Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58964
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0940
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0940.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the following security issues:

* A flaw was found in the backported stack unwinder fixes in Red Hat
Enterprise Linux 5. On AMD64 and Intel 64 platforms, a local user could
trigger this flaw and cause a denial of service. (CVE-2007-4574, Important)

* A flaw was found in the handling of process death signals. This allowed a
local user to send arbitrary signals to the suid-process executed by that
user. A successful exploitation of this flaw depends on the structure of
the suid-program and its signal handling. (CVE-2007-3848, Important)

* A flaw was found in the Distributed Lock Manager (DLM) in the cluster
manager. This allowed a remote user who is able to connect to the DLM port
to cause a denial of service. (CVE-2007-3380, Important)

* A flaw was found in the aacraid SCSI driver. This allowed a local user to
make ioctl calls to the driver which should otherwise be restricted to
privileged users. (CVE-2007-4308, Moderate)

* A flaw was found in the prio_tree handling of the hugetlb support that
allowed a local user to cause a denial of service. This only affected
kernels with hugetlb support. (CVE-2007-4133, Moderate)

* A flaw was found in the eHCA driver on PowerPC architectures that allowed
a local user to access 60k of physical address space. This address space
could contain sensitive information. (CVE-2007-3850, Moderate)

* A flaw was found in ptrace support that allowed a local user to cause a
denial of service via a NULL pointer dereference. (CVE-2007-3731, Moderate)

* A flaw was found in the usblcd driver that allowed a local user to cause
a denial
of service by writing data to the device node. To exploit this issue, write
access to the device node was needed. (CVE-2007-3513, Moderate)

* A flaw was found in the random number generator implementation that
allowed a local user to cause a denial of service or possibly gain
privileges. If the root user raised the default wakeup threshold over the
size of the output pool, this flaw could be exploited. (CVE-2007-3105, Low)

In addition to the security issues described above, several bug fixes
preventing possible system crashes and data corruption were also included.

Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,
which contain backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0940.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3105
BugTraq ID: 25348
http://www.securityfocus.com/bid/25348
Debian Security Information: DSA-1363 (Google Search)
http://www.debian.org/security/2007/dsa-1363
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
http://www.mandriva.com/security/advisories?name=MDKSA-2007:195
http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10371
http://www.redhat.com/support/errata/RHSA-2007-0939.html
http://www.redhat.com/support/errata/RHSA-2007-0940.html
http://secunia.com/advisories/26500
http://secunia.com/advisories/26643
http://secunia.com/advisories/26647
http://secunia.com/advisories/26651
http://secunia.com/advisories/26664
http://secunia.com/advisories/27212
http://secunia.com/advisories/27227
http://secunia.com/advisories/27322
http://secunia.com/advisories/27436
http://secunia.com/advisories/27747
http://secunia.com/advisories/29058
SuSE Security Announcement: SUSE-SA:2007:051 (Google Search)
http://www.novell.com/linux/security/advisories/2007_51_kernel.html
SuSE Security Announcement: SUSE-SA:2007:053 (Google Search)
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.ubuntu.com/usn/usn-508-1
http://www.ubuntu.com/usn/usn-509-1
http://www.ubuntu.com/usn/usn-510-1
Common Vulnerability Exposure (CVE) ID: CVE-2007-3380
BugTraq ID: 24968
http://www.securityfocus.com/bid/24968
http://osvdb.org/37109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9337
http://secunia.com/advisories/26139
http://www.ubuntu.com/usn/usn-489-1
http://www.ubuntu.com/usn/usn-489-2
XForce ISS Database: clusterproject-dlm-dos(35516)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35516
Common Vulnerability Exposure (CVE) ID: CVE-2007-3513
BugTraq ID: 24734
http://www.securityfocus.com/bid/24734
Debian Security Information: DSA-1356 (Google Search)
http://www.debian.org/security/2007/dsa-1356
http://osvdb.org/37116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9883
http://secunia.com/advisories/25895
http://secunia.com/advisories/26450
http://www.vupen.com/english/advisories/2007/2403
XForce ISS Database: kernel-lcdwrite-dos(35302)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35302
Common Vulnerability Exposure (CVE) ID: CVE-2007-3731
BugTraq ID: 25801
http://www.securityfocus.com/bid/25801
Bugtraq: 20080229 rPSA-2008-0094-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/488972/100/0/threaded
Debian Security Information: DSA-1378 (Google Search)
http://www.debian.org/security/2007/dsa-1378
http://bugzilla.kernel.org/show_bug.cgi?id=8765
http://osvdb.org/37286
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10394
http://secunia.com/advisories/26935
http://secunia.com/advisories/26955
http://secunia.com/advisories/26978
http://secunia.com/advisories/29159
http://www.ubuntu.com/usn/usn-518-1
Common Vulnerability Exposure (CVE) ID: CVE-2007-3848
BugTraq ID: 25387
http://www.securityfocus.com/bid/25387
Bugtraq: 20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/476464/100/0/threaded
Bugtraq: 20070814 COSEINC Linux Advisory #1: Linux Kernel Parent Process DeathSignal Vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=118711306802632&w=2
Bugtraq: 20070816 Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/476538/100/0/threaded
http://www.securityfocus.com/archive/1/476677/100/0/threaded
http://www.securityfocus.com/archive/1/476803/100/0/threaded
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3848
http://marc.info/?l=openwall-announce&m=118710356812637&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10120
http://www.redhat.com/support/errata/RHSA-2007-1049.html
http://www.redhat.com/support/errata/RHSA-2008-0787.html
http://secunia.com/advisories/27913
http://secunia.com/advisories/28806
http://secunia.com/advisories/29570
http://secunia.com/advisories/33280
SuSE Security Announcement: SUSE-SA:2008:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
SuSE Security Announcement: SUSE-SA:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
Common Vulnerability Exposure (CVE) ID: CVE-2007-3850
BugTraq ID: 26161
http://www.securityfocus.com/bid/26161
http://osvdb.org/45488
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10793
http://rhn.redhat.com/errata/RHSA-2007-0940.html
Common Vulnerability Exposure (CVE) ID: CVE-2007-4308
BugTraq ID: 25216
http://www.securityfocus.com/bid/25216
Bugtraq: 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates (Google Search)
http://www.securityfocus.com/archive/1/488457/100/0/threaded
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8872
http://securitytracker.com/id?1019470
http://secunia.com/advisories/26322
http://secunia.com/advisories/27912
http://secunia.com/advisories/29032
SuSE Security Announcement: SUSE-SA:2007:064 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
http://www.vupen.com/english/advisories/2007/2786
http://www.vupen.com/english/advisories/2008/0637
Common Vulnerability Exposure (CVE) ID: CVE-2007-4133
BugTraq ID: 25904
http://www.securityfocus.com/bid/25904
Debian Security Information: DSA-1381 (Google Search)
http://www.debian.org/security/2007/dsa-1381
http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10451
http://secunia.com/advisories/26994
http://secunia.com/advisories/28170
http://secunia.com/advisories/28971
http://www.ubuntu.com/usn/usn-558-1
http://www.ubuntu.com/usn/usn-578-1
XForce ISS Database: kernel-hugetlbfs-dos(36925)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36925
Common Vulnerability Exposure (CVE) ID: CVE-2007-4574
BugTraq ID: 26158
http://www.securityfocus.com/bid/26158
http://osvdb.org/45489
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10681
http://securitytracker.com/id?1018844
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.