Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64555
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1844-1 (linux-2.6.24)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to linux-2.6.24
announced via advisory DSA 1844-1.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following
problems:

CVE-2009-1385

Neil Horman discovered a missing fix from the e1000 network driver.
A remote user may cause a denial of service by way of a kernel panic
triggered by specially crafted frame sizes.

CVE-2009-1389

Michael Tokarev discovered an issue in the r8169 network driver.
Remote users on the same LAN may cause a denial of service by way
of a kernel panic triggered by receiving a large size frame.

CVE-2009-1630

Frank Filz discovered that local users may be able to execute
files without execute permission when accessed via an nfs4 mount.

CVE-2009-1633

Jeff Layton and Suresh Jayaraman fixed several buffer overflows in
the CIFS filesystem which allow remote servers to cause memory
corruption.

CVE-2009-1895

Julien Tinnes and Tavis Ormandy reported and issue in the Linux
vulnerability code. Local users can take advantage of a setuid
binary that can either be made to dereference a NULL pointer or
drop privileges and return control to the user. This allows a
user to bypass mmap_min_addr restrictions which can be exploited
to execute arbitrary code.

CVE-2009-1914

Mikulas Patocka discovered an issue in sparc64 kernels that allows
local users to cause a denial of service (crash) by reading the
/proc/iomem file.

CVE-2009-1961

Miklos Szeredi reported an issue in the ocfs2 filesystem. Local
users can create a denial of service (filesystem deadlock) using
a particular sequence of splice system calls.

CVE-2009-2406
CVE-2009-2407

Ramon de Carvalho Valle discovered two issues with the eCryptfs
layered filesystem using the fsfuzzer utility. A local user with
permissions to perform an eCryptfs mount may modify the contents
of a eCryptfs file, overflowing the stack and potentially gaining
elevated privileges.

For the stable distribution (etch), these problems have been fixed in
version 2.6.24-6~
etchnhalf.8etch2.

We recommend that you upgrade your linux-2.6.24 packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201844-1

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1385
BugTraq ID: 35185
http://www.securityfocus.com/bid/35185
Bugtraq: 20090724 rPSA-2009-0111-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/505254/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/512019/100/0/threaded
Debian Security Information: DSA-1844 (Google Search)
http://www.debian.org/security/2009/dsa-1844
Debian Security Information: DSA-1865 (Google Search)
http://www.debian.org/security/2009/dsa-1865
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01094.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01193.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01048.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148
http://www.openwall.com/lists/oss-security/2009/06/03/2
http://osvdb.org/54892
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11681
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8340
http://www.redhat.com/support/errata/RHSA-2009-1157.html
http://www.redhat.com/support/errata/RHSA-2009-1193.html
RedHat Security Advisories: RHSA-2009:1550
https://rhn.redhat.com/errata/RHSA-2009-1550.html
http://secunia.com/advisories/35265
http://secunia.com/advisories/35566
http://secunia.com/advisories/35623
http://secunia.com/advisories/35656
http://secunia.com/advisories/35847
http://secunia.com/advisories/36051
http://secunia.com/advisories/36131
http://secunia.com/advisories/36327
http://secunia.com/advisories/37471
SuSE Security Announcement: SUSE-SA:2009:038 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html
http://www.ubuntu.com/usn/usn-793-1
http://www.vupen.com/english/advisories/2009/3316
Common Vulnerability Exposure (CVE) ID: CVE-2009-1389
BugTraq ID: 35281
http://www.securityfocus.com/bid/35281
http://lkml.org/lkml/2009/6/8/194
http://marc.info/?l=linux-netdev&m=123462461713724&w=2
http://www.openwall.com/lists/oss-security/2009/06/10/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10415
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8108
http://www.securitytracker.com/id?1023507
http://secunia.com/advisories/36045
http://secunia.com/advisories/37298
http://secunia.com/advisories/40645
SuSE Security Announcement: SUSE-SA:2010:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
http://www.ubuntu.com/usn/usn-807-1
http://www.vupen.com/english/advisories/2010/0219
http://www.vupen.com/english/advisories/2010/1857
XForce ISS Database: linux-kernel-rtl8169nic-dos(51051)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51051
Common Vulnerability Exposure (CVE) ID: CVE-2009-1630
BugTraq ID: 34934
http://www.securityfocus.com/bid/34934
Debian Security Information: DSA-1809 (Google Search)
http://www.debian.org/security/2009/dsa-1809
http://article.gmane.org/gmane.linux.nfs/26592
http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html
http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html
http://www.openwall.com/lists/oss-security/2009/05/13/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990
http://secunia.com/advisories/35106
http://secunia.com/advisories/35298
http://secunia.com/advisories/35394
SuSE Security Announcement: SUSE-SA:2009:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
http://www.vupen.com/english/advisories/2009/1331
Common Vulnerability Exposure (CVE) ID: CVE-2009-1633
BugTraq ID: 34612
http://www.securityfocus.com/bid/34612
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01126.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01271.html
http://marc.info/?l=oss-security&m=124099284225229&w=2
http://marc.info/?l=oss-security&m=124099371726547&w=2
http://www.openwall.com/lists/oss-security/2009/05/14/4
http://www.openwall.com/lists/oss-security/2009/05/14/1
http://www.openwall.com/lists/oss-security/2009/05/15/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8588
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9525
http://secunia.com/advisories/35217
http://secunia.com/advisories/35226
http://secunia.com/advisories/37351
SuSE Security Announcement: SUSE-SA:2009:054 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
SuSE Security Announcement: SUSE-SA:2009:056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
SuSE Security Announcement: SUSE-SA:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2009-1895
BugTraq ID: 35647
http://www.securityfocus.com/bid/35647
Debian Security Information: DSA-1845 (Google Search)
http://www.debian.org/security/2009/dsa-1845
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00223.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00166.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html
http://www.osvdb.org/55807
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7826
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9453
http://www.redhat.com/support/errata/RHSA-2009-1438.html
RedHat Security Advisories: RHSA-2009:1540
https://rhn.redhat.com/errata/RHSA-2009-1540.html
http://secunia.com/advisories/35801
http://secunia.com/advisories/36054
http://secunia.com/advisories/36116
http://secunia.com/advisories/36759
http://www.vupen.com/english/advisories/2009/1866
Common Vulnerability Exposure (CVE) ID: CVE-2009-1914
BugTraq ID: 35415
http://www.securityfocus.com/bid/35415
http://www.openwall.com/lists/oss-security/2009/06/03/3
http://osvdb.org/54908
XForce ISS Database: kernel-pciregister-dos(51196)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51196
Common Vulnerability Exposure (CVE) ID: CVE-2009-1961
BugTraq ID: 35143
http://www.securityfocus.com/bid/35143
http://www.openwall.com/lists/oss-security/2009/05/29/2
http://www.openwall.com/lists/oss-security/2009/05/30/1
http://www.openwall.com/lists/oss-security/2009/06/02/2
http://www.openwall.com/lists/oss-security/2009/06/03/1
http://securitytracker.com/id?1022307
http://secunia.com/advisories/35390
SuSE Security Announcement: SUSE-SA:2009:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2009-2406
BugTraq ID: 35851
http://www.securityfocus.com/bid/35851
Bugtraq: 20090728 [RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/505334/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2011:029
http://risesecurity.org/advisories/RISE-2009002.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8246
http://www.securitytracker.com/id?1022663
http://secunia.com/advisories/35985
SuSE Security Announcement: SUSE-SR:2009:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://www.vupen.com/english/advisories/2009/2041
Common Vulnerability Exposure (CVE) ID: CVE-2009-2407
BugTraq ID: 35850
http://www.securityfocus.com/bid/35850
Bugtraq: 20090728 [RISE-2009003] Linux eCryptfs parse_tag_3_packet Encrypted Key Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/505337/100/0/threaded
http://risesecurity.org/advisories/RISE-2009003.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11255
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8057
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.