English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64835
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:1438
Summary:The remote host is missing updates to the Linux kernel announced in;advisory RHSA-2009:1438.;;This update fixes the following security issues:;; * the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a;setuid or setgid program was executed. A local, unprivileged user could use;this flaw to bypass the mmap_min_addr protection mechanism and perform a;NULL pointer dereference attack, or bypass the Address Space Layout;Randomization (ASLR) security feature. (CVE-2009-1895, Important);; * it was discovered that, when executing a new process, the clear_child_tid;pointer in the Linux kernel is not cleared. If this pointer points to a;writable portion of the memory of the new program, the kernel could corrupt;four bytes of memory, possibly leading to a local denial of service or;privilege escalation. (CVE-2009-2848, Important);; * Solar Designer reported a missing capability check in the z90crypt driver;in the Linux kernel. This missing check could allow a local user with an;effective user ID (euid) of 0 to bypass intended capability restrictions.;(CVE-2009-1883, Moderate);; * a flaw was found in the way the do_sigaltstack() function in the Linux;kernel copies the stack_t structure to user-space. On 64-bit machines, this;flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate)
Description:Summary:
The remote host is missing updates to the Linux kernel announced in
advisory RHSA-2009:1438.

This update fixes the following security issues:

* the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a
setuid or setgid program was executed. A local, unprivileged user could use
this flaw to bypass the mmap_min_addr protection mechanism and perform a
NULL pointer dereference attack, or bypass the Address Space Layout
Randomization (ASLR) security feature. (CVE-2009-1895, Important)

* it was discovered that, when executing a new process, the clear_child_tid
pointer in the Linux kernel is not cleared. If this pointer points to a
writable portion of the memory of the new program, the kernel could corrupt
four bytes of memory, possibly leading to a local denial of service or
privilege escalation. (CVE-2009-2848, Important)

* Solar Designer reported a missing capability check in the z90crypt driver
in the Linux kernel. This missing check could allow a local user with an
effective user ID (euid) of 0 to bypass intended capability restrictions.
(CVE-2009-1883, Moderate)

* a flaw was found in the way the do_sigaltstack() function in the Linux
kernel copies the stack_t structure to user-space. On 64-bit machines, this
flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate)

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1883
36759
http://secunia.com/advisories/36759
37105
http://secunia.com/advisories/37105
RHSA-2009:1438
http://www.redhat.com/support/errata/RHSA-2009-1438.html
SUSE-SA:2010:013
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
USN-852-1
http://www.ubuntu.com/usn/USN-852-1
[oss-security] 20090915 CVE-2009-1883 kernel: missing capability check in z90crypt
http://www.openwall.com/lists/oss-security/2009/09/15/1
[oss-security] 20090915 Re: CVE-2009-1883 kernel: missing capability check in z90crypt
http://www.openwall.com/lists/oss-security/2009/09/15/3
https://bugzilla.redhat.com/show_bug.cgi?id=505983
oval:org.mitre.oval:def:9513
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9513
Common Vulnerability Exposure (CVE) ID: CVE-2009-1895
20090724 rPSA-2009-0111-1 kernel
http://www.securityfocus.com/archive/1/505254/100/0/threaded
20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
http://www.securityfocus.com/archive/1/507985/100/0/threaded
20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel
http://www.securityfocus.com/archive/1/512019/100/0/threaded
35647
http://www.securityfocus.com/bid/35647
35801
http://secunia.com/advisories/35801
36045
http://secunia.com/advisories/36045
36051
http://secunia.com/advisories/36051
36054
http://secunia.com/advisories/36054
36116
http://secunia.com/advisories/36116
36131
http://secunia.com/advisories/36131
37471
http://secunia.com/advisories/37471
55807
http://www.osvdb.org/55807
ADV-2009-1866
http://www.vupen.com/english/advisories/2009/1866
ADV-2009-3316
http://www.vupen.com/english/advisories/2009/3316
DSA-1844
http://www.debian.org/security/2009/dsa-1844
DSA-1845
http://www.debian.org/security/2009/dsa-1845
FEDORA-2009-8144
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00223.html
FEDORA-2009-8264
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00166.html
MDVSA-2011:051
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
RHSA-2009:1193
http://www.redhat.com/support/errata/RHSA-2009-1193.html
RHSA-2009:1540
https://rhn.redhat.com/errata/RHSA-2009-1540.html
RHSA-2009:1550
https://rhn.redhat.com/errata/RHSA-2009-1550.html
USN-807-1
http://www.ubuntu.com/usn/usn-807-1
http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f9fabcb58a6d26d6efde842d1703ac7cfa9427b6
http://patchwork.kernel.org/patch/32598/
http://wiki.rpath.com/Advisories:rPSA-2009-0111
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc3
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://bugs.launchpad.net/bugs/cve/2009-1895
oval:org.mitre.oval:def:11768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11768
oval:org.mitre.oval:def:7826
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7826
oval:org.mitre.oval:def:9453
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9453
Common Vulnerability Exposure (CVE) ID: CVE-2009-2847
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.exploit-db.com/exploits/9352
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html
http://www.openwall.com/lists/oss-security/2009/08/04/1
http://www.openwall.com/lists/oss-security/2009/08/05/1
http://www.openwall.com/lists/oss-security/2009/08/26/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10637
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8405
RedHat Security Advisories: RHSA-2009:1243
http://rhn.redhat.com/errata/RHSA-2009-1243.html
http://secunia.com/advisories/36136
http://secunia.com/advisories/36501
http://secunia.com/advisories/36562
Common Vulnerability Exposure (CVE) ID: CVE-2009-2848
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://article.gmane.org/gmane.linux.kernel/871942
http://www.openwall.com/lists/oss-security/2009/08/04/2
http://www.openwall.com/lists/oss-security/2009/08/05/10
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766
RedHat Security Advisories: RHSA-2009:1550
http://secunia.com/advisories/35983
http://secunia.com/advisories/37351
SuSE Security Announcement: SUSE-SA:2009:054 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
SuSE Security Announcement: SUSE-SA:2009:056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
SuSE Security Announcement: SUSE-SA:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
XForce ISS Database: kernel-execve-dos(52899)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52899
CopyrightCopyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.