English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58357
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1304)
Summary:The remote host is missing an update for the Debian 'kernel-source-2.6.8' package(s) announced via the DSA-1304 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'kernel-source-2.6.8' package(s) announced via the DSA-1304 advisory.

Vulnerability Insight:
CVE-2006-6060 CVE-2006-6106 CVE-2006-6535 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

This update also fixes a regression in the smbfs subsystem which was introduced in DSA-1233 which caused symlinks to be interpreted as regular files.

The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2005-4811

David Gibson reported an issue in the hugepage code which could permit a local DoS (system crash) on appropriately configured systems.

CVE-2006-4814

Doug Chapman discovered a potential local DoS (deadlock) in the mincore function caused by improper lock handling.

CVE-2006-4623

Ang Way Chuang reported a remote DoS (crash) in the dvb driver which can be triggered by a ULE package with an SNDU length of 0.

CVE-2006-5753

Eric Sandeen provided a fix for a local memory corruption vulnerability resulting from a misinterpretation of return values when operating on inodes which have been marked bad.

CVE-2006-5754

Darrick Wong discovered a local DoS (crash) vulnerability resulting from the incorrect initialization of nr_pages in aio_setup_ring().

CVE-2006-5757

LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted iso9660 filesystem.

CVE-2006-6053

LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted ext3 filesystem.

CVE-2006-6056

LMH reported a potential local DoS which could be exploited by a malicious user with the privileges to mount and read a corrupted hfs filesystem on systems with SELinux hooks enabled (Debian does not enable SELinux by default).

CVE-2006-6060

LMH reported a potential local DoS (infinite loop) which could be exploited by a malicious user with the privileges to mount and read a corrupted NTFS filesystem.

CVE-2006-6106

Marcel Holtman discovered multiple buffer overflows in the Bluetooth subsystem which can be used to trigger a remote DoS (crash) and potentially execute arbitrary code.

CVE-2006-6535

Kostantin Khorenko discovered an invalid error path in dev_queue_xmit() which could be exploited by a local user to cause data corruption.

CVE-2007-0958

Santosh Eraniose reported a vulnerability that allows local users to read otherwise unreadable files by triggering a core dump while using PT_INTERP. This is related to CVE-2004-1073.

CVE-2007-1357

Jean Delvare reported a vulnerability in the appletalk subsystem. Systems with the appletalk module loaded can be triggered to crash by other systems on the local network via a malformed frame.

CVE-2007-1592

Masayuki Nakagawa discovered that flow labels were inadvertently being shared between listening sockets and child sockets. This defect can be exploited by ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kernel-source-2.6.8' package(s) on Debian 3.1.

Solution:
Please install the updated package(s).

CVSS Score:
9.4

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-4811
BugTraq ID: 20362
http://www.securityfocus.com/bid/20362
Debian Security Information: DSA-1304 (Google Search)
http://www.debian.org/security/2007/dsa-1304
http://marc.info/?l=linux-kernel&m=112323336017157
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10976
http://www.redhat.com/support/errata/RHSA-2006-0689.html
http://secunia.com/advisories/22292
http://secunia.com/advisories/22945
http://secunia.com/advisories/25714
Common Vulnerability Exposure (CVE) ID: CVE-2006-4623
BugTraq ID: 19939
http://www.securityfocus.com/bid/19939
Bugtraq: 20061017 rPSA-2006-0194-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/448998/100/0/threaded
Bugtraq: 20070615 rPSA-2007-0124-1 kernel xen (Google Search)
http://www.securityfocus.com/archive/1/471457
http://www.mandriva.com/security/advisories?name=MDKSA-2006:182
http://lkml.org/lkml/2006/8/20/278
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9775
http://secunia.com/advisories/21820
http://secunia.com/advisories/22382
http://secunia.com/advisories/22441
http://secunia.com/advisories/23474
http://secunia.com/advisories/25691
http://secunia.com/advisories/26139
SuSE Security Announcement: SUSE-SA:2006:079 (Google Search)
http://www.novell.com/linux/security/advisories/2006_79_kernel.html
http://www.ubuntu.com/usn/usn-489-1
http://www.vupen.com/english/advisories/2006/3551
Common Vulnerability Exposure (CVE) ID: CVE-2006-4814
2007-0002
http://www.trustix.org/errata/2007/0002/
20070615 rPSA-2007-0124-1 kernel xen
21663
http://www.securityfocus.com/bid/21663
23436
http://secunia.com/advisories/23436
23609
http://secunia.com/advisories/23609
23997
http://secunia.com/advisories/23997
24098
http://secunia.com/advisories/24098
24100
http://secunia.com/advisories/24100
24206
http://secunia.com/advisories/24206
24482
http://secunia.com/advisories/24482
25691
25714
29058
http://secunia.com/advisories/29058
30110
http://secunia.com/advisories/30110
31246
http://secunia.com/advisories/31246
33280
http://secunia.com/advisories/33280
ADV-2006-5082
http://www.vupen.com/english/advisories/2006/5082
ADV-2008-2222
http://www.vupen.com/english/advisories/2008/2222/references
DSA-1304
DSA-1503
http://www.debian.org/security/2008/dsa-1503
MDKSA-2007:040
http://www.mandriva.com/security/advisories?name=MDKSA-2007:040
MDKSA-2007:060
http://www.mandriva.com/security/advisories?name=MDKSA-2007:060
RHSA-2007:0014
http://rhn.redhat.com/errata/RHSA-2007-0014.html
RHSA-2008:0211
http://www.redhat.com/support/errata/RHSA-2008-0211.html
RHSA-2008:0787
http://www.redhat.com/support/errata/RHSA-2008-0787.html
SUSE-SA:2007:018
http://www.novell.com/linux/security/advisories/2007_18_kernel.html
USN-416-1
http://www.ubuntu.com/usn/usn-416-1
[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix
http://lists.vmware.com/pipermail/security-announce/2008/000023.html
http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.6
oval:org.mitre.oval:def:9648
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9648
Common Vulnerability Exposure (CVE) ID: CVE-2006-5753
22316
http://www.securityfocus.com/bid/22316
23955
http://secunia.com/advisories/23955
24400
http://secunia.com/advisories/24400
24429
http://secunia.com/advisories/24429
24547
http://secunia.com/advisories/24547
25226
http://secunia.com/advisories/25226
25683
http://secunia.com/advisories/25683
33020
http://osvdb.org/33020
FEDORA-2007-277
http://fedoranews.org/cms/node/2739
FEDORA-2007-291
http://fedoranews.org/cms/node/2740
RedHat Security Advisories: RHSA-2007:0014
SUSE-SA:2007:021
http://www.novell.com/linux/security/advisories/2007_21_kernel.html
SUSE-SA:2007:030
http://www.novell.com/linux/security/advisories/2007_30_kernel.html
SUSE-SA:2007:035
http://www.novell.com/linux/security/advisories/2007_35_kernel.html
http://lkml.org/lkml/2007/1/3/150
https://issues.rpath.com/browse/RPL-1106
oval:org.mitre.oval:def:9371
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9371
Common Vulnerability Exposure (CVE) ID: CVE-2006-5754
22193
http://www.securityfocus.com/bid/22193
MDKSA-2007:025
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
oval:org.mitre.oval:def:11234
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11234
Common Vulnerability Exposure (CVE) ID: CVE-2006-5757
BugTraq ID: 20920
http://www.securityfocus.com/bid/20920
http://www.mandriva.com/security/advisories?name=MDKSA-2007:002
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
http://projects.info-pull.com/mokb/MOKB-05-11-2006.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10111
http://secunia.com/advisories/22702
http://secunia.com/advisories/22746
http://secunia.com/advisories/23593
http://secunia.com/advisories/23752
http://www.vupen.com/english/advisories/2006/4359
XForce ISS Database: kernel-iso9660-dos(30029)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30029
Common Vulnerability Exposure (CVE) ID: CVE-2006-6053
Debian Security Information: DSA-1503 (Google Search)
http://projects.info-pull.com/mokb/MOKB-10-11-2006.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10992
http://secunia.com/advisories/22776
http://www.vupen.com/english/advisories/2006/4458
Common Vulnerability Exposure (CVE) ID: CVE-2006-6056
http://www.mandriva.com/security/advisories?name=MDKSA-2007:078
http://projects.info-pull.com/mokb/MOKB-14-11-2006.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9949
http://secunia.com/advisories/22887
http://secunia.com/advisories/24777
XForce ISS Database: linux-superblockdoinit-dos(30278)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30278
Common Vulnerability Exposure (CVE) ID: CVE-2006-6060
http://projects.info-pull.com/mokb/MOKB-19-11-2006.html
XForce ISS Database: kernel-ntfs-dos(30418)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30418
Common Vulnerability Exposure (CVE) ID: CVE-2006-6106
20070209 rPSA-2007-0031-1 kernel
http://www.securityfocus.com/archive/1/459615/100/0/threaded
21604
http://www.securityfocus.com/bid/21604
23408
http://secunia.com/advisories/23408
23427
http://secunia.com/advisories/23427
23593
23752
24105
http://secunia.com/advisories/24105
27227
http://secunia.com/advisories/27227
ADV-2006-5037
http://www.vupen.com/english/advisories/2006/5037
MDKSA-2007:002
MDKSA-2007:012
SUSE-SA:2007:053
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
[linux-kernel] 20061215 [patch 24/24] Bluetooth: Add packet size checks for CAPI messages (CVE-2006-6106)
http://marc.info/?l=linux-kernel&m=116614741607528&w=2
[linux-kernel] 20061219 Linux 2.6.18.6
http://marc.info/?l=linux-kernel&m=116648929829440&w=2
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.5
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218602
https://issues.rpath.com/browse/RPL-848
kernel-cmtprecvinteropmsg-bo(30912)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30912
oval:org.mitre.oval:def:10891
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10891
Common Vulnerability Exposure (CVE) ID: CVE-2006-6535
BugTraq ID: 22317
http://www.securityfocus.com/bid/22317
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11679
SuSE Security Announcement: SUSE-SA:2007:035 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2007-0958
BugTraq ID: 22903
http://www.securityfocus.com/bid/22903
Debian Security Information: DSA-1286 (Google Search)
http://www.debian.org/security/2007/dsa-1286
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
http://osvdb.org/35930
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10343
http://www.redhat.com/support/errata/RHSA-2007-0099.html
RedHat Security Advisories: RHSA-2007:0488
http://rhn.redhat.com/errata/RHSA-2007-0488.html
http://secunia.com/advisories/24752
http://secunia.com/advisories/25078
http://secunia.com/advisories/25838
http://secunia.com/advisories/26289
http://www.ubuntu.com/usn/usn-451-1
Common Vulnerability Exposure (CVE) ID: CVE-2007-1357
BugTraq ID: 23376
http://www.securityfocus.com/bid/23376
http://secunia.com/advisories/24793
http://secunia.com/advisories/24901
http://secunia.com/advisories/25099
http://secunia.com/advisories/25392
http://secunia.com/advisories/25961
SuSE Security Announcement: SUSE-SA:2007:029 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-May/0001.html
SuSE Security Announcement: SUSE-SA:2007:030 (Google Search)
SuSE Security Announcement: SUSE-SA:2007:043 (Google Search)
http://www.novell.com/linux/security/advisories/2007_43_kernel.html
http://www.ubuntu.com/usn/usn-464-1
http://www.vupen.com/english/advisories/2007/1340
Common Vulnerability Exposure (CVE) ID: CVE-2007-1592
BugTraq ID: 23104
http://www.securityfocus.com/bid/23104
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233478
http://marc.info/?l=linux-netdev&m=117406721731891&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10130
RedHat Security Advisories: RHBA-2007-0304
http://rhn.redhat.com/errata/RHBA-2007-0304.html
http://www.redhat.com/support/errata/RHSA-2007-0347.html
RedHat Security Advisories: RHSA-2007:0436
http://rhn.redhat.com/errata/RHSA-2007-0436.html
http://www.redhat.com/support/errata/RHSA-2007-0672.html
http://www.redhat.com/support/errata/RHSA-2007-0673.html
http://secunia.com/advisories/24618
http://secunia.com/advisories/25288
http://secunia.com/advisories/25630
http://secunia.com/advisories/26379
http://secunia.com/advisories/27528
http://www.vupen.com/english/advisories/2007/1084
XForce ISS Database: kernel-tcpv6synrecvsoc-dos(33176)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33176
CopyrightCopyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.