Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2017.0494.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2017:0494-1)
Resumen:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2017:0494-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2017:0494-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not
verify that a setkey operation has been performed on an AF_ALG socket
before an accept system call is processed, which allowed local users to
cause a denial of service (NULL pointer dereference and system crash)
via a crafted application that did not supply a key, related to the
lrw_crypt function in crypto/lrw.c (bnc#1008374).
- CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix ACLs
(bsc#1021258).
- CVE-2016-7097: The filesystem implementation in the Linux kernel
preserves the setgid bit during a setxattr call, which allowed local
users to gain group privileges by leveraging the existence of a setgid
program with restrictions on execute permissions (bnc#995968).
- CVE-2016-10088: The sg implementation in the Linux kernel did not
properly restrict write operations in situations where the KERNEL_DS
option is set, which allowed local users to read or write to arbitrary
kernel memory locations or cause a denial of service (use-after-free) by
leveraging access to a /dev/sg device, related to block/bsg.c and
drivers/scsi/sg.c. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2016-9576 (bnc#1017710).
- CVE-2004-0230: TCP, when using a large Window Size, made it easier for
remote attackers to guess sequence numbers and cause a denial of service
(connection loss) to persistent TCP connections by repeatedly injecting
a TCP RST packet, especially in protocols that use long-lived
connections, such as BGP (bnc#969340).
- CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the
Linux kernel did not validate the relationship between the minimum
fragment length and the maximum packet size, which allowed local users
to gain privileges or cause a denial of service (heap-based buffer
overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).
- CVE-2016-8399: An elevation of privilege vulnerability in the kernel
networking subsystem could have enabled a local malicious application to
execute arbitrary code within the context of the kernel bnc#1014746).
- CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the
Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
which allowed local users to cause a denial of service (memory
corruption and system crash) or possibly have unspecified other impact
by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt
system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option
(bnc#1013531).
- CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the
Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,
which allowed local users to cause a denial of service (memory
corruption and system crash) or ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 11-SP3, SUSE Manager 2.1, SUSE Manager Proxy 2.1, SUSE OpenStack Cloud 5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0230
BugTraq ID: 10183
http://www.securityfocus.com/bid/10183
Bugtraq: 20040425 Perl code exploting TCP not checking RST ACK. (Google Search)
http://marc.info/?l=bugtraq&m=108302060014745&w=2
Cert/CC Advisory: TA04-111A
http://www.us-cert.gov/cas/techalerts/TA04-111A.html
CERT/CC vulnerability note: VU#415294
http://www.kb.cert.org/vuls/id/415294
Cisco Security Advisory: 20040420 TCP Vulnerabilities in Multiple IOS-Based Cisco Products
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml
HPdes Security Advisory: HPSBST02161
http://www.securityfocus.com/archive/1/449179/100/0/threaded
HPdes Security Advisory: SSRT061264
HPdes Security Advisory: SSRT4696
http://marc.info/?l=bugtraq&m=108506952116653&w=2
http://www.uniras.gov.uk/vuls/2004/236929/index.htm
Microsoft Security Bulletin: MS05-019
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019
Microsoft Security Bulletin: MS06-064
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064
NETBSD Security Advisory: NetBSD-SA2004-006
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc
http://www.osvdb.org/4030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711
SCO Security Bulletin: SCOSA-2005.14
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt
SCO Security Bulletin: SCOSA-2005.3
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt
SCO Security Bulletin: SCOSA-2005.9
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt
http://secunia.com/advisories/11440
http://secunia.com/advisories/11458
http://secunia.com/advisories/22341
SGI Security Advisory: 20040403-01-A
ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc
http://www.vupen.com/english/advisories/2006/3983
XForce ISS Database: tcp-rst-dos(15886)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15886
Common Vulnerability Exposure (CVE) ID: CVE-2012-6704
BugTraq ID: 95135
http://www.securityfocus.com/bid/95135
http://www.openwall.com/lists/oss-security/2016/12/03/1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1350
BugTraq ID: 76075
http://www.securityfocus.com/bid/76075
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492
http://marc.info/?l=linux-kernel&m=142153722930533&w=2
http://www.openwall.com/lists/oss-security/2015/01/24/5
Common Vulnerability Exposure (CVE) ID: CVE-2015-8956
BugTraq ID: 93326
http://www.securityfocus.com/bid/93326
RedHat Security Advisories: RHSA-2016:2574
http://rhn.redhat.com/errata/RHSA-2016-2574.html
RedHat Security Advisories: RHSA-2016:2584
http://rhn.redhat.com/errata/RHSA-2016-2584.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8962
BugTraq ID: 94187
http://www.securityfocus.com/bid/94187
Common Vulnerability Exposure (CVE) ID: CVE-2015-8964
BugTraq ID: 94138
http://www.securityfocus.com/bid/94138
Common Vulnerability Exposure (CVE) ID: CVE-2015-8970
BugTraq ID: 94217
http://www.securityfocus.com/bid/94217
http://www.openwall.com/lists/oss-security/2016/11/04/3
RedHat Security Advisories: RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:1842
RedHat Security Advisories: RHSA-2017:2077
https://access.redhat.com/errata/RHSA-2017:2077
RedHat Security Advisories: RHSA-2017:2437
https://access.redhat.com/errata/RHSA-2017:2437
RedHat Security Advisories: RHSA-2017:2444
https://access.redhat.com/errata/RHSA-2017:2444
Common Vulnerability Exposure (CVE) ID: CVE-2016-0823
BugTraq ID: 84265
http://www.securityfocus.com/bid/84265
http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-3841
BugTraq ID: 92227
http://www.securityfocus.com/bid/92227
RedHat Security Advisories: RHSA-2016:0855
http://rhn.redhat.com/errata/RHSA-2016-0855.html
RedHat Security Advisories: RHSA-2016:2695
http://rhn.redhat.com/errata/RHSA-2016-2695.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-6828
BugTraq ID: 92452
http://www.securityfocus.com/bid/92452
https://marcograss.github.io/security/linux/2016/08/18/cve-2016-6828-linux-kernel-tcp-uaf.html
http://www.openwall.com/lists/oss-security/2016/08/15/1
RedHat Security Advisories: RHSA-2017:0036
http://rhn.redhat.com/errata/RHSA-2017-0036.html
RedHat Security Advisories: RHSA-2017:0086
http://rhn.redhat.com/errata/RHSA-2017-0086.html
RedHat Security Advisories: RHSA-2017:0091
http://rhn.redhat.com/errata/RHSA-2017-0091.html
RedHat Security Advisories: RHSA-2017:0113
http://rhn.redhat.com/errata/RHSA-2017-0113.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-7042
BugTraq ID: 93544
http://www.securityfocus.com/bid/93544
http://www.openwall.com/lists/oss-security/2016/10/13/5
RedHat Security Advisories: RHSA-2017:0817
http://rhn.redhat.com/errata/RHSA-2017-0817.html
RedHat Security Advisories: RHSA-2017:2669
https://access.redhat.com/errata/RHSA-2017:2669
Common Vulnerability Exposure (CVE) ID: CVE-2016-7097
BugTraq ID: 92659
http://www.securityfocus.com/bid/92659
http://www.spinics.net/lists/linux-fsdevel/msg98328.html
http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2
http://www.openwall.com/lists/oss-security/2016/08/26/3
http://www.securitytracker.com/id/1038201
http://www.ubuntu.com/usn/USN-3146-1
http://www.ubuntu.com/usn/USN-3146-2
http://www.ubuntu.com/usn/USN-3147-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-7117
BugTraq ID: 93304
http://www.securityfocus.com/bid/93304
RedHat Security Advisories: RHSA-2016:2962
http://rhn.redhat.com/errata/RHSA-2016-2962.html
RedHat Security Advisories: RHSA-2017:0031
http://rhn.redhat.com/errata/RHSA-2017-0031.html
RedHat Security Advisories: RHSA-2017:0065
http://rhn.redhat.com/errata/RHSA-2017-0065.html
RedHat Security Advisories: RHSA-2017:0196
http://rhn.redhat.com/errata/RHSA-2017-0196.html
RedHat Security Advisories: RHSA-2017:0215
http://rhn.redhat.com/errata/RHSA-2017-0215.html
RedHat Security Advisories: RHSA-2017:0216
http://rhn.redhat.com/errata/RHSA-2017-0216.html
RedHat Security Advisories: RHSA-2017:0217
http://rhn.redhat.com/errata/RHSA-2017-0217.html
RedHat Security Advisories: RHSA-2017:0270
http://rhn.redhat.com/errata/RHSA-2017-0270.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-7425
BugTraq ID: 93037
http://www.securityfocus.com/bid/93037
http://marc.info/?l=linux-scsi&m=147394796228991&w=2
http://marc.info/?l=linux-scsi&m=147394713328707&w=2
http://www.openwall.com/lists/oss-security/2016/09/17/2
http://www.ubuntu.com/usn/USN-3144-1
http://www.ubuntu.com/usn/USN-3144-2
http://www.ubuntu.com/usn/USN-3145-1
http://www.ubuntu.com/usn/USN-3145-2
Common Vulnerability Exposure (CVE) ID: CVE-2016-7910
BugTraq ID: 94135
http://www.securityfocus.com/bid/94135
RedHat Security Advisories: RHSA-2017:0892
https://access.redhat.com/errata/RHSA-2017:0892
RedHat Security Advisories: RHSA-2017:1297
https://access.redhat.com/errata/RHSA-2017:1297
RedHat Security Advisories: RHSA-2017:1298
https://access.redhat.com/errata/RHSA-2017:1298
RedHat Security Advisories: RHSA-2017:1308
https://access.redhat.com/errata/RHSA-2017:1308
Common Vulnerability Exposure (CVE) ID: CVE-2016-7911
Common Vulnerability Exposure (CVE) ID: CVE-2016-7916
http://www.ubuntu.com/usn/USN-3159-1
http://www.ubuntu.com/usn/USN-3159-2
Common Vulnerability Exposure (CVE) ID: CVE-2016-8399
BugTraq ID: 94708
http://www.securityfocus.com/bid/94708
RedHat Security Advisories: RHSA-2017:0869
https://access.redhat.com/errata/RHSA-2017:0869
RedHat Security Advisories: RHSA-2017:2930
https://access.redhat.com/errata/RHSA-2017:2930
RedHat Security Advisories: RHSA-2017:2931
https://access.redhat.com/errata/RHSA-2017:2931
Common Vulnerability Exposure (CVE) ID: CVE-2016-8632
BugTraq ID: 94211
http://www.securityfocus.com/bid/94211
https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html
http://www.openwall.com/lists/oss-security/2016/11/08/5
Common Vulnerability Exposure (CVE) ID: CVE-2016-8633
BugTraq ID: 94149
http://www.securityfocus.com/bid/94149
https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/
http://www.openwall.com/lists/oss-security/2016/11/06/1
RedHat Security Advisories: RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:0676
RedHat Security Advisories: RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2018:1062
RedHat Security Advisories: RHSA-2019:1170
https://access.redhat.com/errata/RHSA-2019:1170
RedHat Security Advisories: RHSA-2019:1190
https://access.redhat.com/errata/RHSA-2019:1190
Common Vulnerability Exposure (CVE) ID: CVE-2016-8646
BugTraq ID: 94309
http://www.securityfocus.com/bid/94309
http://www.openwall.com/lists/oss-security/2016/11/15/2
Common Vulnerability Exposure (CVE) ID: CVE-2016-9555
BugTraq ID: 94479
http://www.securityfocus.com/bid/94479
http://www.openwall.com/lists/oss-security/2016/11/22/18
RedHat Security Advisories: RHSA-2017:0307
http://rhn.redhat.com/errata/RHSA-2017-0307.html
http://www.securitytracker.com/id/1037339
SuSE Security Announcement: SUSE-SU-2016:3096 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html
SuSE Security Announcement: SUSE-SU-2016:3113 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html
SuSE Security Announcement: SUSE-SU-2016:3116 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html
SuSE Security Announcement: SUSE-SU-2016:3117 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html
SuSE Security Announcement: SUSE-SU-2016:3169 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html
SuSE Security Announcement: SUSE-SU-2016:3183 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html
SuSE Security Announcement: SUSE-SU-2016:3197 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html
SuSE Security Announcement: SUSE-SU-2016:3205 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html
SuSE Security Announcement: SUSE-SU-2016:3206 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html
SuSE Security Announcement: SUSE-SU-2016:3247 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9576
BugTraq ID: 94821
http://www.securityfocus.com/bid/94821
http://www.openwall.com/lists/oss-security/2016/12/08/19
SuSE Security Announcement: SUSE-SU-2016:3146 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html
SuSE Security Announcement: SUSE-SU-2016:3188 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html
SuSE Security Announcement: SUSE-SU-2016:3203 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html
SuSE Security Announcement: SUSE-SU-2016:3217 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html
SuSE Security Announcement: SUSE-SU-2016:3248 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html
SuSE Security Announcement: SUSE-SU-2016:3252 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html
SuSE Security Announcement: openSUSE-SU-2016:3085 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00040.html
SuSE Security Announcement: openSUSE-SU-2016:3086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00041.html
SuSE Security Announcement: openSUSE-SU-2016:3118 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9685
BugTraq ID: 94593
http://www.securityfocus.com/bid/94593
http://www.openwall.com/lists/oss-security/2016/11/30/1
Common Vulnerability Exposure (CVE) ID: CVE-2016-9756
BugTraq ID: 94615
http://www.securityfocus.com/bid/94615
http://www.openwall.com/lists/oss-security/2016/12/01/1
SuSE Security Announcement: openSUSE-SU-2017:0002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9793
BugTraq ID: 94655
http://www.securityfocus.com/bid/94655
https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793
RedHat Security Advisories: RHSA-2017:0931
https://access.redhat.com/errata/RHSA-2017:0931
RedHat Security Advisories: RHSA-2017:0932
https://access.redhat.com/errata/RHSA-2017:0932
RedHat Security Advisories: RHSA-2017:0933
https://access.redhat.com/errata/RHSA-2017:0933
http://www.securitytracker.com/id/1037968
Common Vulnerability Exposure (CVE) ID: CVE-2017-5551
BugTraq ID: 95717
http://www.securityfocus.com/bid/95717
Debian Security Information: DSA-3791 (Google Search)
http://www.debian.org/security/2017/dsa-3791
http://www.openwall.com/lists/oss-security/2017/01/21/3
http://www.securitytracker.com/id/1038053
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.