English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.61417
Categoría:Mandrake Local Security Checks
Título:Mandrake Security Advisory MDVSA-2008:174 (kernel)
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing an update to kernel
announced via advisory MDVSA-2008:174.

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

Linux kernel before 2.6.22.17, when using certain drivers that register
a fault handler that does not perform range checks, allows local users
to access kernel memory via an out-of-range offset. (CVE-2008-0007)

The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and
2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules

and (b) the gxsnmp package
does not properly validate length values
during decoding of ASN.1 BER data, which allows remote attackers
to cause a denial of service (crash) or execute arbitrary code via
(1) a length greater than the working buffer, which can lead to an
unspecified overflow
(2) an oid length of zero, which can lead to
an off-by-one error
or (3) an indefinite length for a primitive
encoding. (CVE-2008-1673)

Linux kernel 2.6.18, and possibly other versions, when running on
AMD64 architectures, allows local users to cause a denial of service
(crash) via certain ptrace calls. (CVE-2008-1615)

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the
Linux kernel before 2.6.25.3 allows remote attackers to cause a
denial of service (memory consumption) via network traffic to a
Simple Internet Transition (SIT) tunnel interface, related to the
pskb_may_pull and kfree_skb functions, and management of an skb
reference count. (CVE-2008-2136)

Integer overflow in the sctp_getsockopt_local_addrs_old function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
functionality in the Linux kernel before 2.6.25.9 allows local users
to cause a denial of service (resource consumption and system outage)
via vectors involving a large addr_num field in an sctp_getaddrs_old
data structure. (CVE-2008-2826)

arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on
some AMD64 systems does not erase destination memory locations after
an exception during kernel memory copy, which allows local users to
obtain sensitive information. (CVE-2008-2729)

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Affected: Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:174

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-0007
1019357
http://securitytracker.com/id?1019357
20080208 rPSA-2008-0048-1 kernel
http://www.securityfocus.com/archive/1/487808/100/0/threaded
27686
http://www.securityfocus.com/bid/27686
27705
http://www.securityfocus.com/bid/27705
28806
http://secunia.com/advisories/28806
28826
http://secunia.com/advisories/28826
29058
http://secunia.com/advisories/29058
29570
http://secunia.com/advisories/29570
30018
http://secunia.com/advisories/30018
30110
http://secunia.com/advisories/30110
30112
http://secunia.com/advisories/30112
30116
http://secunia.com/advisories/30116
30769
http://secunia.com/advisories/30769
31246
http://secunia.com/advisories/31246
33280
http://secunia.com/advisories/33280
ADV-2008-0445
http://www.vupen.com/english/advisories/2008/0445/references
ADV-2008-2222
http://www.vupen.com/english/advisories/2008/2222/references
DSA-1503
http://www.debian.org/security/2008/dsa-1503
DSA-1504
http://www.debian.org/security/2008/dsa-1504
DSA-1565
http://www.debian.org/security/2008/dsa-1565
MDVSA-2008:044
http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
MDVSA-2008:072
http://www.mandriva.com/security/advisories?name=MDVSA-2008:072
MDVSA-2008:112
http://www.mandriva.com/security/advisories?name=MDVSA-2008:112
MDVSA-2008:174
http://www.mandriva.com/security/advisories?name=MDVSA-2008:174
RHSA-2008:0211
http://www.redhat.com/support/errata/RHSA-2008-0211.html
RHSA-2008:0233
http://www.redhat.com/support/errata/RHSA-2008-0233.html
RHSA-2008:0237
http://www.redhat.com/support/errata/RHSA-2008-0237.html
RHSA-2008:0787
http://www.redhat.com/support/errata/RHSA-2008-0787.html
SUSE-SA:2008:006
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
SUSE-SA:2008:017
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
USN-618-1
http://www.ubuntu.com/usn/usn-618-1
[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix
http://lists.vmware.com/pipermail/security-announce/2008/000023.html
[linux-kernel] 20080206 [patch 60/73] vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007)
http://lkml.org/lkml/2008/2/6/457
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.17
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1
oval:org.mitre.oval:def:9412
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9412
Common Vulnerability Exposure (CVE) ID: CVE-2008-1673
1020210
http://www.securitytracker.com/id?1020210
20080611 rPSA-2008-0189-1 kernel xen
http://www.securityfocus.com/archive/1/493300/100/0/threaded
29589
http://www.securityfocus.com/bid/29589
30000
http://secunia.com/advisories/30000
30580
http://secunia.com/advisories/30580
30644
http://secunia.com/advisories/30644
30658
http://secunia.com/advisories/30658
30982
http://secunia.com/advisories/30982
31107
http://secunia.com/advisories/31107
31836
http://secunia.com/advisories/31836
32103
http://secunia.com/advisories/32103
32104
http://secunia.com/advisories/32104
32370
http://secunia.com/advisories/32370
32759
http://secunia.com/advisories/32759
ADV-2008-1770
http://www.vupen.com/english/advisories/2008/1770
DSA-1592
http://www.debian.org/security/2008/dsa-1592
FEDORA-2008-5308
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00587.html
MDVSA-2008:113
http://www.mandriva.com/security/advisories?name=MDVSA-2008:113
SUSE-SA:2008:035
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html
SUSE-SA:2008:038
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html
SUSE-SA:2008:047
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html
SUSE-SA:2008:048
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html
SUSE-SA:2008:049
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
SUSE-SA:2008:052
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
SUSE-SR:2008:025
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
USN-625-1
http://www.ubuntu.com/usn/usn-625-1
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ddb2c43594f22843e9f3153da151deaba1a834c5
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0189
https://bugzilla.redhat.com/show_bug.cgi?id=443962
linux-kernel-ber-decoder-bo(42921)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42921
Common Vulnerability Exposure (CVE) ID: CVE-2008-1615
BugTraq ID: 29086
http://www.securityfocus.com/bid/29086
Debian Security Information: DSA-1588 (Google Search)
http://www.debian.org/security/2008/dsa-1588
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00357.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
https://bugzilla.redhat.com/show_bug.cgi?id=431430
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9563
http://www.redhat.com/support/errata/RHSA-2008-0275.html
http://www.redhat.com/support/errata/RHSA-2008-0585.html
http://www.securitytracker.com/id?1020047
http://secunia.com/advisories/30252
http://secunia.com/advisories/30294
http://secunia.com/advisories/30368
http://secunia.com/advisories/30818
http://secunia.com/advisories/30890
http://secunia.com/advisories/30962
http://secunia.com/advisories/31628
SuSE Security Announcement: SUSE-SA:2008:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
SuSE Security Announcement: SUSE-SA:2008:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html
SuSE Security Announcement: SUSE-SA:2008:032 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
SuSE Security Announcement: SUSE-SA:2008:035 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:038 (Google Search)
XForce ISS Database: linux-kernel-processtrace-dos(42278)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42278
Common Vulnerability Exposure (CVE) ID: CVE-2008-2136
BugTraq ID: 29235
http://www.securityfocus.com/bid/29235
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00294.html
http://marc.info/?l=linux-netdev&m=121031533024912&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11038
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6503
http://www.redhat.com/support/errata/RHSA-2008-0607.html
http://www.redhat.com/support/errata/RHSA-2008-0612.html
http://www.redhat.com/support/errata/RHSA-2008-0973.html
http://www.securitytracker.com/id?1020118
http://secunia.com/advisories/30198
http://secunia.com/advisories/30241
http://secunia.com/advisories/30276
http://secunia.com/advisories/30499
http://secunia.com/advisories/31198
http://secunia.com/advisories/31341
http://secunia.com/advisories/31689
http://secunia.com/advisories/33201
http://www.vupen.com/english/advisories/2008/1543/references
http://www.vupen.com/english/advisories/2008/1716/references
XForce ISS Database: linux-kernel-ipip6rcv-dos(42451)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42451
Common Vulnerability Exposure (CVE) ID: CVE-2008-2826
BugTraq ID: 29990
http://www.securityfocus.com/bid/29990
Debian Security Information: DSA-1630 (Google Search)
http://www.debian.org/security/2008/dsa-1630
http://www.securitytracker.com/id?1020514
http://secunia.com/advisories/30901
http://secunia.com/advisories/31202
http://secunia.com/advisories/31551
SuSE Security Announcement: SUSE-SA:2008:037 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html
SuSE Security Announcement: SUSE-SA:2008:052 (Google Search)
http://www.vupen.com/english/advisories/2008/2511
XForce ISS Database: linux-kernel-sctpgetsockopt-dos(43559)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43559
Common Vulnerability Exposure (CVE) ID: CVE-2008-2729
BugTraq ID: 29943
http://www.securityfocus.com/bid/29943
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11571
RedHat Security Advisories: RHSA-2008:0508
http://rhn.redhat.com/errata/RHSA-2008-0508.html
http://www.redhat.com/support/errata/RHSA-2008-0519.html
http://www.securitytracker.com/id?1020364
http://secunia.com/advisories/30849
http://secunia.com/advisories/30850
XForce ISS Database: linux-kernel-destination-info-disclosure(43558)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43558
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.