Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60695
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0089
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0089.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These new kernel packages fix the following security issues:

A flaw was found in the virtual filesystem (VFS). An unprivileged local
user could truncate directories to which they had write permission
this
could render the contents of the directory inaccessible. (CVE-2008-0001,
Important)

A flaw was found in the Xen PAL emulation on Intel 64 platforms. A guest
Hardware-assisted virtual machine (HVM) could read the arbitrary physical
memory of the host system, which could make information available to
unauthorized users. (CVE-2007-6416, Important)

A flaw was found in the way core dump files were created. If a local user
can get a root-owned process to dump a core file into a directory, which
the user has write access to, they could gain read access to that core
file, potentially containing sensitive information. (CVE-2007-6206, Moderate)

A buffer overflow flaw was found in the CIFS virtual file system. A
remote,authenticated user could issue a request that could lead to a denial
of service. (CVE-2007-5904, Moderate)

A flaw was found in the sysfs_readdir function. A local user could create
a race condition which would cause a denial of service (kernel oops).
(CVE-2007-3104, Moderate)

As well, these updated packages fix the following bugs:

* running the strace -f command caused strace to hang, without displaying
information about child processes.

* unmounting an unresponsive, interruptable NFS mount, for example, one
mounted with the intr option, may have caused a system crash.

* a bug in the s2io.ko driver prevented VLAN devices from being added.
Attempting to add a device to a VLAN, for example, running the vconfig
add [device-name] [vlan-id] command caused vconfig to fail.

* tux used an incorrect open flag bit. This caused problems when building
packages in a chroot environment, such as mock, which is used by the koji
build system.

Red Hat Enterprise Linux 5 users are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0089.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
6.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3104
BugTraq ID: 24631
http://www.securityfocus.com/bid/24631
Debian Security Information: DSA-1428 (Google Search)
http://www.debian.org/security/2007/dsa-1428
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=242558
http://osvdb.org/37115
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11233
RedHat Security Advisories: RHSA-2007:0488
http://rhn.redhat.com/errata/RHSA-2007-0488.html
http://www.redhat.com/support/errata/RHSA-2008-0089.html
http://www.securitytracker.com/id?1018289
http://secunia.com/advisories/25771
http://secunia.com/advisories/25838
http://secunia.com/advisories/26289
http://secunia.com/advisories/26643
http://secunia.com/advisories/26651
http://secunia.com/advisories/27912
http://secunia.com/advisories/28033
http://secunia.com/advisories/28643
SuSE Security Announcement: SUSE-SA:2007:064 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
http://www.ubuntu.com/usn/usn-508-1
http://www.ubuntu.com/usn/usn-509-1
http://www.ubuntu.com/usn/usn-510-1
Common Vulnerability Exposure (CVE) ID: CVE-2007-5904
BugTraq ID: 26438
http://www.securityfocus.com/bid/26438
Bugtraq: 20080208 rPSA-2008-0048-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/487808/100/0/threaded
http://marc.info/?l=linux-kernel&m=119455843205403&w=2
http://marc.info/?l=linux-kernel&m=119457447724276&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9901
http://www.redhat.com/support/errata/RHSA-2008-0167.html
http://www.securitytracker.com/id?1019612
http://secunia.com/advisories/27666
http://secunia.com/advisories/27888
http://secunia.com/advisories/28826
http://secunia.com/advisories/29245
http://secunia.com/advisories/29387
http://secunia.com/advisories/29570
http://secunia.com/advisories/30769
http://secunia.com/advisories/30818
SuSE Security Announcement: SUSE-SA:2007:063 (Google Search)
http://www.novell.com/linux/security/advisories/2007_63_kernel.html
SuSE Security Announcement: SUSE-SA:2008:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
SuSE Security Announcement: SUSE-SA:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
SuSE Security Announcement: SUSE-SA:2008:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
http://www.ubuntu.com/usn/usn-618-1
http://www.vupen.com/english/advisories/2007/3860
XForce ISS Database: kernel-cifsvfs-sendreceive-bo(38450)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38450
Common Vulnerability Exposure (CVE) ID: CVE-2007-6206
BugTraq ID: 26701
http://www.securityfocus.com/bid/26701
Debian Security Information: DSA-1436 (Google Search)
http://www.debian.org/security/2007/dsa-1436
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
http://www.mandriva.com/security/advisories?name=MDVSA-2008:086
http://www.mandriva.com/security/advisories?name=MDVSA-2008:112
http://lists.vmware.com/pipermail/security-announce/2008/000023.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10719
RedHat Security Advisories: RHSA-2008:0055
http://rhn.redhat.com/errata/RHSA-2008-0055.html
http://www.redhat.com/support/errata/RHSA-2008-0211.html
http://www.redhat.com/support/errata/RHSA-2008-0787.html
http://secunia.com/advisories/27908
http://secunia.com/advisories/28141
http://secunia.com/advisories/28706
http://secunia.com/advisories/28748
http://secunia.com/advisories/28889
http://secunia.com/advisories/28971
http://secunia.com/advisories/29058
http://secunia.com/advisories/30110
http://secunia.com/advisories/30962
http://secunia.com/advisories/31246
http://secunia.com/advisories/33280
SuSE Security Announcement: SUSE-SA:2008:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html
SuSE Security Announcement: SUSE-SA:2008:032 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
http://www.ubuntu.com/usn/usn-574-1
http://www.ubuntu.com/usn/usn-578-1
http://www.vupen.com/english/advisories/2007/4090
http://www.vupen.com/english/advisories/2008/2222/references
XForce ISS Database: kernel-core-dump-information-disclosure(38841)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38841
Common Vulnerability Exposure (CVE) ID: CVE-2007-6416
BugTraq ID: 26954
http://www.securityfocus.com/bid/26954
http://osvdb.org/41344
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840
http://secunia.com/advisories/28146
Common Vulnerability Exposure (CVE) ID: CVE-2008-0001
BugTraq ID: 27280
http://www.securityfocus.com/bid/27280
Bugtraq: 20080117 rPSA-2008-0021-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/486485/100/0/threaded
Debian Security Information: DSA-1479 (Google Search)
http://www.debian.org/security/2008/dsa-1479
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00828.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9709
http://securitytracker.com/id?1019289
http://secunia.com/advisories/28485
http://secunia.com/advisories/28558
http://secunia.com/advisories/28626
http://secunia.com/advisories/28628
http://secunia.com/advisories/28664
http://secunia.com/advisories/28806
SuSE Security Announcement: SUSE-SA:2008:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
http://www.vupen.com/english/advisories/2008/0151
XForce ISS Database: linux-directory-security-bypass(39672)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39672
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.