Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64943
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:1457
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2009:1457.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in
the Linux kernel. This driver allowed interfaces using this driver to
receive frames larger than what could be handled. This could lead to a
remote denial of service or code execution. (CVE-2009-1389, Important)

* Tavis Ormandy and Julien Tinnes of the Google Security Team reported a
flaw in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not
initialize the sendpage operation in the proto_ops structure correctly. A
local, unprivileged user could use this flaw to cause a local denial of
service or escalate their privileges. (CVE-2009-2692, Important)

* Tavis Ormandy and Julien Tinnes of the Google Security Team reported a
flaw in the udp_sendmsg() implementation in the Linux kernel when using the
MSG_MORE flag on UDP sockets. A local, unprivileged user could use this
flaw to cause a local denial of service or escalate their privileges.
(CVE-2009-2698, Important)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-1457.html
http://www.redhat.com/security/updates/classification/#important

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1389
BugTraq ID: 35281
http://www.securityfocus.com/bid/35281
Bugtraq: 20090724 rPSA-2009-0111-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/505254/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Debian Security Information: DSA-1844 (Google Search)
http://www.debian.org/security/2009/dsa-1844
Debian Security Information: DSA-1865 (Google Search)
http://www.debian.org/security/2009/dsa-1865
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01094.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01193.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01048.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148
http://lkml.org/lkml/2009/6/8/194
http://marc.info/?l=linux-netdev&m=123462461713724&w=2
http://www.openwall.com/lists/oss-security/2009/06/10/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10415
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8108
http://www.redhat.com/support/errata/RHSA-2009-1157.html
http://www.redhat.com/support/errata/RHSA-2009-1193.html
http://www.securitytracker.com/id?1023507
http://secunia.com/advisories/35265
http://secunia.com/advisories/35566
http://secunia.com/advisories/35847
http://secunia.com/advisories/36045
http://secunia.com/advisories/36051
http://secunia.com/advisories/36131
http://secunia.com/advisories/36327
http://secunia.com/advisories/37298
http://secunia.com/advisories/37471
http://secunia.com/advisories/40645
SuSE Security Announcement: SUSE-SA:2009:038 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html
SuSE Security Announcement: SUSE-SA:2010:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
http://www.ubuntu.com/usn/usn-807-1
http://www.vupen.com/english/advisories/2009/3316
http://www.vupen.com/english/advisories/2010/0219
http://www.vupen.com/english/advisories/2010/1857
XForce ISS Database: linux-kernel-rtl8169nic-dos(51051)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51051
Common Vulnerability Exposure (CVE) ID: CVE-2009-2692
BugTraq ID: 36038
http://www.securityfocus.com/bid/36038
Bugtraq: 20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations (Google Search)
http://www.securityfocus.com/archive/1/505751/100/0/threaded
Bugtraq: 20090818 rPSA-2009-0121-1 kernel open-vm-tools (Google Search)
http://www.securityfocus.com/archive/1/505912/100/0/threaded
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/512019/100/0/threaded
http://www.exploit-db.com/exploits/19933
http://www.exploit-db.com/exploits/9477
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:233
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
http://grsecurity.net/~spender/wunderbar_emporium.tgz
http://zenthought.org/content/file/android-root-2009-08-16-source
http://www.openwall.com/lists/oss-security/2009/08/14/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657
RedHat Security Advisories: RHSA-2009:1222
http://rhn.redhat.com/errata/RHSA-2009-1222.html
RedHat Security Advisories: RHSA-2009:1223
http://rhn.redhat.com/errata/RHSA-2009-1223.html
http://www.redhat.com/support/errata/RHSA-2009-1233.html
http://secunia.com/advisories/36278
http://secunia.com/advisories/36289
http://secunia.com/advisories/36430
SuSE Security Announcement: SUSE-SR:2009:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://www.vupen.com/english/advisories/2009/2272
Common Vulnerability Exposure (CVE) ID: CVE-2009-2698
BugTraq ID: 36108
http://www.securityfocus.com/bid/36108
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://www.openwall.com/lists/oss-security/2009/08/25/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142
http://www.securitytracker.com/id?1022761
http://secunia.com/advisories/23073
http://secunia.com/advisories/36510
http://secunia.com/advisories/37105
SuSE Security Announcement: SUSE-SA:2009:046 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html
http://www.ubuntu.com/usn/USN-852-1
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.