Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57274
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0617
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0617.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described
below:

* a flaw in the proc file system that allowed a local user to use a
suid-wrapper for scripts to gain root privileges (CVE-2006-3626, Important)

* a flaw in the SCTP implementation that allowed a local user to cause a
denial of service (panic) or to possibly gain root privileges
(CVE-2006-3745, Important)

* a flaw in NFS exported ext2/ext3 partitions when handling invalid inodes
that allowed a remote authenticated user to cause a denial of service
(filesystem panic) (CVE-2006-3468, Important)

* a flaw in the restore_all code path of the 4/4GB split support of
non-hugemem kernels that allowed a local user to cause a denial of service
(panic) (CVE-2006-2932, Important)

* a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT
processing that allowed a remote user to cause a denial of service (crash)
or potential memory corruption (CVE-2006-2444, Moderate)

* a flaw in the DVD handling of the CDROM driver that could be used
together with a custom built USB device to gain root privileges
(CVE-2006-2935, Moderate)

* a flaw in the handling of O_DIRECT writes that allowed a local user
to cause a denial of service (memory consumption) (CVE-2004-2660, Low)

* a flaw in the SCTP chunk length handling that allowed a remote user to
cause a denial of service (crash) (CVE-2006-1858, Low)

* a flaw in the input handling of the ftdi_sio driver that allowed a local
user to cause a denial of service (memory consumption) (CVE-2006-2936, Low)

In addition a bugfix was added to enable a clean reboot for the IBM Pizzaro
machines.

Red Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill
Korotaev for reporting issues fixed in this erratum.

All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels
to the packages associated with their machine architectures and
configurations as listed in this erratum.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0617.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-2660
BugTraq ID: 19665
http://www.securityfocus.com/bid/19665
Debian Security Information: DSA-1184 (Google Search)
http://www.debian.org/security/2006/dsa-1184
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10165
http://www.redhat.com/support/errata/RHSA-2006-0617.html
http://secunia.com/advisories/21605
http://secunia.com/advisories/22093
http://secunia.com/advisories/22174
Common Vulnerability Exposure (CVE) ID: CVE-2006-1858
BugTraq ID: 18085
http://www.securityfocus.com/bid/18085
Debian Security Information: DSA-1097 (Google Search)
http://www.debian.org/security/2006/dsa-1097
Debian Security Information: DSA-1103 (Google Search)
http://www.debian.org/security/2006/dsa-1103
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
http://www.osvdb.org/25696
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9510
http://secunia.com/advisories/20185
http://secunia.com/advisories/20671
http://secunia.com/advisories/20716
http://secunia.com/advisories/20914
http://secunia.com/advisories/21045
http://secunia.com/advisories/21179
http://secunia.com/advisories/21476
http://secunia.com/advisories/21498
SuSE Security Announcement: SUSE-SA:2006:042 (Google Search)
http://www.novell.com/linux/security/advisories/2006_42_kernel.html
SuSE Security Announcement: SUSE-SA:2006:047 (Google Search)
http://www.novell.com/linux/security/advisories/2006_47_kernel.html
http://www.ubuntu.com/usn/usn-302-1
http://www.vupen.com/english/advisories/2006/1893
http://www.vupen.com/english/advisories/2006/2554
XForce ISS Database: linux-sctp-parameter-dos(26585)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26585
Common Vulnerability Exposure (CVE) ID: CVE-2006-2444
BugTraq ID: 18081
http://www.securityfocus.com/bid/18081
CERT/CC vulnerability note: VU#681569
http://www.kb.cert.org/vuls/id/681569
Debian Security Information: DSA-1183 (Google Search)
http://www.debian.org/security/2006/dsa-1183
http://www.mandriva.com/security/advisories?name=MDKSA-2006:087
http://www.osvdb.org/25750
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11318
http://www.redhat.com/support/errata/RHSA-2006-0437.html
http://www.redhat.com/support/errata/RHSA-2006-0580.html
http://securitytracker.com/id?1016153
http://secunia.com/advisories/20182
http://secunia.com/advisories/20225
http://secunia.com/advisories/21035
http://secunia.com/advisories/21136
http://secunia.com/advisories/21983
http://secunia.com/advisories/22082
http://secunia.com/advisories/22822
SuSE Security Announcement: SUSE-SA:2006:064 (Google Search)
http://www.novell.com/linux/security/advisories/2006_64_kernel.html
http://www.vupen.com/english/advisories/2006/1916
XForce ISS Database: linux-snmp-nathelper-dos(26594)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26594
Common Vulnerability Exposure (CVE) ID: CVE-2006-2932
BugTraq ID: 19664
http://www.securityfocus.com/bid/19664
http://www.osvdb.org/28120
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11410
Common Vulnerability Exposure (CVE) ID: CVE-2006-2935
BugTraq ID: 18847
http://www.securityfocus.com/bid/18847
Bugtraq: 20060831 rPSA-2006-0162-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/444887/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2006:151
http://bugzilla.kernel.org/show_bug.cgi?id=2966
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10886
http://www.redhat.com/support/errata/RHSA-2006-0710.html
http://www.redhat.com/support/errata/RHSA-2007-0012.html
http://www.redhat.com/support/errata/RHSA-2007-0013.html
http://secunia.com/advisories/21298
http://secunia.com/advisories/21614
http://secunia.com/advisories/21695
http://secunia.com/advisories/21934
http://secunia.com/advisories/22497
http://secunia.com/advisories/23064
http://secunia.com/advisories/23788
http://secunia.com/advisories/24288
SuSE Security Announcement: SUSE-SA:2006:049 (Google Search)
http://www.novell.com/linux/security/advisories/2006_49_kernel.html
http://www.ubuntu.com/usn/usn-331-1
http://www.ubuntu.com/usn/usn-346-1
http://www.vupen.com/english/advisories/2006/2680
XForce ISS Database: linux-dvdreadbca-bo(27579)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27579
Common Vulnerability Exposure (CVE) ID: CVE-2006-2936
BugTraq ID: 19033
http://www.securityfocus.com/bid/19033
Bugtraq: 20060717 rPSA-2006-0130-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/440300/100/0/threaded
http://www.osvdb.org/27119
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10265
http://secunia.com/advisories/20703
http://secunia.com/advisories/21057
http://secunia.com/advisories/24547
http://secunia.com/advisories/25226
http://secunia.com/advisories/25683
SuSE Security Announcement: SUSE-SA:2007:018 (Google Search)
http://www.novell.com/linux/security/advisories/2007_18_kernel.html
SuSE Security Announcement: SUSE-SA:2007:021 (Google Search)
http://www.novell.com/linux/security/advisories/2007_21_kernel.html
SuSE Security Announcement: SUSE-SA:2007:030 (Google Search)
http://www.novell.com/linux/security/advisories/2007_30_kernel.html
SuSE Security Announcement: SUSE-SA:2007:035 (Google Search)
http://www.novell.com/linux/security/advisories/2007_35_kernel.html
http://www.vupen.com/english/advisories/2006/2841
XForce ISS Database: linux-ftdi-sio-dos(27807)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27807
Common Vulnerability Exposure (CVE) ID: CVE-2006-3468
BugTraq ID: 19396
http://www.securityfocus.com/bid/19396
http://lkml.org/lkml/2006/7/17/41
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=199172
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9809
http://secunia.com/advisories/21369
http://secunia.com/advisories/21847
http://secunia.com/advisories/22148
SuSE Security Announcement: SUSE-SA:2006:057 (Google Search)
http://www.novell.com/linux/security/advisories/2006_57_kernel.html
SuSE Security Announcement: SUSE-SR:2006:021 (Google Search)
http://www.novell.com/linux/security/advisories/2006_21_sr.html
SuSE Security Announcement: SUSE-SR:2006:022 (Google Search)
http://www.novell.com/linux/security/advisories/2006_22_sr.html
http://www.trustix.org/errata/2006/0046/
Common Vulnerability Exposure (CVE) ID: CVE-2006-3626
BugTraq ID: 18992
http://www.securityfocus.com/bid/18992
Debian Security Information: DSA-1111 (Google Search)
http://www.debian.org/security/2006/dsa-1111
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:124
http://www.osvdb.org/27120
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10060
http://secunia.com/advisories/21041
http://secunia.com/advisories/21073
http://secunia.com/advisories/21119
http://secunia.com/advisories/21123
SuSE Security Announcement: SUSE-SR:2006:017 (Google Search)
http://www.novell.com/linux/security/advisories/2006_17_sr.html
https://usn.ubuntu.com/319-1/
http://www.ubuntu.com/usn/usn-319-2
http://www.vupen.com/english/advisories/2006/2816
XForce ISS Database: linux-proc-race-condition(27790)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27790
Common Vulnerability Exposure (CVE) ID: CVE-2006-3745
BugTraq ID: 19666
http://www.securityfocus.com/bid/19666
Bugtraq: 20060822 Linux Kernel SCTP Privilege Elevation Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/444066/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0600.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10706
http://secunia.com/advisories/21576
http://www.vupen.com/english/advisories/2006/3358
XForce ISS Database: kernel-sctp-privilege-escalation(28530)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28530
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.