English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75516 CVE descriptions
and 39786 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63522
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDVSA-2009:071 (kernel)
Summary:Mandrake Security Advisory MDVSA-2009:071 (kernel)
Description:The remote host is missing an update to kernel
announced via advisory MDVSA-2009:071.

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux
kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the
CAP_NET_ADMIN capability is absent, instead of when this capability
is present, which allows local users to reset the driver statistics,
related to an inverted logic issue. (CVE-2009-0675)

The sock_getsockopt function in net/core/sock.c in the Linux kernel
before 2.6.28.6 does not initialize a certain structure member, which
allows local users to obtain potentially sensitive information from
kernel memory via an SO_BSDCOMPAT getsockopt request. (CVE-2009-0676)

Additionaly, this update provides stable 1.0.18 ALSA updates/fixes,
STAC92HD71Bx/STAC92HD75Bx hda-intel support changes/fixes
(affects sound chip codecs used on several HP dv laptop series),
fixes/enhancements for HP Educ.ar machine HDA sound support, minor
alsa hda-intel code cleanup for ALC888 6stack-dell model, to stop
printing uneeded output to kernel log, and a few more things. Check
the package changelog for details.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Affected: 2009.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:071
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0675
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
http://lists.openwall.net/netdev/2009/01/28/90
http://openwall.com/lists/oss-security/2009/02/20/2
Debian Security Information: DSA-1749 (Google Search)
http://www.debian.org/security/2009/dsa-1749
Debian Security Information: DSA-1787 (Google Search)
http://www.debian.org/security/2009/dsa-1787
Debian Security Information: DSA-1794 (Google Search)
http://www.debian.org/security/2009/dsa-1794
http://www.mandriva.com/security/advisories?name=MDVSA-2009:071
http://www.redhat.com/support/errata/RHSA-2009-0360.html
http://www.redhat.com/support/errata/RHSA-2009-0326.html
SuSE Security Announcement: SUSE-SA:2009:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
http://www.ubuntu.com/usn/usn-751-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11529
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8685
http://secunia.com/advisories/33938
http://secunia.com/advisories/34394
http://secunia.com/advisories/33758
http://secunia.com/advisories/34502
http://secunia.com/advisories/34680
http://secunia.com/advisories/34981
http://secunia.com/advisories/35011
http://secunia.com/advisories/35394
http://secunia.com/advisories/37471
http://www.vupen.com/english/advisories/2009/3316
Common Vulnerability Exposure (CVE) ID: CVE-2009-0676
http://lkml.org/lkml/2009/2/12/123
http://openwall.com/lists/oss-security/2009/02/20/1
http://marc.info/?l=linux-kernel&m=123540732700371&w=2
http://www.openwall.com/lists/oss-security/2009/02/24/1
http://www.openwall.com/lists/oss-security/2009/03/02/6
RedHat Security Advisories: RHSA-2009:0459
http://rhn.redhat.com/errata/RHSA-2009-0459.html
SuSE Security Announcement: SUSE-SA:2009:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html
SuSE Security Announcement: SUSE-SA:2009:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
BugTraq ID: 33846
http://www.securityfocus.com/bid/33846
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11653
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8618
http://secunia.com/advisories/34786
http://secunia.com/advisories/34962
http://secunia.com/advisories/35390
XForce ISS Database: kernel-sock-information-disclosure(48847)
http://xforce.iss.net/xforce/xfdb/48847
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 39786 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.