Test ID:	1.3.6.1.4.1.25623.1.0.57108
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1111-1)
Summary:	The remote host is missing an update for the Debian 'kernel-source-2.6.8' package(s) announced via the DSA-1111-1 advisory.;; This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-1111)' (OID: 1.3.6.1.4.1.25623.1.0.57160).
Description:	Summary: The remote host is missing an update for the Debian 'kernel-source-2.6.8' package(s) announced via the DSA-1111-1 advisory. This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-1111)' (OID: 1.3.6.1.4.1.25623.1.0.57160). Vulnerability Insight: It was discovered that a race condition in the process filesystem can lead to privilege escalation. The following matrix explains which kernel version for which architecture fixes the problem mentioned above: Debian 3.1 (sarge) Source 2.6.8-16sarge4 Alpha architecture 2.6.8-16sarge4 AMD64 architecture 2.6.8-16sarge4 Intel IA-32 architecture 2.6.8-16sarge4 Intel IA-64 architecture 2.6.8-14sarge4 PowerPC architecture 2.6.8-12sarge4 Sun Sparc architecture 2.6.8-15sarge4 IBM S/390 2.6.8-5sarge4 Motorola 680x0 2.6.8-4sarge4 HP Precision 2.6.8-6sarge3 FAI 1.9.1sarge3 The initial advisory lacked builds for the IBM S/390, Motorola 680x0 and HP Precision architectures, which are now provided. Also, the kernels for the FAI installer have been updated. We recommend that you upgrade your kernel package immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes. Affected Software/OS: 'kernel-source-2.6.8' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3626 BugTraq ID: 18992 http://www.securityfocus.com/bid/18992 Bugtraq: 20060717 rPSA-2006-0130-1 kernel (Google Search) http://www.securityfocus.com/archive/1/440300/100/0/threaded Debian Security Information: DSA-1111 (Google Search) http://www.debian.org/security/2006/dsa-1111 http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:124 http://www.osvdb.org/27120 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10060 http://www.redhat.com/support/errata/RHSA-2006-0617.html http://secunia.com/advisories/21041 http://secunia.com/advisories/21057 http://secunia.com/advisories/21073 http://secunia.com/advisories/21119 http://secunia.com/advisories/21123 http://secunia.com/advisories/21179 http://secunia.com/advisories/21498 http://secunia.com/advisories/21605 http://secunia.com/advisories/22174 SuSE Security Announcement: SUSE-SA:2006:042 (Google Search) http://www.novell.com/linux/security/advisories/2006_42_kernel.html SuSE Security Announcement: SUSE-SA:2006:047 (Google Search) http://www.novell.com/linux/security/advisories/2006_47_kernel.html SuSE Security Announcement: SUSE-SA:2006:049 (Google Search) http://www.novell.com/linux/security/advisories/2006_49_kernel.html SuSE Security Announcement: SUSE-SR:2006:017 (Google Search) http://www.novell.com/linux/security/advisories/2006_17_sr.html https://usn.ubuntu.com/319-1/ http://www.ubuntu.com/usn/usn-319-2 http://www.vupen.com/english/advisories/2006/2816 XForce ISS Database: linux-proc-race-condition(27790) https://exchange.xforce.ibmcloud.com/vulnerabilities/27790
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.