Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:034-2 (kernel)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66926

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:034-2 (kernel)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to kernel
announced via advisory MDVSA-2010:034-2.

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

Array index error in the gdth_read_event function in
drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows
local users to cause a denial of service or possibly gain privileges
via a negative event index in an IOCTL request. (CVE-2009-3080)

The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the
Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified
impact via a crafted HDLC packet that arrives over ISDN and triggers
a buffer under-read. (CVE-2009-4005)

Additionally, the Linux kernel was updated to the stable release
2.6.27.45.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Update:

The nvidia173-kernel x86_64 packages was missing with MDVSA-2010:034
for the Enterprise 5 product. This advisory provides the missing
packages.

Affected: Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:034-2

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3080
37068
http://www.securityfocus.com/bid/37068
37435
http://secunia.com/advisories/37435
37720
http://secunia.com/advisories/37720
37909
http://secunia.com/advisories/37909
38017
http://secunia.com/advisories/38017
38276
http://secunia.com/advisories/38276
DSA-2005
http://www.debian.org/security/2010/dsa-2005
FEDORA-2009-13098
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html
MDVSA-2010:030
http://www.mandriva.com/security/advisories?name=MDVSA-2010:030
MDVSA-2011:051
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
RHSA-2010:0041
http://www.redhat.com/support/errata/RHSA-2010-0041.html
RHSA-2010:0046
https://rhn.redhat.com/errata/RHSA-2010-0046.html
RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
RHSA-2010:0882
http://www.redhat.com/support/errata/RHSA-2010-0882.html
SUSE-SA:2009:061
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
SUSE-SA:2009:064
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
SUSE-SA:2010:001
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
SUSE-SA:2010:005
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
SUSE-SA:2010:013
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
USN-864-1
http://www.ubuntu.com/usn/usn-864-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0
http://support.avaya.com/css/P8/documents/100073666
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8
http://www.vmware.com/security/advisories/VMSA-2011-0009.html
oval:org.mitre.oval:def:10989
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989
oval:org.mitre.oval:def:12862
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862
oval:org.mitre.oval:def:7101
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101
Common Vulnerability Exposure (CVE) ID: CVE-2009-4005
BugTraq ID: 37036
http://www.securityfocus.com/bid/37036
Debian Security Information: DSA-2005 (Google Search)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11155
SuSE Security Announcement: SUSE-SA:2009:061 (Google Search)
SuSE Security Announcement: SUSE-SA:2009:064 (Google Search)
SuSE Security Announcement: SUSE-SA:2010:001 (Google Search)
SuSE Security Announcement: SUSE-SA:2010:005 (Google Search)
SuSE Security Announcement: SUSE-SA:2010:013 (Google Search)
http://www.vupen.com/english/advisories/2009/3267
XForce ISS Database: kernel-hfcusb-privilege-escalation(54310)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54310

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66926
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:034-2 (kernel)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to kernel announced via advisory MDVSA-2010:034-2. Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. (CVE-2009-3080) The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005) Additionally, the Linux kernel was updated to the stable release 2.6.27.45. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate Update: The nvidia173-kernel x86_64 packages was missing with MDVSA-2010:034 for the Enterprise 5 product. This advisory provides the missing packages. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:034-2 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3080 37068 http://www.securityfocus.com/bid/37068 37435 http://secunia.com/advisories/37435 37720 http://secunia.com/advisories/37720 37909 http://secunia.com/advisories/37909 38017 http://secunia.com/advisories/38017 38276 http://secunia.com/advisories/38276 DSA-2005 http://www.debian.org/security/2010/dsa-2005 FEDORA-2009-13098 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html MDVSA-2010:030 http://www.mandriva.com/security/advisories?name=MDVSA-2010:030 MDVSA-2011:051 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 RHSA-2010:0041 http://www.redhat.com/support/errata/RHSA-2010-0041.html RHSA-2010:0046 https://rhn.redhat.com/errata/RHSA-2010-0046.html RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html RHSA-2010:0882 http://www.redhat.com/support/errata/RHSA-2010-0882.html SUSE-SA:2009:061 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html SUSE-SA:2009:064 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html SUSE-SA:2010:001 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html SUSE-SA:2010:005 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html SUSE-SA:2010:013 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html USN-864-1 http://www.ubuntu.com/usn/usn-864-1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0 http://support.avaya.com/css/P8/documents/100073666 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8 http://www.vmware.com/security/advisories/VMSA-2011-0009.html oval:org.mitre.oval:def:10989 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989 oval:org.mitre.oval:def:12862 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862 oval:org.mitre.oval:def:7101 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101 Common Vulnerability Exposure (CVE) ID: CVE-2009-4005 BugTraq ID: 37036 http://www.securityfocus.com/bid/37036 Debian Security Information: DSA-2005 (Google Search) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11155 SuSE Security Announcement: SUSE-SA:2009:061 (Google Search) SuSE Security Announcement: SUSE-SA:2009:064 (Google Search) SuSE Security Announcement: SUSE-SA:2010:001 (Google Search) SuSE Security Announcement: SUSE-SA:2010:005 (Google Search) SuSE Security Announcement: SUSE-SA:2010:013 (Google Search) http://www.vupen.com/english/advisories/2009/3267 XForce ISS Database: kernel-hfcusb-privilege-escalation(54310) https://exchange.xforce.ibmcloud.com/vulnerabilities/54310
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com