 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.64017 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2009:1055 |
| Summary: | The remote host is missing updates announced in;advisory RHSA-2009:1055.;;The kernel packages contain the Linux kernel, the core of any Linux;operating system.;;This update fixes the following security issue:;; * a buffer overflow was found in the Linux kernel Partial Reliable Stream;Control Transmission Protocol (PR-SCTP) implementation. This could,;potentially, lead to a remote denial of service or arbitrary code execution;if a Forward-TSN chunk is received with a large stream ID. Note: An;established connection between SCTP endpoints is necessary to exploit this;vulnerability. Refer to the Knowledgebase article in the References section;for further information. (CVE-2009-0065, Important);;This update also fixes the following bug:;; * a problem in the way the i5000_edac module reported errors may have;caused the console on some systems to be flooded with errors, similar to;the following:;;EDAC i5000 MC0: NON-FATAL ERROR Found!!! 1st NON-FATAL Err Reg= [hex value];EDAC i5000: NON-Retry Errors, bits= [hex value];;After installing this update, the console will not be flooded with these;errors. (BZ#494734);;Users should upgrade to these updated packages, which contain backported;patches to correct these issues. The system must be rebooted for this;update to take effect. |
| Description: | Summary: The remote host is missing updates announced in advisory RHSA-2009:1055. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * a buffer overflow was found in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation. This could, potentially, lead to a remote denial of service or arbitrary code execution if a Forward-TSN chunk is received with a large stream ID. Note: An established connection between SCTP endpoints is necessary to exploit this vulnerability. Refer to the Knowledgebase article in the References section for further information. (CVE-2009-0065, Important) This update also fixes the following bug: * a problem in the way the i5000_edac module reported errors may have caused the console on some systems to be flooded with errors, similar to the following: EDAC i5000 MC0: NON-FATAL ERROR Found!!! 1st NON-FATAL Err Reg= [hex value] EDAC i5000: NON-Retry Errors, bits= [hex value] After installing this update, the console will not be flooded with these errors. (BZ#494734) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-0065 BugTraq ID: 33113 http://www.securityfocus.com/bid/33113 Debian Security Information: DSA-1749 (Google Search) http://www.debian.org/security/2009/dsa-1749 Debian Security Information: DSA-1787 (Google Search) http://www.debian.org/security/2009/dsa-1787 Debian Security Information: DSA-1794 (Google Search) http://www.debian.org/security/2009/dsa-1794 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html HPdes Security Advisory: HPSBNS02449 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832118 HPdes Security Advisory: SSSRT090149 http://www.openwall.com/lists/oss-security/2009/01/05/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10872 http://www.redhat.com/support/errata/RHSA-2009-0053.html RedHat Security Advisories: RHSA-2009:0264 http://rhn.redhat.com/errata/RHSA-2009-0264.html http://www.redhat.com/support/errata/RHSA-2009-0331.html http://www.redhat.com/support/errata/RHSA-2009-1055.html http://www.securitytracker.com/id?1022698 http://secunia.com/advisories/33674 http://secunia.com/advisories/33854 http://secunia.com/advisories/33858 http://secunia.com/advisories/34252 http://secunia.com/advisories/34394 http://secunia.com/advisories/34680 http://secunia.com/advisories/34762 http://secunia.com/advisories/34981 http://secunia.com/advisories/35011 http://secunia.com/advisories/35174 http://secunia.com/advisories/35390 http://secunia.com/advisories/35394 http://secunia.com/advisories/36191 SuSE Security Announcement: SUSE-SA:2009:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html SuSE Security Announcement: SUSE-SA:2009:030 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html SuSE Security Announcement: SUSE-SA:2009:031 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://www.ubuntu.com/usn/usn-751-1 http://www.vupen.com/english/advisories/2009/0029 http://www.vupen.com/english/advisories/2009/2193 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |