English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.1.1.2008.1479
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1479-1)
Summary:The remote host is missing an update for the Debian 'linux-2.6' package(s) announced via the DSA-1479-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'linux-2.6' package(s) announced via the DSA-1479-1 advisory.

Vulnerability Insight:
Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-2878

Bart Oldeman reported a denial of service (DoS) issue in the VFAT filesystem that allows local users to corrupt a kernel structure resulting in a system crash. This is only an issue for systems which make use of the VFAT compat ioctl interface, such as systems running an 'amd64' flavor kernel.

CVE-2007-4571

Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module. Local users could exploit this issue to obtain sensitive information from the kernel.

CVE-2007-6151

ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory by issuing ioctls with unterminated data.

CVE-2008-0001

Bill Roman of Datalight noticed a coding error in the linux VFS subsystem that, under certain conditions, can allow local users to remove directories for which they should not have removal privileges.

These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-17etch1.

We recommend that you upgrade your kernel packages immediately and reboot the machine. If you have built a custom kernel from the kernel source package, you will need to rebuild to take advantage of these fixes.

Affected Software/OS:
'linux-2.6' package(s) on Debian 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-2878
BugTraq ID: 24134
http://www.securityfocus.com/bid/24134
Debian Security Information: DSA-1479 (Google Search)
http://www.debian.org/security/2008/dsa-1479
http://osvdb.org/35926
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11674
http://www.redhat.com/support/errata/RHSA-2007-0705.html
http://www.redhat.com/support/errata/RHSA-2007-0939.html
http://secunia.com/advisories/25505
http://secunia.com/advisories/26133
http://secunia.com/advisories/26139
http://secunia.com/advisories/26760
http://secunia.com/advisories/27436
http://secunia.com/advisories/27747
http://secunia.com/advisories/28626
http://www.ubuntu.com/usn/usn-486-1
http://www.ubuntu.com/usn/usn-489-1
http://www.ubuntu.com/usn/usn-510-1
http://www.vupen.com/english/advisories/2007/2023
XForce ISS Database: kernel-vfatioctls-dos(34669)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34669
Common Vulnerability Exposure (CVE) ID: CVE-2007-4571
1018734
http://www.securitytracker.com/id?1018734
20070925 Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
25807
http://www.securityfocus.com/bid/25807
26918
http://secunia.com/advisories/26918
26980
http://secunia.com/advisories/26980
26989
http://secunia.com/advisories/26989
27101
http://secunia.com/advisories/27101
27227
http://secunia.com/advisories/27227
27436
27747
27824
http://secunia.com/advisories/27824
28626
29054
http://secunia.com/advisories/29054
30769
http://secunia.com/advisories/30769
ADV-2007-3272
http://www.vupen.com/english/advisories/2007/3272
DSA-1479
DSA-1505
http://www.debian.org/security/2008/dsa-1505
FEDORA-2007-2349
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00436.html
FEDORA-2007-714
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00083.html
RHSA-2007:0939
RHSA-2007:0993
http://www.redhat.com/support/errata/RHSA-2007-0993.html
SUSE-SA:2007:053
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
USN-618-1
http://www.ubuntu.com/usn/usn-618-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccec6e2c4a74adf76ed4e2478091a311b1806212
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.8
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
https://issues.rpath.com/browse/RPL-1761
linux-sndpagealloc-information-disclosure(36780)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36780
oval:org.mitre.oval:def:9053
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9053
Common Vulnerability Exposure (CVE) ID: CVE-2007-6151
BugTraq ID: 27497
http://www.securityfocus.com/bid/27497
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
Debian Security Information: DSA-1504 (Google Search)
http://www.debian.org/security/2008/dsa-1504
http://www.mandriva.com/security/advisories?name=MDVSA-2008:086
http://www.mandriva.com/security/advisories?name=MDVSA-2008:112
http://lists.vmware.com/pipermail/security-announce/2008/000023.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10971
RedHat Security Advisories: RHSA-2008:0055
http://rhn.redhat.com/errata/RHSA-2008-0055.html
http://www.redhat.com/support/errata/RHSA-2008-0211.html
http://www.redhat.com/support/errata/RHSA-2008-0787.html
http://secunia.com/advisories/28706
http://secunia.com/advisories/28748
http://secunia.com/advisories/28889
http://secunia.com/advisories/28971
http://secunia.com/advisories/29058
http://secunia.com/advisories/29570
http://secunia.com/advisories/30110
http://secunia.com/advisories/30962
http://secunia.com/advisories/31246
http://secunia.com/advisories/33280
SuSE Security Announcement: SUSE-SA:2008:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html
SuSE Security Announcement: SUSE-SA:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
SuSE Security Announcement: SUSE-SA:2008:032 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
http://www.ubuntu.com/usn/usn-574-1
http://www.ubuntu.com/usn/usn-578-1
http://www.vupen.com/english/advisories/2008/2222/references
Common Vulnerability Exposure (CVE) ID: CVE-2008-0001
1019289
http://securitytracker.com/id?1019289
20080117 rPSA-2008-0021-1 kernel
http://www.securityfocus.com/archive/1/486485/100/0/threaded
27280
http://www.securityfocus.com/bid/27280
28485
http://secunia.com/advisories/28485
28558
http://secunia.com/advisories/28558
28628
http://secunia.com/advisories/28628
28643
http://secunia.com/advisories/28643
28664
http://secunia.com/advisories/28664
28706
28748
28806
http://secunia.com/advisories/28806
28971
29245
http://secunia.com/advisories/29245
ADV-2008-0151
http://www.vupen.com/english/advisories/2008/0151
FEDORA-2008-0748
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00828.html
MDVSA-2008:044
http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
MDVSA-2008:112
RHSA-2008:0055
RHSA-2008:0089
http://www.redhat.com/support/errata/RHSA-2008-0089.html
SUSE-SA:2008:006
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
SUSE-SA:2008:013
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
USN-574-1
USN-578-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=974a9f0b47da74e28f68b9c8645c3786aa5ace1a
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.16
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0021
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.14
https://issues.rpath.com/browse/RPL-2146
linux-directory-security-bypass(39672)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39672
oval:org.mitre.oval:def:9709
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9709
CopyrightCopyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.