Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.63911
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2009:0459
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing updates to the kernel announced in
advisory RHSA-2009:0459.

Security fixes:

* a logic error was found in the do_setlk() function of the Linux kernel
Network File System (NFS) implementation. If a signal interrupted a lock
request, the local POSIX lock was incorrectly created. This could cause a
denial of service on the NFS server if a file descriptor was closed before
its corresponding lock request returned. (CVE-2008-4307, Important)

* a deficiency was found in the Linux kernel system call auditing
implementation on 64-bit systems. This could allow a local, unprivileged
user to circumvent a system call audit configuration, if that configuration
filtered based on the syscall number or arguments.
(CVE-2009-0834, Important)

* Chris Evans reported a deficiency in the Linux kernel signals
implementation. The clone() system call permits the caller to indicate the
signal it wants to receive when its child exits. When clone() is called
with the CLONE_PARENT flag, it permits the caller to clone a new child that
shares the same parent as itself, enabling the indicated signal to be sent
to the caller's parent (instead of the caller), even if the caller's parent
has different real and effective user IDs. This could lead to a denial of
service of the parent. (CVE-2009-0028, Moderate)

* the sock_getsockopt() function in the Linux kernel did not properly
initialize a data structure that can be directly returned to user-space
when the getsockopt() function is called with SO_BSDCOMPAT optname set.
This flaw could possibly lead to memory disclosure.
(CVE-2009-0676, Moderate)

For details on other non-security related bug fixes, please visit
the referenced advisories.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-0459.html
http://www.redhat.com/security/updates/classification/#important

CVSS Score:
4.0

CVSS Vector:
AV:L/AC:H/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-4307
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Debian Security Information: DSA-1787 (Google Search)
http://www.debian.org/security/2009/dsa-1787
Debian Security Information: DSA-1794 (Google Search)
http://www.debian.org/security/2009/dsa-1794
http://openwall.com/lists/oss-security/2009/01/13/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7728
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9233
http://www.redhat.com/support/errata/RHSA-2009-0451.html
RedHat Security Advisories: RHSA-2009:0459
http://rhn.redhat.com/errata/RHSA-2009-0459.html
RedHat Security Advisories: RHSA-2009:0473
http://rhn.redhat.com/errata/RHSA-2009-0473.html
http://secunia.com/advisories/34917
http://secunia.com/advisories/34962
http://secunia.com/advisories/34981
http://secunia.com/advisories/35011
http://secunia.com/advisories/35015
http://secunia.com/advisories/37471
http://www.ubuntu.com/usn/usn-751-1
http://www.vupen.com/english/advisories/2009/3316
Common Vulnerability Exposure (CVE) ID: CVE-2009-0028
BugTraq ID: 33906
http://www.securityfocus.com/bid/33906
Bugtraq: 20090516 rPSA-2009-0084-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/503610/100/0/threaded
Debian Security Information: DSA-1800 (Google Search)
http://www.debian.org/security/2009/dsa-1800
http://www.mandriva.com/security/advisories?name=MDVSA-2009:118
http://scary.beasts.org/security/CESA-2009-002.html
http://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-signal-vulnerability.html
http://osvdb.org/52204
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11187
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7947
http://www.redhat.com/support/errata/RHSA-2009-0326.html
http://secunia.com/advisories/33758
http://secunia.com/advisories/34033
http://secunia.com/advisories/34680
http://secunia.com/advisories/35120
http://secunia.com/advisories/35121
http://secunia.com/advisories/35390
http://secunia.com/advisories/35394
SuSE Security Announcement: SUSE-SA:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
SuSE Security Announcement: SUSE-SA:2009:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
SuSE Security Announcement: SUSE-SA:2009:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
Common Vulnerability Exposure (CVE) ID: CVE-2009-0676
BugTraq ID: 33846
http://www.securityfocus.com/bid/33846
Debian Security Information: DSA-1749 (Google Search)
http://www.debian.org/security/2009/dsa-1749
http://www.mandriva.com/security/advisories?name=MDVSA-2009:071
http://lkml.org/lkml/2009/2/12/123
http://marc.info/?l=linux-kernel&m=123540732700371&w=2
http://openwall.com/lists/oss-security/2009/02/20/1
http://www.openwall.com/lists/oss-security/2009/02/24/1
http://www.openwall.com/lists/oss-security/2009/03/02/6
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11653
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8618
http://www.redhat.com/support/errata/RHSA-2009-0360.html
http://secunia.com/advisories/34394
http://secunia.com/advisories/34502
http://secunia.com/advisories/34786
SuSE Security Announcement: SUSE-SA:2009:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html
XForce ISS Database: kernel-sock-information-disclosure(48847)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48847
Common Vulnerability Exposure (CVE) ID: CVE-2009-0834
BugTraq ID: 33951
http://www.securityfocus.com/bid/33951
http://scary.beasts.org/security/CESA-2009-001.html
http://marc.info/?l=linux-kernel&m=123579056530191&w=2
http://marc.info/?l=linux-kernel&m=123579065130246&w=2
http://marc.info/?l=oss-security&m=123597642832637&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8508
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9600
http://www.securitytracker.com/id?1022153
http://secunia.com/advisories/34084
http://secunia.com/advisories/35185
SuSE Security Announcement: SUSE-SA:2009:028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html
XForce ISS Database: linux-kernel-auditsyscallentry-sec-bypass(49061)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49061
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.