English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61436
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1630-1)
Summary:The remote host is missing an update for the Debian 'fai-kernels, linux-2.6, user-mode-linux' package(s) announced via the DSA-1630-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'fai-kernels, linux-2.6, user-mode-linux' package(s) announced via the DSA-1630-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-6282

Dirk Nehring discovered a vulnerability in the IPsec code that allows remote users to cause a denial of service by sending a specially crafted ESP packet.

CVE-2008-0598

Tavis Ormandy discovered a vulnerability that allows local users to access uninitialized kernel memory, possibly leaking sensitive data. This issue is specific to the amd64-flavour kernel images.

CVE-2008-2729

Andi Kleen discovered an issue where uninitialized kernel memory was being leaked to userspace during an exception. This issue may allow local users to gain access to sensitive data. Only the amd64-flavour Debian kernel images are affected.

CVE-2008-2812

Alan Cox discovered an issue in multiple tty drivers that allows local users to trigger a denial of service (NULL pointer dereference) and possibly obtain elevated privileges.

CVE-2008-2826

Gabriel Campana discovered an integer overflow in the sctp code that can be exploited by local users to cause a denial of service.

CVE-2008-2931

Miklos Szeredi reported a missing privilege check in the do_change_type() function. This allows local, unprivileged users to change the properties of mount points.

CVE-2008-3272

Tobias Klein reported a locally exploitable data leak in the snd_seq_oss_synth_make_info() function. This may allow local users to gain access to sensitive information.

CVE-2008-3275

Zoltan Sogor discovered a coding error in the VFS that allows local users to exploit a kernel memory leak resulting in a denial of service.

For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-22etch2.

We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages.

Affected Software/OS:
'fai-kernels, linux-2.6, user-mode-linux' package(s) on Debian 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-6282
29081
http://www.securityfocus.com/bid/29081
30112
http://secunia.com/advisories/30112
30294
http://secunia.com/advisories/30294
30818
http://secunia.com/advisories/30818
30890
http://secunia.com/advisories/30890
30962
http://secunia.com/advisories/30962
31107
http://secunia.com/advisories/31107
31551
http://secunia.com/advisories/31551
31628
http://secunia.com/advisories/31628
DSA-1630
http://www.debian.org/security/2008/dsa-1630
RHSA-2008:0237
http://www.redhat.com/support/errata/RHSA-2008-0237.html
RHSA-2008:0275
http://www.redhat.com/support/errata/RHSA-2008-0275.html
RHSA-2008:0585
http://www.redhat.com/support/errata/RHSA-2008-0585.html
SUSE-SA:2008:030
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
SUSE-SA:2008:031
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html
SUSE-SA:2008:032
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
USN-625-1
http://www.ubuntu.com/usn/usn-625-1
[linux-netdev] 20080222 [Patch] Crash (BUG()) when handling fragmented ESP packets
http://marc.info/?l=linux-netdev&m=120372380411259&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=404291
linux-kernel-esp-dos(42276)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42276
oval:org.mitre.oval:def:10549
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10549
Common Vulnerability Exposure (CVE) ID: CVE-2008-0598
1020367
http://www.securitytracker.com/id?1020367
29942
http://www.securityfocus.com/bid/29942
30849
http://secunia.com/advisories/30849
30850
http://secunia.com/advisories/30850
32103
http://secunia.com/advisories/32103
32104
http://secunia.com/advisories/32104
33201
http://secunia.com/advisories/33201
33586
http://secunia.com/advisories/33586
MDVSA-2008:220
http://www.mandriva.com/security/advisories?name=MDVSA-2008:220
RHSA-2008:0508
http://rhn.redhat.com/errata/RHSA-2008-0508.html
RHSA-2008:0519
http://www.redhat.com/support/errata/RHSA-2008-0519.html
RHSA-2008:0973
http://www.redhat.com/support/errata/RHSA-2008-0973.html
RHSA-2009:0009
http://www.redhat.com/support/errata/RHSA-2009-0009.html
SUSE-SA:2008:047
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html
SUSE-SA:2008:048
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html
SUSE-SA:2008:049
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
https://bugzilla.redhat.com/show_bug.cgi?id=433938
linux-kernel-emulation-disclosure(43554)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43554
oval:org.mitre.oval:def:10721
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10721
oval:org.mitre.oval:def:6201
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6201
Common Vulnerability Exposure (CVE) ID: CVE-2008-2729
BugTraq ID: 29943
http://www.securityfocus.com/bid/29943
Debian Security Information: DSA-1630 (Google Search)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:174
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11571
RedHat Security Advisories: RHSA-2008:0508
http://www.securitytracker.com/id?1020364
XForce ISS Database: linux-kernel-destination-info-disclosure(43558)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43558
Common Vulnerability Exposure (CVE) ID: CVE-2008-2812
30076
http://www.securityfocus.com/bid/30076
30982
http://secunia.com/advisories/30982
31048
http://secunia.com/advisories/31048
31202
http://secunia.com/advisories/31202
31229
http://secunia.com/advisories/31229
31341
http://secunia.com/advisories/31341
31614
http://secunia.com/advisories/31614
31685
http://secunia.com/advisories/31685
32370
http://secunia.com/advisories/32370
32759
http://secunia.com/advisories/32759
ADV-2008-2063
http://www.vupen.com/english/advisories/2008/2063/references
RHSA-2008:0612
http://www.redhat.com/support/errata/RHSA-2008-0612.html
RHSA-2008:0665
http://www.redhat.com/support/errata/RHSA-2008-0665.html
SUSE-SA:2008:035
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html
SUSE-SA:2008:037
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html
SUSE-SA:2008:038
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html
SUSE-SA:2008:052
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
SUSE-SR:2008:025
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
USN-637-1
https://usn.ubuntu.com/637-1/
[oss-security] 20080703 2.6.25.10 security fixes, please assign CVE id
http://www.openwall.com/lists/oss-security/2008/07/03/2
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10
http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm
kernel-tty-dos(43687)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43687
oval:org.mitre.oval:def:11632
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632
oval:org.mitre.oval:def:6633
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633
Common Vulnerability Exposure (CVE) ID: CVE-2008-2826
BugTraq ID: 29990
http://www.securityfocus.com/bid/29990
http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
http://www.securitytracker.com/id?1020514
http://secunia.com/advisories/30901
SuSE Security Announcement: SUSE-SA:2008:037 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:052 (Google Search)
http://www.vupen.com/english/advisories/2008/2511
XForce ISS Database: linux-kernel-sctpgetsockopt-dos(43559)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43559
Common Vulnerability Exposure (CVE) ID: CVE-2008-2931
30126
http://www.securityfocus.com/bid/30126
32023
http://secunia.com/advisories/32023
RHSA-2008:0885
http://www.redhat.com/support/errata/RHSA-2008-0885.html
[oss-security] 20080708 CVE-2008-2931 kernel: missing check before setting mount propagation
http://www.openwall.com/lists/oss-security/2008/07/08/3
[oss-security] 20080708 Re: CVE-2008-2931 kernel: missing check before setting mount propagation
http://www.openwall.com/lists/oss-security/2008/07/08/4
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=ee6f958291e2a768fd727e7a67badfff0b67711a
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
https://bugzilla.redhat.com/show_bug.cgi?id=454388
linux-kernel-dochangetype-priv-escalation(43696)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43696
oval:org.mitre.oval:def:10437
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10437
Common Vulnerability Exposure (CVE) ID: CVE-2008-3272
1020636
http://www.securitytracker.com/id?1020636
30559
http://www.securityfocus.com/bid/30559
31366
http://secunia.com/advisories/31366
31836
http://secunia.com/advisories/31836
31881
http://secunia.com/advisories/31881
32190
http://secunia.com/advisories/32190
32799
http://secunia.com/advisories/32799
ADV-2008-2307
http://www.vupen.com/english/advisories/2008/2307
DSA-1636
http://www.debian.org/security/2008/dsa-1636
RHSA-2008:0857
http://www.redhat.com/support/errata/RHSA-2008-0857.html
RHSA-2008:0972
http://rhn.redhat.com/errata/RHSA-2008-0972.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=82e68f7ffec3800425f2391c8c86277606860442
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2
linux-kernel-seqosssynth-info-disclosure(44225)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44225
oval:org.mitre.oval:def:11182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11182
Common Vulnerability Exposure (CVE) ID: CVE-2008-3275
1020739
http://www.securitytracker.com/id?1020739
30647
http://www.securityfocus.com/bid/30647
32344
http://secunia.com/advisories/32344
33280
http://secunia.com/advisories/33280
33556
http://secunia.com/advisories/33556
ADV-2008-2430
http://www.vupen.com/english/advisories/2008/2430
RHSA-2008:0787
http://www.redhat.com/support/errata/RHSA-2008-0787.html
RHSA-2009:0014
http://www.redhat.com/support/errata/RHSA-2009-0014.html
[linux-kernel] 20080702 Is VFS behavior fine?
http://lkml.org/lkml/2008/7/2/83
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d70b67c8bc72ee23b55381bd6a884f4796692f77
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.15
https://bugzilla.redhat.com/show_bug.cgi?id=457858
linux-kernel-ubifs-dos(44410)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44410
oval:org.mitre.oval:def:10744
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10744
oval:org.mitre.oval:def:6551
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6551
CopyrightCopyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.