Test ID:	1.3.6.1.4.1.25623.1.0.66667
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:1469
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2009:1469. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than what could be handled. This could lead to a remote denial of service or code execution. (CVE-2009-1389, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2009-1469.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1389 1023507 http://www.securitytracker.com/id?1023507 20090724 rPSA-2009-0111-1 kernel http://www.securityfocus.com/archive/1/505254/100/0/threaded 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components http://www.securityfocus.com/archive/1/507985/100/0/threaded 35265 http://secunia.com/advisories/35265 35281 http://www.securityfocus.com/bid/35281 35566 http://secunia.com/advisories/35566 35847 http://secunia.com/advisories/35847 36045 http://secunia.com/advisories/36045 36051 http://secunia.com/advisories/36051 36131 http://secunia.com/advisories/36131 36327 http://secunia.com/advisories/36327 37298 http://secunia.com/advisories/37298 37471 http://secunia.com/advisories/37471 40645 http://secunia.com/advisories/40645 ADV-2009-3316 http://www.vupen.com/english/advisories/2009/3316 ADV-2010-0219 http://www.vupen.com/english/advisories/2010/0219 ADV-2010-1857 http://www.vupen.com/english/advisories/2010/1857 DSA-1844 http://www.debian.org/security/2009/dsa-1844 DSA-1865 http://www.debian.org/security/2009/dsa-1865 FEDORA-2009-6768 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01094.html FEDORA-2009-6846 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01193.html FEDORA-2009-6883 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01048.html MDVSA-2009:148 http://www.mandriva.com/security/advisories?name=MDVSA-2009:148 RHSA-2009:1157 http://www.redhat.com/support/errata/RHSA-2009-1157.html RHSA-2009:1193 http://www.redhat.com/support/errata/RHSA-2009-1193.html SUSE-SA:2009:038 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html SUSE-SA:2010:031 http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html USN-807-1 http://www.ubuntu.com/usn/usn-807-1 [linux-kernel] 20090608 [Security, resend] Instant crash with rtl8169 and large packets http://lkml.org/lkml/2009/6/8/194 [linux-netdev] 20090214 r8169: instant crash if receiving packet larger than MTU http://marc.info/?l=linux-netdev&m=123462461713724&w=2 [oss-security] 20090610 CVE-2009-1389 kernel: r8169: fix crash when large packets are received http://www.openwall.com/lists/oss-security/2009/06/10/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=fdd7b4c3302c93f6833e338903ea77245eb510b4 http://support.avaya.com/css/P8/documents/100067254 http://support.citrix.com/article/CTX123453 http://wiki.rpath.com/Advisories:rPSA-2009-0111 http://www.vmware.com/security/advisories/VMSA-2009-0016.html https://bugzilla.redhat.com/show_bug.cgi?id=504726 linux-kernel-rtl8169nic-dos(51051) https://exchange.xforce.ibmcloud.com/vulnerabilities/51051 oval:org.mitre.oval:def:10415 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10415 oval:org.mitre.oval:def:8108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8108 Common Vulnerability Exposure (CVE) ID: CVE-2009-2692 BugTraq ID: 36038 http://www.securityfocus.com/bid/36038 Bugtraq: 20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations (Google Search) http://www.securityfocus.com/archive/1/505751/100/0/threaded Bugtraq: 20090818 rPSA-2009-0121-1 kernel open-vm-tools (Google Search) http://www.securityfocus.com/archive/1/505912/100/0/threaded Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search) http://www.securityfocus.com/archive/1/512019/100/0/threaded Debian Security Information: DSA-1865 (Google Search) http://www.exploit-db.com/exploits/19933 http://www.exploit-db.com/exploits/9477 http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:233 http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html http://grsecurity.net/~spender/wunderbar_emporium.tgz http://zenthought.org/content/file/android-root-2009-08-16-source http://www.openwall.com/lists/oss-security/2009/08/14/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657 RedHat Security Advisories: RHSA-2009:1222 http://rhn.redhat.com/errata/RHSA-2009-1222.html RedHat Security Advisories: RHSA-2009:1223 http://rhn.redhat.com/errata/RHSA-2009-1223.html http://www.redhat.com/support/errata/RHSA-2009-1233.html http://secunia.com/advisories/36278 http://secunia.com/advisories/36289 http://secunia.com/advisories/36430 SuSE Security Announcement: SUSE-SR:2009:015 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://www.vupen.com/english/advisories/2009/2272 Common Vulnerability Exposure (CVE) ID: CVE-2009-2698 BugTraq ID: 36108 http://www.securityfocus.com/bid/36108 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 http://www.openwall.com/lists/oss-security/2009/08/25/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142 http://www.securitytracker.com/id?1022761 http://secunia.com/advisories/23073 http://secunia.com/advisories/36510 http://secunia.com/advisories/37105 SuSE Security Announcement: SUSE-SA:2009:046 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html http://www.ubuntu.com/usn/USN-852-1
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.