CentOS Local Security Checks : CentOS Update for hypervkvpd-0 CESA-2013:0807 centos5

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.881734

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for hypervkvpd-0 CESA-2013:0807 centos5

Zusammenfassung: The remote host is missing an update for the 'hypervkvpd-0'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'hypervkvpd-0'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V
Key-Value Pair (KVP) daemon. The daemon passes basic information to the
host through VMBus, such as the guest IP address, fully qualified domain
name, operating system name, and operating system release number.

A denial of service flaw was found in the way hypervkvpd processed certain
Netlink messages. A local, unprivileged user in a guest (running on
Microsoft Hyper-V) could send a Netlink message that, when processed, would
cause the guest's hypervkvpd daemon to exit. (CVE-2012-5532)

The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat
Product Security Team.

This update also fixes the following bug:

* The hypervkvpd daemon did not close the file descriptors for pool files
when they were updated. This could eventually lead to hypervkvpd crashing
with a 'KVP: Failed to open file, pool: 1' error after consuming all
available file descriptors. With this update, the file descriptors are
closed, correcting this issue. (BZ#953502)

Users of hypervkvpd are advised to upgrade to this updated package, which
contains backported patches to correct these issues. After installing the
update, it is recommended to reboot all guest machines.

Affected Software/OS:
hypervkvpd-0 on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-5532
56710
http://www.securityfocus.com/bid/56710
MDVSA-2013:176
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
RHSA-2013:0807
http://rhn.redhat.com/errata/RHSA-2013-0807.html
[oss-security] 20121127 Re: CVE-2012-5532 hypervkvpd DoS
http://www.openwall.com/lists/oss-security/2012/11/27/12
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95a69adab9acfc3981c504737a2b6578e4d846ef
http://www.kernel.org/pub/linux/kernel/v3.x/testing/
http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2
https://bugzilla.novell.com/show_bug.cgi?id=761200
https://bugzilla.redhat.com/show_bug.cgi?id=877572
https://github.com/torvalds/linux/commit/95a69adab9acfc3981c504737a2b6578e4d846ef
kernel-hypervkvpd-dos(80337)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80337

Copyright Copyright (C) 2013 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.881734
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for hypervkvpd-0 CESA-2013:0807 centos5
Zusammenfassung:	The remote host is missing an update for the 'hypervkvpd-0'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'hypervkvpd-0' package(s) announced via the referenced advisory. Vulnerability Insight: The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair (KVP) daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest (running on Microsoft Hyper-V) could send a Netlink message that, when processed, would cause the guest's hypervkvpd daemon to exit. (CVE-2012-5532) The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat Product Security Team. This update also fixes the following bug: * The hypervkvpd daemon did not close the file descriptors for pool files when they were updated. This could eventually lead to hypervkvpd crashing with a 'KVP: Failed to open file, pool: 1' error after consuming all available file descriptors. With this update, the file descriptors are closed, correcting this issue. (BZ#953502) Users of hypervkvpd are advised to upgrade to this updated package, which contains backported patches to correct these issues. After installing the update, it is recommended to reboot all guest machines. Affected Software/OS: hypervkvpd-0 on CentOS 5 Solution: Please install the updated packages. CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5532 56710 http://www.securityfocus.com/bid/56710 MDVSA-2013:176 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 RHSA-2013:0807 http://rhn.redhat.com/errata/RHSA-2013-0807.html [oss-security] 20121127 Re: CVE-2012-5532 hypervkvpd DoS http://www.openwall.com/lists/oss-security/2012/11/27/12 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95a69adab9acfc3981c504737a2b6578e4d846ef http://www.kernel.org/pub/linux/kernel/v3.x/testing/ http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2 https://bugzilla.novell.com/show_bug.cgi?id=761200 https://bugzilla.redhat.com/show_bug.cgi?id=877572 https://github.com/torvalds/linux/commit/95a69adab9acfc3981c504737a2b6578e4d846ef kernel-hypervkvpd-dos(80337) https://exchange.xforce.ibmcloud.com/vulnerabilities/80337
Copyright	Copyright (C) 2013 Greenbone AG