Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58901
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0347
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0347.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the following security issues:

* a flaw in the handling of IPv6 type 0 routing headers that allowed remote
users to cause a denial of service that led to a network amplification
between two routers (CVE-2007-2242, Important).

* a flaw in the nfnetlink_log netfilter module that allowed a local user to
cause a denial of service (CVE-2007-1496, Important).

* a flaw in the flow list of listening IPv6 sockets that allowed a local
user to cause a denial of service (CVE-2007-1592, Important).

* a flaw in the handling of netlink messages that allowed a local user to
cause a denial of service (infinite recursion) (CVE-2007-1861, Important).

* a flaw in the IPv4 forwarding base that allowed a local user to cause an
out-of-bounds access (CVE-2007-2172, Important).

* a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote
users to bypass certain netfilter rules using IPv6 fragments
(CVE-2007-1497, Moderate).

In addition to the security issues described above, fixes for the following
have been included:

* a regression in ipv6 routing.

* an error in memory initialization that caused gdb to output inaccurate
backtraces on ia64.

* the nmi watchdog timeout was updated from 5 to 30 seconds.

* a flaw in distributed lock management that could result in errors during
virtual machine migration.

* an omitted include in kernel-headers that led to compile failures for
some packages.

Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,
which contain backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0347.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1496
BugTraq ID: 22946
http://www.securityfocus.com/bid/22946
Debian Security Information: DSA-1289 (Google Search)
http://www.debian.org/security/2007/dsa-1289
http://www.mandriva.com/security/advisories?name=MDKSA-2007:171
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9831
http://www.redhat.com/support/errata/RHSA-2007-0347.html
http://secunia.com/advisories/24492
http://secunia.com/advisories/25228
http://secunia.com/advisories/25288
http://secunia.com/advisories/25392
http://secunia.com/advisories/25961
http://secunia.com/advisories/26620
SuSE Security Announcement: SUSE-SA:2007:043 (Google Search)
http://www.novell.com/linux/security/advisories/2007_43_kernel.html
http://www.ubuntu.com/usn/usn-464-1
http://www.vupen.com/english/advisories/2007/0944
Common Vulnerability Exposure (CVE) ID: CVE-2007-1497
BugTraq ID: 23976
http://www.securityfocus.com/bid/23976
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
http://www.osvdb.org/33028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10457
Common Vulnerability Exposure (CVE) ID: CVE-2007-1592
BugTraq ID: 23104
http://www.securityfocus.com/bid/23104
Debian Security Information: DSA-1286 (Google Search)
http://www.debian.org/security/2007/dsa-1286
Debian Security Information: DSA-1304 (Google Search)
http://www.debian.org/security/2007/dsa-1304
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
http://www.mandriva.com/security/advisories?name=MDKSA-2007:078
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233478
http://marc.info/?l=linux-netdev&m=117406721731891&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10130
RedHat Security Advisories: RHBA-2007-0304
http://rhn.redhat.com/errata/RHBA-2007-0304.html
RedHat Security Advisories: RHSA-2007:0436
http://rhn.redhat.com/errata/RHSA-2007-0436.html
http://www.redhat.com/support/errata/RHSA-2007-0672.html
http://www.redhat.com/support/errata/RHSA-2007-0673.html
http://secunia.com/advisories/24618
http://secunia.com/advisories/24777
http://secunia.com/advisories/25078
http://secunia.com/advisories/25099
http://secunia.com/advisories/25226
http://secunia.com/advisories/25630
http://secunia.com/advisories/25683
http://secunia.com/advisories/25714
http://secunia.com/advisories/26379
http://secunia.com/advisories/27528
http://secunia.com/advisories/29058
SuSE Security Announcement: SUSE-SA:2007:029 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-May/0001.html
SuSE Security Announcement: SUSE-SA:2007:030 (Google Search)
http://www.novell.com/linux/security/advisories/2007_30_kernel.html
SuSE Security Announcement: SUSE-SA:2007:035 (Google Search)
http://www.novell.com/linux/security/advisories/2007_35_kernel.html
http://www.vupen.com/english/advisories/2007/1084
XForce ISS Database: kernel-tcpv6synrecvsoc-dos(33176)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33176
Common Vulnerability Exposure (CVE) ID: CVE-2007-1861
BugTraq ID: 23677
http://www.securityfocus.com/bid/23677
Bugtraq: 20070508 FLEA-2007-0016-1: kernel (Google Search)
http://www.securityfocus.com/archive/1/467939/30/6690/threaded
Bugtraq: 20070615 rPSA-2007-0124-1 kernel xen (Google Search)
http://www.securityfocus.com/archive/1/471457
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11616
http://secunia.com/advisories/25030
http://secunia.com/advisories/25083
http://secunia.com/advisories/25691
http://secunia.com/advisories/26133
http://secunia.com/advisories/26139
http://www.ubuntu.com/usn/usn-486-1
http://www.ubuntu.com/usn/usn-489-1
http://www.vupen.com/english/advisories/2007/1595
XForce ISS Database: kernel-netlinkfiblookup-dos(34014)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34014
Common Vulnerability Exposure (CVE) ID: CVE-2007-2172
BugTraq ID: 23447
http://www.securityfocus.com/bid/23447
Debian Security Information: DSA-1356 (Google Search)
http://www.debian.org/security/2007/dsa-1356
Debian Security Information: DSA-1363 (Google Search)
http://www.debian.org/security/2007/dsa-1363
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10764
RedHat Security Advisories: RHSA-2007:0488
http://rhn.redhat.com/errata/RHSA-2007-0488.html
http://www.redhat.com/support/errata/RHSA-2007-1049.html
http://www.redhat.com/support/errata/RHSA-2008-0787.html
http://secunia.com/advisories/25068
http://secunia.com/advisories/25838
http://secunia.com/advisories/26289
http://secunia.com/advisories/26450
http://secunia.com/advisories/26647
http://secunia.com/advisories/27913
http://secunia.com/advisories/33280
http://www.vupen.com/english/advisories/2007/2690
XForce ISS Database: kernel-dnfibprops-fibprops-dos(33979)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33979
Common Vulnerability Exposure (CVE) ID: CVE-2007-2242
BugTraq ID: 23615
http://www.securityfocus.com/bid/23615
CERT/CC vulnerability note: VU#267289
http://www.kb.cert.org/vuls/id/267289
FreeBSD Security Advisory: FreeBSD-SA-07:03.ipv6
http://security.freebsd.org/advisories/FreeBSD-SA-07:03.ipv6.asc
http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
OpenBSD Security Advisory: [3.9] 20070423 022: SECURITY FIX: April 23, 2007
http://openbsd.org/errata39.html#022_route6
OpenBSD Security Advisory: [4.0] 20070423 012: SECURITY FIX: April 23, 2007
http://openbsd.org/errata40.html#012_route6
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9574
http://www.securitytracker.com/id?1017949
http://secunia.com/advisories/24978
http://secunia.com/advisories/25033
http://secunia.com/advisories/25770
http://secunia.com/advisories/26651
http://secunia.com/advisories/26664
http://secunia.com/advisories/26703
http://secunia.com/advisories/28806
SuSE Security Announcement: SUSE-SA:2007:051 (Google Search)
http://www.novell.com/linux/security/advisories/2007_51_kernel.html
SuSE Security Announcement: SUSE-SA:2008:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
http://www.ubuntu.com/usn/usn-508-1
http://www.vupen.com/english/advisories/2007/1563
http://www.vupen.com/english/advisories/2007/2270
http://www.vupen.com/english/advisories/2007/3050
XForce ISS Database: openbsd-ipv6-type0-dos(33851)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33851
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.