Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60697
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0055
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0055.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated kernel packages fix the following security issues:

A flaw was found in the virtual filesystem (VFS). A local unprivileged
user could truncate directories to which they had write permission
this
could render the contents of the directory inaccessible. (CVE-2008-0001,
Important)

A flaw was found in the implementation of ptrace. A local unprivileged user
could trigger this flaw and possibly cause a denial of service (system
hang). (CVE-2007-5500, Important)

A flaw was found in the way the Red Hat Enterprise Linux 4 kernel handled
page faults when a CPU used the NUMA method for accessing memory on Itanium
architectures. A local unprivileged user could trigger this flaw and cause
a denial of service (system panic). (CVE-2007-4130, Important)

A possible NULL pointer dereference was found in the chrp_show_cpuinfo
function when using the PowerPC architecture. This may have allowed a local
unprivileged user to cause a denial of service (crash).
(CVE-2007-6694, Moderate)

A flaw was found in the way core dump files were created. If a local user
can get a root-owned process to dump a core file into a directory, which
the user has write access to, they could gain read access to that core
file. This could potentially grant unauthorized access to sensitive
information. (CVE-2007-6206, Moderate)

Two buffer overflow flaws were found in the Linux kernel ISDN subsystem. A
local unprivileged user could use these flaws to cause a denial of
service. (CVE-2007-6063, CVE-2007-6151, Moderate)

As well, these updated packages fix the following bug:

* when moving volumes that contain multiple segments, and a mirror segment
is not the first in the mapping table, running the pvmove /dev/[device]
/dev/[device] command caused a kernel panic. A kernel: Unable to handle
kernel paging request at virtual address [address] error was logged by
syslog.

Red Hat Enterprise Linux 4 users are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0055.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-4130
BugTraq ID: 27556
http://www.securityfocus.com/bid/27556
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11437
RedHat Security Advisories: RHSA-2008:0055
http://rhn.redhat.com/errata/RHSA-2008-0055.html
http://secunia.com/advisories/28748
Common Vulnerability Exposure (CVE) ID: CVE-2007-5500
BugTraq ID: 26477
http://www.securityfocus.com/bid/26477
Debian Security Information: DSA-1428 (Google Search)
http://www.debian.org/security/2007/dsa-1428
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00170.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00032.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00302.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
http://www.mandriva.com/security/advisories?name=MDVSA-2008:112
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9868
http://secunia.com/advisories/27664
http://secunia.com/advisories/27703
http://secunia.com/advisories/27888
http://secunia.com/advisories/27919
http://secunia.com/advisories/27922
http://secunia.com/advisories/28033
http://secunia.com/advisories/28170
http://secunia.com/advisories/28706
http://secunia.com/advisories/28971
http://secunia.com/advisories/29245
http://secunia.com/advisories/30818
http://secunia.com/advisories/30962
SuSE Security Announcement: SUSE-SA:2007:063 (Google Search)
http://www.novell.com/linux/security/advisories/2007_63_kernel.html
SuSE Security Announcement: SUSE-SA:2008:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
SuSE Security Announcement: SUSE-SA:2008:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
SuSE Security Announcement: SUSE-SA:2008:032 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
http://www.ubuntu.com/usn/usn-558-1
http://www.ubuntu.com/usn/usn-574-1
http://www.ubuntu.com/usn/usn-578-1
http://www.vupen.com/english/advisories/2007/3902
XForce ISS Database: linux-kernel-waittaskstopped-dos(38547)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38547
Common Vulnerability Exposure (CVE) ID: CVE-2007-6063
BugTraq ID: 26605
http://www.securityfocus.com/bid/26605
Debian Security Information: DSA-1436 (Google Search)
http://www.debian.org/security/2007/dsa-1436
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9846
http://www.redhat.com/support/errata/RHSA-2008-0154.html
http://www.redhat.com/support/errata/RHSA-2008-0787.html
http://www.redhat.com/support/errata/RHSA-2008-0973.html
http://secunia.com/advisories/27842
http://secunia.com/advisories/27912
http://secunia.com/advisories/28141
http://secunia.com/advisories/28806
http://secunia.com/advisories/29058
http://secunia.com/advisories/29236
http://secunia.com/advisories/33201
http://secunia.com/advisories/33280
SuSE Security Announcement: SUSE-SA:2007:064 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
SuSE Security Announcement: SUSE-SA:2008:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
http://www.vupen.com/english/advisories/2007/4046
Common Vulnerability Exposure (CVE) ID: CVE-2007-6151
BugTraq ID: 27497
http://www.securityfocus.com/bid/27497
Debian Security Information: DSA-1479 (Google Search)
http://www.debian.org/security/2008/dsa-1479
http://www.mandriva.com/security/advisories?name=MDVSA-2008:086
http://lists.vmware.com/pipermail/security-announce/2008/000023.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10971
http://www.redhat.com/support/errata/RHSA-2008-0211.html
http://secunia.com/advisories/28626
http://secunia.com/advisories/28889
http://secunia.com/advisories/29570
http://secunia.com/advisories/30110
http://secunia.com/advisories/31246
SuSE Security Announcement: SUSE-SA:2008:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html
SuSE Security Announcement: SUSE-SA:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
http://www.vupen.com/english/advisories/2008/2222/references
Common Vulnerability Exposure (CVE) ID: CVE-2007-6206
BugTraq ID: 26701
http://www.securityfocus.com/bid/26701
Bugtraq: 20080208 rPSA-2008-0048-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/487808/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10719
http://www.redhat.com/support/errata/RHSA-2008-0089.html
http://secunia.com/advisories/27908
http://secunia.com/advisories/28643
http://secunia.com/advisories/28826
http://www.vupen.com/english/advisories/2007/4090
XForce ISS Database: kernel-core-dump-information-disclosure(38841)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38841
Common Vulnerability Exposure (CVE) ID: CVE-2007-6694
BugTraq ID: 27555
http://www.securityfocus.com/bid/27555
Debian Security Information: DSA-1565 (Google Search)
http://www.debian.org/security/2008/dsa-1565
http://marc.info/?l=linux-kernel&m=119576191029571&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11215
http://secunia.com/advisories/28696
http://secunia.com/advisories/30018
http://secunia.com/advisories/30515
http://secunia.com/advisories/30769
https://usn.ubuntu.com/614-1/
http://www.ubuntu.com/usn/usn-618-1
http://www.vupen.com/english/advisories/2008/0380
Common Vulnerability Exposure (CVE) ID: CVE-2008-0001
BugTraq ID: 27280
http://www.securityfocus.com/bid/27280
Bugtraq: 20080117 rPSA-2008-0021-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/486485/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00828.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9709
http://securitytracker.com/id?1019289
http://secunia.com/advisories/28485
http://secunia.com/advisories/28558
http://secunia.com/advisories/28628
http://secunia.com/advisories/28664
http://www.vupen.com/english/advisories/2008/0151
XForce ISS Database: linux-directory-security-bypass(39672)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39672
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.