English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61594
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1636-1)
Summary:The remote host is missing an update for the Debian 'linux-2.6.24' package(s) announced via the DSA-1636-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'linux-2.6.24' package(s) announced via the DSA-1636-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or leak sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-3272

Tobias Klein reported a locally exploitable data leak in the snd_seq_oss_synth_make_info() function. This may allow local users to gain access to sensitive information.

CVE-2008-3275

Zoltan Sogor discovered a coding error in the VFS that allows local users to exploit a kernel memory leak resulting in a denial of service.

CVE-2008-3276

Eugene Teo reported an integer overflow in the DCCP subsystem that may allow remote attackers to cause a denial of service in the form of a kernel panic.

CVE-2008-3526

Eugene Teo reported a missing bounds check in the SCTP subsystem. By exploiting an integer overflow in the SCTP_AUTH_KEY handling code, remote attackers may be able to cause a denial of service in the form of a kernel panic.

CVE-2008-3534

Kel Modderman reported an issue in the tmpfs filesystem that allows local users to crash a system by triggering a kernel BUG() assertion.

CVE-2008-3535

Alexey Dobriyan discovered an off-by-one-error in the iov_iter_advance function which can be exploited by local users to crash a system, resulting in a denial of service.

CVE-2008-3792

Vlad Yasevich reported several NULL pointer reference conditions in the SCTP subsystem that can be triggered by entering sctp-auth codepaths when the AUTH feature is inactive. This may allow attackers to cause a denial of service condition via a system panic.

CVE-2008-3915

Johann Dahm and David Richter reported an issue in the nfsd subsystem that may allow remote attackers to cause a denial of service via a buffer overflow.

For the stable distribution (etch), these problems have been fixed in version 2.6.24-6~
etchnhalf.5.

We recommend that you upgrade your linux-2.6.24 packages.

Affected Software/OS:
'linux-2.6.24' package(s) on Debian 4.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3272
1020636
http://www.securitytracker.com/id?1020636
30559
http://www.securityfocus.com/bid/30559
31366
http://secunia.com/advisories/31366
31551
http://secunia.com/advisories/31551
31614
http://secunia.com/advisories/31614
31836
http://secunia.com/advisories/31836
31881
http://secunia.com/advisories/31881
32023
http://secunia.com/advisories/32023
32103
http://secunia.com/advisories/32103
32104
http://secunia.com/advisories/32104
32190
http://secunia.com/advisories/32190
32370
http://secunia.com/advisories/32370
32759
http://secunia.com/advisories/32759
32799
http://secunia.com/advisories/32799
ADV-2008-2307
http://www.vupen.com/english/advisories/2008/2307
DSA-1630
http://www.debian.org/security/2008/dsa-1630
DSA-1636
http://www.debian.org/security/2008/dsa-1636
MDVSA-2008:220
http://www.mandriva.com/security/advisories?name=MDVSA-2008:220
RHSA-2008:0857
http://www.redhat.com/support/errata/RHSA-2008-0857.html
RHSA-2008:0885
http://www.redhat.com/support/errata/RHSA-2008-0885.html
RHSA-2008:0972
http://rhn.redhat.com/errata/RHSA-2008-0972.html
SUSE-SA:2008:047
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html
SUSE-SA:2008:048
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html
SUSE-SA:2008:049
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
SUSE-SA:2008:052
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
SUSE-SR:2008:025
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
USN-637-1
https://usn.ubuntu.com/637-1/
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=82e68f7ffec3800425f2391c8c86277606860442
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2
linux-kernel-seqosssynth-info-disclosure(44225)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44225
oval:org.mitre.oval:def:11182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11182
Common Vulnerability Exposure (CVE) ID: CVE-2008-3275
1020739
http://www.securitytracker.com/id?1020739
30647
http://www.securityfocus.com/bid/30647
32344
http://secunia.com/advisories/32344
33201
http://secunia.com/advisories/33201
33280
http://secunia.com/advisories/33280
33556
http://secunia.com/advisories/33556
ADV-2008-2430
http://www.vupen.com/english/advisories/2008/2430
RHSA-2008:0787
http://www.redhat.com/support/errata/RHSA-2008-0787.html
RHSA-2008:0973
http://www.redhat.com/support/errata/RHSA-2008-0973.html
RHSA-2009:0014
http://www.redhat.com/support/errata/RHSA-2009-0014.html
[linux-kernel] 20080702 Is VFS behavior fine?
http://lkml.org/lkml/2008/7/2/83
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d70b67c8bc72ee23b55381bd6a884f4796692f77
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.15
https://bugzilla.redhat.com/show_bug.cgi?id=457858
linux-kernel-ubifs-dos(44410)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44410
oval:org.mitre.oval:def:10744
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10744
oval:org.mitre.oval:def:6551
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6551
Common Vulnerability Exposure (CVE) ID: CVE-2008-3276
1020705
http://www.securitytracker.com/id?1020705
30704
http://www.securityfocus.com/bid/30704
31509
http://secunia.com/advisories/31509
32237
http://secunia.com/advisories/32237
32393
http://secunia.com/advisories/32393
32485
http://secunia.com/advisories/32485
ADV-2008-2406
http://www.vupen.com/english/advisories/2008/2406
DSA-1653
http://www.debian.org/security/2008/dsa-1653
RHSA-2008:0957
http://www.redhat.com/support/errata/RHSA-2008-0957.html
USN-659-1
http://www.ubuntu.com/usn/usn-659-1
[oss-security] 20080815 CVE-2008-3276 Linux kernel dccp_setsockopt_change() integer overflow
http://www.openwall.com/lists/oss-security/2008/08/15/3
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=3e8a0a559c66ee9e7468195691a56fefc3589740
https://bugzilla.redhat.com/show_bug.cgi?id=459226
oval:org.mitre.oval:def:11506
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11506
Common Vulnerability Exposure (CVE) ID: CVE-2008-3526
30847
http://www.securityfocus.com/bid/30847
MDVSA-2008:223
http://www.mandriva.com/security/advisories?name=MDVSA-2008:223
SUSE-SA:2008:053
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html
[oss-security] 20080826 CVE-2008-3526 Linux kernel sctp_setsockopt_auth_key() integer overflow
http://www.openwall.com/lists/oss-security/2008/08/26/9
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=30c2235cbc477d4629983d440cdc4f496fec9246
linux-kernel-sctpsetsockoptauthkey-dos(44723)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44723
Common Vulnerability Exposure (CVE) ID: CVE-2008-3534
BugTraq ID: 31134
http://www.securityfocus.com/bid/31134
Debian Security Information: DSA-1636 (Google Search)
http://lkml.org/lkml/2008/7/26/71
XForce ISS Database: linux-kernel-tmpfs-dos(44489)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44489
Common Vulnerability Exposure (CVE) ID: CVE-2008-3535
BugTraq ID: 31132
http://www.securityfocus.com/bid/31132
http://www.lkml.org/lkml/2008/7/30/446
XForce ISS Database: linux-kernel-ioviteradvance-dos(44492)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44492
Common Vulnerability Exposure (CVE) ID: CVE-2008-3792
BugTraq ID: 31121
http://www.securityfocus.com/bid/31121
Bugtraq: 20080911 [TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences (Google Search)
http://www.securityfocus.com/archive/1/496256/100/0/threaded
http://www.trapkit.de/advisories/TKADV2008-007.txt
http://lkml.org/lkml/2008/8/23/49
http://marc.info/?l=linux-netdev&m=121928747903176&w=2
http://www.openwall.com/lists/oss-security/2008/08/25/1
http://www.openwall.com/lists/oss-security/2008/08/26/6
http://www.openwall.com/lists/oss-security/2008/08/26/8
http://www.openwall.com/lists/oss-security/2008/09/26/6
http://www.securitytracker.com/id?1020854
http://securityreason.com/securityalert/4210
SuSE Security Announcement: SUSE-SA:2008:053 (Google Search)
XForce ISS Database: linux-kernel-sctpauthapi-dos(45189)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45189
Common Vulnerability Exposure (CVE) ID: CVE-2008-3915
BugTraq ID: 31133
http://www.securityfocus.com/bid/31133
http://lkml.org/lkml/2008/9/3/286
http://www.openwall.com/lists/oss-security/2008/09/04/4
http://www.openwall.com/lists/oss-security/2008/09/04/18
XForce ISS Database: linux-kernel-nfsv4-bo(45055)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45055
CopyrightCopyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.