Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58641
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1381-1 (linux-2.6)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to linux-2.6
announced via advisory DSA 1381-1.

Several local vulnerabilities have been discovered in the Linux kernel
that may lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2006-5755

The NT bit maybe leaked into the next task which can local attackers
to cause a Denial of Service (crash) on systems which run the 'amd64'
flavour kernel. The stable distribution ('etch') was not believed to
be vulnerable to this issue at the time of release, however Bastian
Blank discovered that this issue still applied to the 'xen-amd64' and
'xen-vserver-amd64' flavours, and is resolved by this DSA.

CVE-2007-4133

Hugh Dickins discovered a potential local DoS (panic) in hugetlbfs.
A misconversion of hugetlb_vmtruncate_list to prio_tree may allow
local users to trigger a BUG_ON() call in exit_mmap.

CVE-2007-4573

Wojciech Purczynski discovered a vulnerability that can be exploited
by a local user to obtain superuser privileges on x86_64 systems.
This resulted from improper clearing of the high bits of registers
during ia32 system call emulation. This vulnerability is relevant
to the Debian amd64 port as well as users of the i386 port who run
the amd64 linux-image flavour.

DSA-1378 resolved this problem for the 'amd64' flavour kernels, but
Tim Wickberg and Ralf HemmenstÃdt reported an outstanding issue with
the 'xen-amd64' and 'xen-vserver-amd64' issues that is resolved by
this DSA.

CVE-2007-5093

Alex Smith discovered an issue with the pwc driver for certain webcam
devices. If the device is removed while a userspace application has it
open, the driver will wait for userspace to close the device, resulting
in a blocked USB subsystem. This issue is of low security impact as
it requires the attacker to either have physical access to the system
or to convince a user with local access to remove the device on their
behalf.

These problems have been fixed in the stable distribution in version
2.6.18.dfsg.1-13etch4.

At the time of this DSA, only the build for the amd64 architecture is
available. Due to the severity of the amd64-specific issues, we are
releasing an incomplete update. This advisory will be updated once
other architecture builds become available.

We recommend that you upgrade your kernel package immediately and reboot

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201381-1

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-5755
BugTraq ID: 26060
http://www.securityfocus.com/bid/26060
Bugtraq: 20070615 rPSA-2007-0124-1 kernel xen (Google Search)
http://www.securityfocus.com/archive/1/471457
Debian Security Information: DSA-1381 (Google Search)
http://www.debian.org/security/2007/dsa-1381
http://www.mandriva.com/security/advisories?name=MDKSA-2007:171
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9554
http://www.redhat.com/support/errata/RHSA-2008-0957.html
http://secunia.com/advisories/24098
http://secunia.com/advisories/25691
http://secunia.com/advisories/26620
http://secunia.com/advisories/26994
http://secunia.com/advisories/32485
http://www.ubuntu.com/usn/usn-416-1
Common Vulnerability Exposure (CVE) ID: CVE-2007-4133
BugTraq ID: 25904
http://www.securityfocus.com/bid/25904
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216
http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10451
http://www.redhat.com/support/errata/RHSA-2007-0940.html
http://secunia.com/advisories/27322
http://secunia.com/advisories/28170
http://secunia.com/advisories/28971
http://secunia.com/advisories/29058
http://www.ubuntu.com/usn/usn-558-1
http://www.ubuntu.com/usn/usn-578-1
XForce ISS Database: kernel-hugetlbfs-dos(36925)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36925
Common Vulnerability Exposure (CVE) ID: CVE-2007-4573
BugTraq ID: 25774
http://www.securityfocus.com/bid/25774
Bugtraq: 20070924 COSEINC Linux Advisory #2: IA32 System Call Emulation Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/480451/100/0/threaded
Bugtraq: 20070926 Re: COSEINC Linux Advisory #2: IA32 System CallEmulation Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/480705/100/0/threaded
Debian Security Information: DSA-1378 (Google Search)
http://www.debian.org/security/2007/dsa-1378
http://fedoranews.org/updates/FEDORA-2007-229.shtml
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00355.html
http://marc.info/?l=full-disclosure&m=119062587407908&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
http://lkml.org/lkml/2007/9/21/512
http://lkml.org/lkml/2007/9/21/513
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9735
http://www.redhat.com/support/errata/RHSA-2007-0936.html
http://www.redhat.com/support/errata/RHSA-2007-0937.html
http://www.redhat.com/support/errata/RHSA-2007-0938.html
http://securitytracker.com/id?1018748
http://secunia.com/advisories/26917
http://secunia.com/advisories/26919
http://secunia.com/advisories/26934
http://secunia.com/advisories/26953
http://secunia.com/advisories/26955
http://secunia.com/advisories/26978
http://secunia.com/advisories/26995
http://secunia.com/advisories/27212
http://secunia.com/advisories/27227
http://secunia.com/advisories/27912
SuSE Security Announcement: SUSE-SA:2007:053 (Google Search)
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
SuSE Security Announcement: SUSE-SA:2007:064 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
http://www.ubuntu.com/usn/usn-518-1
http://www.vupen.com/english/advisories/2007/3246
Common Vulnerability Exposure (CVE) ID: CVE-2007-5093
BugTraq ID: 25504
http://www.securityfocus.com/bid/25504
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
http://marc.info/?l=linux-kernel&m=118873457814808&w=2
http://marc.info/?l=linux-kernel&m=118880154122548&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10494
http://www.redhat.com/support/errata/RHSA-2008-0275.html
RedHat Security Advisories: RHSA-2008:0972
http://rhn.redhat.com/errata/RHSA-2008-0972.html
http://secunia.com/advisories/28706
http://secunia.com/advisories/30294
http://secunia.com/advisories/32799
http://www.ubuntu.com/usn/usn-574-1
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.