Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0972

The remote host is missing updates announced in
advisory RHSA-2008:0972.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* a flaw was found in the Linux kernel's Direct-IO implementation. This
could have allowed a local unprivileged user to cause a denial of service.
(CVE-2007-6716, Important)

* when running ptrace in 31-bit mode on an IBM S/390 or IBM System z
kernel, a local unprivileged user could cause a denial of service by
reading from or writing into a padding area in the user_regs_struct32
structure. (CVE-2008-1514, Important)

* the do_truncate() and generic_file_splice_write() functions did not clear
the setuid and setgid bits. This could have allowed a local unprivileged
user to obtain access to privileged information. (CVE-2008-4210, Important)

* Tobias Klein reported a missing check in the Linux kernel's Open Sound
System (OSS) implementation. This deficiency could have led to an
information leak. (CVE-2008-3272, Moderate)

* a potential denial of service attack was discovered in the Linux kernel's
PWC USB video driver. A local unprivileged user could have used this flaw
to bring the kernel USB subsystem into the busy-waiting state.
(CVE-2007-5093, Low)

* the ext2 and ext3 file systems code failed to properly handle corrupted
data structures, leading to a possible local denial of service issue when
read or write operations were performed. (CVE-2008-3528, Low)

For additional bug fix information, please visit the referenced
security advisories.

All Red Hat Enterprise Linux 4 Users should upgrade to these updated
packages, which contain backported patches to correct these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3272
BugTraq ID: 30559
Debian Security Information: DSA-1630 (Google Search)
Debian Security Information: DSA-1636 (Google Search)
RedHat Security Advisories: RHSA-2008:0972
SuSE Security Announcement: SUSE-SA:2008:047 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:048 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:049 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:052 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
XForce ISS Database: linux-kernel-seqosssynth-info-disclosure(44225)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6716
BugTraq ID: 31515
Debian Security Information: DSA-1653 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:051 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:056 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2007-5093
BugTraq ID: 25504
Debian Security Information: DSA-1381 (Google Search)
Debian Security Information: DSA-1503 (Google Search)
Debian Security Information: DSA-1504 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2008-1514
BugTraq ID: 31177
Debian Security Information: DSA-1655 (Google Search)
XForce ISS Database: linux-kernel-ptrace-dos(41501)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3528
Bugtraq: 20081112 rPSA-2008-0316-1 kernel (Google Search)
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
Debian Security Information: DSA-1681 (Google Search)
Debian Security Information: DSA-1687 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:053 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:057 (Google Search)
XForce ISS Database: kernel-errorreporting-dos(45720)
Common Vulnerability Exposure (CVE) ID: CVE-2008-4210
BugTraq ID: 31368
XForce ISS Database: linux-kernel-open-privilege-escalation(45539)
CopyrightCopyright (c) 2008 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.