ID de Prueba:	1.3.6.1.4.1.25623.1.0.105417
Categoría:	F5 Local Security Checks
Título:	F5 BIG-IP - Linux kernel vulnerability CVE-2015-1805
Resumen:	The remote host is missing a security patch.
Descripción:	Summary: The remote host is missing a security patch. Vulnerability Insight: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O vector array overrun.' (CVE-2015-1805) Vulnerability Impact: A local unprivileged user may use this flaw to crash the system, or potentially escalate their privileges on the system. Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1805 1032454 http://www.securitytracker.com/id/1032454 74951 http://www.securityfocus.com/bid/74951 DSA-3290 http://www.debian.org/security/2015/dsa-3290 RHSA-2015:1042 http://rhn.redhat.com/errata/RHSA-2015-1042.html RHSA-2015:1081 http://rhn.redhat.com/errata/RHSA-2015-1081.html RHSA-2015:1082 http://rhn.redhat.com/errata/RHSA-2015-1082.html RHSA-2015:1120 http://rhn.redhat.com/errata/RHSA-2015-1120.html RHSA-2015:1137 http://rhn.redhat.com/errata/RHSA-2015-1137.html RHSA-2015:1138 http://rhn.redhat.com/errata/RHSA-2015-1138.html RHSA-2015:1190 http://rhn.redhat.com/errata/RHSA-2015-1190.html RHSA-2015:1199 http://rhn.redhat.com/errata/RHSA-2015-1199.html RHSA-2015:1211 http://rhn.redhat.com/errata/RHSA-2015-1211.html SUSE-SU-2015:1224 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html SUSE-SU-2015:1324 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html SUSE-SU-2015:1478 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html SUSE-SU-2015:1487 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html SUSE-SU-2015:1488 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html SUSE-SU-2015:1489 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html SUSE-SU-2015:1490 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html SUSE-SU-2015:1491 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html SUSE-SU-2015:1592 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html SUSE-SU-2015:1611 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html USN-2679-1 http://www.ubuntu.com/usn/USN-2679-1 USN-2680-1 http://www.ubuntu.com/usn/USN-2680-1 USN-2681-1 http://www.ubuntu.com/usn/USN-2681-1 USN-2967-1 http://www.ubuntu.com/usn/USN-2967-1 USN-2967-2 http://www.ubuntu.com/usn/USN-2967-2 [oss-security] 20150606 CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption http://www.openwall.com/lists/oss-security/2015/06/06/2 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045 http://source.android.com/security/bulletin/2016-04-02.html http://source.android.com/security/bulletin/2016-05-01.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://bugzilla.redhat.com/show_bug.cgi?id=1202855 https://github.com/torvalds/linux/commit/637b58c2887e5e57850865839cc75f59184b23d1 https://github.com/torvalds/linux/commit/f0d1bec9d58d4c038d0ac958c9af82be6eb18045
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.