English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72151 CVE descriptions
and 38907 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63249
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:0225
Summary:Redhat Security Advisory RHSA-2009:0225
Description:The remote host is missing updates to the kernel announced in
advisory RHSA-2009:0225.

These updated packages contain 730 bug fixes and enhancements for the Linux
kernel. Space precludes a detailed description of each of these changes in
this advisory and users are therefore directed to the release notes for Red
Hat Enterprise Linux 5.3 for information on 97 of the most significant of
these changes.

Details of three security-related bug fixes are set out below, along with
notes on other broad categories of change not covered in the release notes.
For more detailed information on specific bug fixes or enhancements, please
consult the Bugzilla numbers listed in this advisory.

* when fput() was called to close a socket, the __scm_destroy() function
in the Linux kernel could make indirect recursive calls to itself. This
could, potentially, lead to a denial of service issue. (CVE-2008-5029,
Important)

* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A
local, unprivileged user could use the flaw to listen on the same socket
more than once, possibly causing a denial of service. (CVE-2008-5079,
Important)

* a race condition was found in the Linux kernel inotify watch removal
and umount implementation. This could allow a local, unprivileged user
to cause a privilege escalation or a denial of service. (CVE-2008-5182,
Important)

All users are advised to upgrade to these updated packages, which resolve
these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-0225.html
http://www.redhat.com/security/updates/classification/#important
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-5029
Bugtraq: 20090101 Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit (Google Search)
http://www.securityfocus.com/archive/1/archive/1/499700/100/0/threaded
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/512019/100/0/threaded
Bugtraq: 20090103 Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit (Google Search)
http://www.securityfocus.com/archive/1/archive/1/499744/100/0/threaded
http://archives.neohapsis.com/archives/bugtraq/2009-01/0006.html
http://marc.info/?l=linux-netdev&m=122593044330973&w=2
http://www.openwall.com/lists/oss-security/2008/11/06/1
http://darkircop.org/unix.c
Debian Security Information: DSA-1687 (Google Search)
http://www.debian.org/security/2008/dsa-1687
Debian Security Information: DSA-1681 (Google Search)
http://www.debian.org/security/2008/dsa-1681
http://www.mandriva.com/security/advisories?name=MDVSA-2008:234
http://www.redhat.com/support/errata/RHSA-2009-0225.html
http://www.redhat.com/support/errata/RHSA-2009-0009.html
http://www.redhat.com/support/errata/RHSA-2009-0014.html
RedHat Security Advisories: RHSA-2009:1550
https://rhn.redhat.com/errata/RHSA-2009-1550.html
SuSE Security Announcement: SUSE-SA:2008:057 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html
SuSE Security Announcement: SUSE-SA:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html
SuSE Security Announcement: SUSE-SA:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html
http://www.ubuntu.com/usn/usn-679-1
BugTraq ID: 32154
http://www.securityfocus.com/bid/32154
BugTraq ID: 33079
http://www.securityfocus.com/bid/33079
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11694
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9558
http://www.securitytracker.com/id?1021292
http://www.securitytracker.com/id?1021511
http://secunia.com/advisories/32918
http://secunia.com/advisories/33180
http://secunia.com/advisories/33623
http://secunia.com/advisories/32998
http://secunia.com/advisories/33586
http://secunia.com/advisories/33641
http://secunia.com/advisories/33704
http://secunia.com/advisories/33556
http://securityreason.com/securityalert/4573
XForce ISS Database: linux-kernel-scmdestroy-dos(46538)
http://xforce.iss.net/xforce/xfdb/46538
Common Vulnerability Exposure (CVE) ID: CVE-2008-5079
Bugtraq: 20081205 CVE-2008-5079: multiple listen()s on same socket corrupts the vcc table (Google Search)
http://www.securityfocus.com/archive/1/archive/1/498943/100/0/threaded
Bugtraq: 20081209 rPSA-2008-0332-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/499044/100/0/threaded
http://marc.info/?l=linux-netdev&m=122841256115780&w=2
Debian Security Information: DSA-1787 (Google Search)
http://www.debian.org/security/2009/dsa-1787
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01358.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:032
http://www.redhat.com/support/errata/RHSA-2009-0053.html
SuSE Security Announcement: SUSE-SA:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
http://www.ubuntu.com/usn/usn-715-1
http://www.ubuntulinux.org/support/documentation/usn/usn-714-1
BugTraq ID: 32676
http://www.securityfocus.com/bid/32676
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11288
http://www.securitytracker.com/id?1021360
http://secunia.com/advisories/32913
http://secunia.com/advisories/33756
http://secunia.com/advisories/33706
http://secunia.com/advisories/33854
http://secunia.com/advisories/33348
http://secunia.com/advisories/33083
http://secunia.com/advisories/34981
http://securityreason.com/securityalert/4694
Common Vulnerability Exposure (CVE) ID: CVE-2008-5182
BugTraq ID: 33503
http://www.securityfocus.com/bid/33503
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10584
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.