ID de Prueba:	1.3.6.1.4.1.25623.1.0.64677
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:205 (kernel)
Resumen:	The remote host is missing an update to kernel;announced via advisory MDVSA-2009:205.
Descripción:	Summary: The remote host is missing an update to kernel announced via advisory MDVSA-2009:205. Vulnerability Insight: A vulnerability was discovered and corrected in the Linux 2.6 kernel: The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation on a PF_PPPOX socket. (CVE-2009-2692) To update your kernel, please follow the directions linked in the references. Affected Software/OS: Mandrake 2009.0, 2009.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2692 BugTraq ID: 36038 http://www.securityfocus.com/bid/36038 Bugtraq: 20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations (Google Search) http://www.securityfocus.com/archive/1/505751/100/0/threaded Bugtraq: 20090818 rPSA-2009-0121-1 kernel open-vm-tools (Google Search) http://www.securityfocus.com/archive/1/505912/100/0/threaded Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search) http://www.securityfocus.com/archive/1/512019/100/0/threaded Debian Security Information: DSA-1865 (Google Search) http://www.debian.org/security/2009/dsa-1865 http://www.exploit-db.com/exploits/19933 http://www.exploit-db.com/exploits/9477 http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:233 http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html http://grsecurity.net/~spender/wunderbar_emporium.tgz http://zenthought.org/content/file/android-root-2009-08-16-source http://www.openwall.com/lists/oss-security/2009/08/14/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657 RedHat Security Advisories: RHSA-2009:1222 http://rhn.redhat.com/errata/RHSA-2009-1222.html RedHat Security Advisories: RHSA-2009:1223 http://rhn.redhat.com/errata/RHSA-2009-1223.html http://www.redhat.com/support/errata/RHSA-2009-1233.html http://secunia.com/advisories/36278 http://secunia.com/advisories/36289 http://secunia.com/advisories/36327 http://secunia.com/advisories/36430 http://secunia.com/advisories/37298 http://secunia.com/advisories/37471 SuSE Security Announcement: SUSE-SR:2009:015 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://www.vupen.com/english/advisories/2009/2272 http://www.vupen.com/english/advisories/2009/3316
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.