English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57246
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0575
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0575.

This update includes fixes for the security issues:

* a flaw in the USB devio handling of device removal that allowed a
local user to cause a denial of service (crash) (CVE-2005-3055,
moderate)

* a flaw in the ACL handling of nfsd that allowed a remote user to
bypass ACLs for readonly mounted NFS file systems (CVE-2005-3623,
moderate)

* a flaw in the netfilter handling that allowed a local user with
CAP_NET_ADMIN rights to cause a buffer overflow (CVE-2006-0038, low)

* a flaw in the IBM S/390 and IBM zSeries strnlen_user() function that
allowed a local user to cause a denial of service (crash) or to retrieve
random kernel data (CVE-2006-0456, important)

* a flaw in the keyctl functions that allowed a local user to cause a
denial of service (crash) or to read sensitive kernel memory
(CVE-2006-0457, important)

* a flaw in unaligned accesses handling on Itanium processors that
allowed a local user to cause a denial of service (crash)
(CVE-2006-0742, important)

* a flaw in SELinux ptrace logic that allowed a local user with ptrace
permissions to change the tracer SID to a SID of another process
(CVE-2006-1052, moderate)

* an info leak on AMD-based x86 and x86_64 systems that allowed a local
user to retrieve the floating point exception state of a process run by a
different user (CVE-2006-1056, important)

* a flaw in IPv4 packet output handling that allowed a remote user to
bypass the zero IP ID countermeasure on systems with a disabled firewall
(CVE-2006-1242, low)

* a minor info leak in socket option handling in the network code
(CVE-2006-1343, low)

* a flaw in the HB-ACK chunk handling of SCTP that allowed a remote user to
cause a denial of service (crash) (CVE-2006-1857, moderate)

* a flaw in the SCTP implementation that allowed a remote user to cause a
denial of service (deadlock) (CVE-2006-2275, moderate)

* a flaw in the socket buffer handling that allowed a remote user to cause
a denial of service (panic) (CVE-2006-2446, important)

* a flaw in the signal handling access checking on PowerPC that allowed a
local user to cause a denial of service (crash) or read arbitrary kernel
memory on 64-bit systems (CVE-2006-2448, important)

* a flaw in the netfilter SCTP module when receiving a chunkless packet
that allowed a remote user to cause a denial of service (crash)
(CVE-2006-2934, important)

There were several bug fixes in various parts of the kernel. The ongoing
effort to resolve these problems has resulted in a marked improvement
in the reliability and scalability of Red Hat Enterprise Linux 4.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0575.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Critical

CVSS Score:
9.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-3055
14955
http://www.securityfocus.com/bid/14955
17826
http://secunia.com/advisories/17826
17917
http://secunia.com/advisories/17917
17918
http://secunia.com/advisories/17918
19374
http://secunia.com/advisories/19374
21035
http://secunia.com/advisories/21035
21136
http://secunia.com/advisories/21136
21465
http://secunia.com/advisories/21465
21983
http://secunia.com/advisories/21983
22417
http://secunia.com/advisories/22417
ADV-2005-1863
http://www.vupen.com/english/advisories/2005/1863
DSA-1017
http://www.debian.org/security/2006/dsa-1017
MDKSA-2005:218
http://www.mandriva.com/security/advisories?name=MDKSA-2005:218
MDKSA-2005:219
http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
MDKSA-2005:220
http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
MDKSA-2005:235
http://www.mandriva.com/security/advisories?name=MDKSA-2005:235
RHSA-2006:0437
http://www.redhat.com/support/errata/RHSA-2006-0437.html
RHSA-2006:0575
http://www.redhat.com/support/errata/RHSA-2006-0575.html
RHSA-2006:0579
http://www.redhat.com/support/errata/RHSA-2006-0579.html
RHSA-2006:0580
http://www.redhat.com/support/errata/RHSA-2006-0580.html
SUSE-SA:2005:067
http://www.securityfocus.com/advisories/9806
SUSE-SA:2005:068
http://www.securityfocus.com/archive/1/419522/100/0/threaded
USN-219-1
https://usn.ubuntu.com/219-1/
[linux-kernel] 20050925 [BUG/PATCH/RFC] Oops while completing async USB via usbdevio
http://marc.info/?l=linux-kernel&m=112766129313883
http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
oval:org.mitre.oval:def:9472
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9472
Common Vulnerability Exposure (CVE) ID: CVE-2005-3623
16570
http://www.securityfocus.com/bid/16570
18788
http://secunia.com/advisories/18788
19038
http://secunia.com/advisories/19038
SUSE-SA:2006:006
http://www.novell.com/linux/security/advisories/2006_06_kernel.html
SUSE-SA:2006:012
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
http://lkml.org/lkml/2005/12/23/171
oval:org.mitre.oval:def:11707
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707
Common Vulnerability Exposure (CVE) ID: CVE-2006-0038
17178
http://www.securityfocus.com/bid/17178
19330
http://secunia.com/advisories/19330
20671
http://secunia.com/advisories/20671
20716
http://secunia.com/advisories/20716
20914
http://secunia.com/advisories/20914
ADV-2006-1046
http://www.vupen.com/english/advisories/2006/1046
ADV-2006-2554
http://www.vupen.com/english/advisories/2006/2554
DSA-1097
http://www.debian.org/security/2006/dsa-1097
DSA-1103
http://www.debian.org/security/2006/dsa-1103
USN-302-1
http://www.ubuntu.com/usn/usn-302-1
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ee4bb818ae35f68d1f848eae0a7b150a38eb4168
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295
linux-netfilter-doreplace-overflow(25400)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25400
oval:org.mitre.oval:def:10945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10945
Common Vulnerability Exposure (CVE) ID: CVE-2006-0456
18687
http://www.securityfocus.com/bid/18687
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=331c46591414f7f92b1cec048009abe89892ee79
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=331c46591414f7f92b1cec048009abe89892ee79
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.16-rc6
http://www.mail-archive.com/kernel-svn-changes%40lists.alioth.debian.org/msg01631.html
oval:org.mitre.oval:def:9909
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9909
Common Vulnerability Exposure (CVE) ID: CVE-2006-0457
17084
http://www.securityfocus.com/bid/17084
19220
http://secunia.com/advisories/19220
20398
http://secunia.com/advisories/20398
23894
http://www.osvdb.org/23894
MDKSA-2006:059
http://www.mandriva.com/security/advisories?name=MDKSA-2006:059
SUSE-SA:2006:028
http://www.novell.com/linux/security/advisories/2006-05-31.html
USN-263-1
https://usn.ubuntu.com/263-1/
kernel-addkey-dos(25354)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25354
oval:org.mitre.oval:def:9566
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9566
Common Vulnerability Exposure (CVE) ID: CVE-2006-0742
16993
http://www.securityfocus.com/bid/16993
19078
http://secunia.com/advisories/19078
19607
http://secunia.com/advisories/19607
20060402-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
23660
http://www.osvdb.org/23660
ADV-2006-0856
http://www.vupen.com/english/advisories/2006/0856
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.6
kernel-dieifkernel-dos(25068)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25068
oval:org.mitre.oval:def:10742
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10742
Common Vulnerability Exposure (CVE) ID: CVE-2006-1052
17830
http://www.securityfocus.com/bid/17830
19955
http://secunia.com/advisories/19955
20157
http://secunia.com/advisories/20157
22093
http://secunia.com/advisories/22093
25232
http://www.osvdb.org/25232
DSA-1184
http://www.debian.org/security/2006/dsa-1184
MDKSA-2006:086
http://www.mandriva.com/security/advisories?name=MDKSA-2006:086
USN-281-1
https://usn.ubuntu.com/281-1/
[git-commits-head] 20060311 [PATCH] selinux: tracer SID fix
http://marc.info/?l=git-commits-head&m=114210002712363&w=2
[selinux] 20060313 [SECURITY] SELinux ptrace bug (CVE-2006-1052)
http://marc.info/?l=selinux&m=114226465106131&w=2
http://selinuxnews.org/wp/index.php/2006/03/13/security-ptrace-bug-cve-2006-1052/
oval:org.mitre.oval:def:10102
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10102
Common Vulnerability Exposure (CVE) ID: CVE-2006-1056
1015966
http://securitytracker.com/id?1015966
17600
http://www.securityfocus.com/bid/17600
19715
http://secunia.com/advisories/19715
19724
http://secunia.com/advisories/19724
19735
http://secunia.com/advisories/19735
20060419 FreeBSD Security Advisory FreeBSD-SA-06:14.fpu
http://www.securityfocus.com/archive/1/431341
20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1
http://www.securityfocus.com/archive/1/451419/100/200/threaded
20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4
http://www.securityfocus.com/archive/1/451404/100/0/threaded
20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2
http://www.securityfocus.com/archive/1/451417/100/200/threaded
20061113 VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue
http://www.securityfocus.com/archive/1/451421/100/0/threaded
22875
http://secunia.com/advisories/22875
22876
http://secunia.com/advisories/22876
24746
http://www.osvdb.org/24746
24807
http://www.osvdb.org/24807
ADV-2006-1426
http://www.vupen.com/english/advisories/2006/1426
ADV-2006-1475
http://www.vupen.com/english/advisories/2006/1475
ADV-2006-4353
http://www.vupen.com/english/advisories/2006/4353
ADV-2006-4502
http://www.vupen.com/english/advisories/2006/4502
FEDORA-2006-423
http://lwn.net/Alerts/180820/
FreeBSD-SA-06:14
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc
SUSE-SU-2014:0446
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
[linux-kernel] 20060419 RE: Linux 2.6.16.9
http://marc.info/?l=linux-kernel&m=114548768214478&w=2
amd-fpu-information-disclosure(25871)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25871
http://kb.vmware.com/kb/2533126
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9
http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt
http://www.vmware.com/download/esx/esx-213-200610-patch.html
http://www.vmware.com/download/esx/esx-254-200610-patch.html
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911
oval:org.mitre.oval:def:9995
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9995
Common Vulnerability Exposure (CVE) ID: CVE-2006-1242
BugTraq ID: 17109
http://www.securityfocus.com/bid/17109
Bugtraq: 20060314 Linux zero IP ID vulnerability? (Google Search)
http://www.securityfocus.com/archive/1/427622/100/0/threaded
Bugtraq: 20060323 Re: Linux zero IP ID vulnerability? (Google Search)
http://www.securityfocus.com/archive/1/427753/100/0/threaded
http://www.securityfocus.com/archive/1/427893/100/0/threaded
http://www.securityfocus.com/archive/1/428605/30/6210/threaded
Debian Security Information: DSA-1097 (Google Search)
Debian Security Information: DSA-1103 (Google Search)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10317
http://secunia.com/advisories/19402
SuSE Security Announcement: SUSE-SA:2006:028 (Google Search)
http://www.vupen.com/english/advisories/2006/1140
Common Vulnerability Exposure (CVE) ID: CVE-2006-1343
BugTraq ID: 17203
http://www.securityfocus.com/bid/17203
Bugtraq: 20060531 rPSA-2006-0087-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/435490/100/0/threaded
Bugtraq: 20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 (Google Search)
Bugtraq: 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 (Google Search)
Bugtraq: 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 (Google Search)
Bugtraq: 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 (Google Search)
http://www.securityfocus.com/archive/1/451426/100/200/threaded
Debian Security Information: DSA-1184 (Google Search)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
http://marc.info/?l=linux-netdev&m=114148078223594&w=2
http://www.osvdb.org/29841
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10875
http://secunia.com/advisories/19357
http://secunia.com/advisories/21045
http://www.trustix.org/errata/2006/0032/
http://www.vupen.com/english/advisories/2006/2071
XForce ISS Database: linux-sockaddr-memory-leak(25425)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25425
Common Vulnerability Exposure (CVE) ID: CVE-2006-1857
18085
http://www.securityfocus.com/bid/18085
20185
http://secunia.com/advisories/20185
21045
21179
http://secunia.com/advisories/21179
21476
http://secunia.com/advisories/21476
21498
http://secunia.com/advisories/21498
25695
http://www.osvdb.org/25695
ADV-2006-1893
http://www.vupen.com/english/advisories/2006/1893
MDKSA-2006:123
MDKSA-2006:150
SUSE-SA:2006:042
http://www.novell.com/linux/security/advisories/2006_42_kernel.html
SUSE-SA:2006:047
http://www.novell.com/linux/security/advisories/2006_47_kernel.html
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17
linux-sctp-hback-dos(26584)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26584
oval:org.mitre.oval:def:10622
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10622
Common Vulnerability Exposure (CVE) ID: CVE-2006-2275
BugTraq ID: 17955
http://www.securityfocus.com/bid/17955
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11295
http://www.trustix.org/errata/2006/0026
XForce ISS Database: linux-sctp-receive-dos(26433)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26433
Common Vulnerability Exposure (CVE) ID: CVE-2006-2446
19475
http://www.securityfocus.com/bid/19475
22082
http://secunia.com/advisories/22082
DSA-1183
http://www.debian.org/security/2006/dsa-1183
MDKSA-2007:025
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192779
oval:org.mitre.oval:def:9117
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9117
Common Vulnerability Exposure (CVE) ID: CVE-2006-2448
18616
http://www.securityfocus.com/bid/18616
2006-0037
http://www.trustix.org/errata/2006/0037
20060623 rPSA-2006-0110-1 kernel
http://www.securityfocus.com/archive/1/438168/100/0/threaded
20703
http://secunia.com/advisories/20703
20831
http://secunia.com/advisories/20831
20991
http://secunia.com/advisories/20991
ADV-2006-2451
http://www.vupen.com/english/advisories/2006/2451
USN-311-1
http://www.ubuntu.com/usn/usn-311-1
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c85d1f9d358b24c5b05c3a2783a78423775a080
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.21
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194215
oval:org.mitre.oval:def:10040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10040
Common Vulnerability Exposure (CVE) ID: CVE-2006-2934
18755
http://www.securityfocus.com/bid/18755
20060707 rPSA-2006-0122-1 kernel
http://www.securityfocus.com/archive/1/439483/100/100/threaded
20060710 Re: rPSA-2006-0122-1 kernel
http://www.securityfocus.com/archive/1/439610/100/100/threaded
20917
http://secunia.com/advisories/20917
20986
http://secunia.com/advisories/20986
21298
http://secunia.com/advisories/21298
21614
http://secunia.com/advisories/21614
21934
http://secunia.com/advisories/21934
26963
http://www.osvdb.org/26963
ADV-2006-2623
http://www.vupen.com/english/advisories/2006/2623
MDKSA-2006:151
http://www.mandriva.com/security/advisories?name=MDKSA-2006:151
USN-331-1
http://www.ubuntu.com/usn/usn-331-1
USN-346-1
http://www.ubuntu.com/usn/usn-346-1
VU#717844
http://www.kb.cert.org/vuls/id/717844
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git%3Ba=commit%3Bh=9c48e1ea8cf8800cc5e2d39ccbb8b5ff9704f8e9
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.23
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.3
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197387
https://issues.rpath.com/browse/RPL-488
oval:org.mitre.oval:def:10932
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10932
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.