secunia.com/advisories/17918
http://secunia.com/advisories/18510
http://secunia.com/advisories/18684
http://secunia.com/advisories/19252
SuSE Security Announcement: SUSE-SA:2005:068 (Google Search)
http://www.securityfocus.com/archive/1/419522/100/0/threaded
Common Vulnerability Exposure (CVE) ID: CVE-2005-2459
BugTraq ID: 14720
http://www.securityfocus.com/bid/14720
http://bugs.gentoo.org/show_bug.cgi?id=94584
Common Vulnerability Exposure (CVE) ID: CVE-2005-2548
BugTraq ID: 14611
http://www.securityfocus.com/bid/14611
Common Vulnerability Exposure (CVE) ID: CVE-2005-2801
BugTraq ID: 14793
http://www.securityfocus.com/bid/14793
http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html
http://lists.debian.org/debian-kernel/2005/08/msg00238.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10495
SuSE Security Announcement: SUSE-SA:2005:018 (Google Search)
http://www.novell.com/linux/security/advisories/2005_18_kernel.html
Common Vulnerability Exposure (CVE) ID: CVE-2005-2872
BugTraq ID: 14791
http://www.securityfocus.com/bid/14791
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11394
Common Vulnerability Exposure (CVE) ID: CVE-2005-3105
http://cache-www.intel.com/cd/00/00/21/57/215792_215792.pdf
http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11283
Common Vulnerability Exposure (CVE) ID: CVE-2005-3106
BugTraq ID: 15049
http://www.securityfocus.com/bid/15049
http://www.mandriva.com/security/advisories?name=MDKSA-2006:072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9108
http://secunia.com/advisories/17141
http://www.ubuntu.com/usn/usn-199-1
Common Vulnerability Exposure (CVE) ID: CVE-2005-3107
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11473
http://www.redhat.com/support/errata/RHSA-2005-420.html
http://www.redhat.com/support/errata/RHSA-2006-0437.html
http://secunia.com/advisories/21136
http://secunia.com/advisories/21983
Common Vulnerability Exposure (CVE) ID: CVE-2005-3108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11322
http://www.redhat.com/support/errata/RHSA-2005-808.html
http://secunia.com/advisories/17364
Common Vulnerability Exposure (CVE) ID: CVE-2005-3109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10777
Common Vulnerability Exposure (CVE) ID: CVE-2005-3110
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11403
Common Vulnerability Exposure (CVE) ID: CVE-2005-3271
BugTraq ID: 15533
http://www.securityfocus.com/bid/15533
http://www.ussg.iu.edu/hypermail/linux/kernel/0409.1/1107.html
http://secunia.com/advisories/17917
SuSE Security Announcement: SUSE-SA:2005:067 (Google Search)
http://www.securityfocus.com/advisories/9806
https://usn.ubuntu.com/219-1/
Common Vulnerability Exposure (CVE) ID: CVE-2005-3272
BugTraq ID: 15536
http://www.securityfocus.com/bid/15536
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10157
http://www.redhat.com/support/errata/RHSA-2006-0493.html
http://secunia.com/advisories/20237
http://secunia.com/advisories/21745
Common Vulnerability Exposure (CVE) ID: CVE-2005-3273
BugTraq ID: 13886
http://www.securityfocus.com/bid/13886
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9552
http://www.redhat.com/support/errata/RHSA-2006-0579.html
http://www.redhat.com/support/errata/RHSA-2006-0580.html
http://securitytracker.com/id?1014115
http://secunia.com/advisories/21035
Common Vulnerability Exposure (CVE) ID: CVE-2005-3274
BugTraq ID: 15528
http://www.securityfocus.com/bid/15528
http://www.securityfocus.com/archive/1/427981/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2005:235
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11723
Common Vulnerability Exposure (CVE) ID: CVE-2005-3275
BugTraq ID: 15531
http://www.securityfocus.com/bid/15531
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10142
http://www.redhat.com/support/errata/RHSA-2006-0140.html
http://secunia.com/advisories/18562
http://secunia.com/advisories/19185
http://secunia.com/advisories/19607
SGI Security Advisory: 20060402-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
Common Vulnerability Exposure (CVE) ID: CVE-2005-3276
BugTraq ID: 15527
http://www.securityfocus.com/bid/15527
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9748
CopyrightCopyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.