English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57036
Category:Trustix Local Security Checks
Title:Trustix Security Advisory TSLSA-2006-0037 (kernel, netpbm)
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory TSLSA-2006-0037.

kernel < TSL 3.0 >
- New upstream.
- Module qlogicfc successfully replaced with qla2xxx.
- Added scsi_transport_spi to initrd module list.
- SECURITY FIX: A race condition error in the posix-cpu-timers.c
script that does not prevent another CPU from attaching the timer
to an exiting process, which could be exploited by attackers to
cause a denial of service.
- Flaw due to errors in powerpc/kernel/signal_32.c and
powerpc/kernel/signal_32.c, which could allow userspace to
provoke a machine check on 32-bit kernels.
- An infinite loop in netfilter/xt_sctp.c, which could be exploited
by attackers to exhaust all available memory resources, creating
a denial of service condition.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2006-2445, CVE-2006-2448 and
CVE-2006-3085 to this issue.

netpbm < TSL 3.0 > < TSL 2.2 >
- SECURITY Fix: A vulnerability has been reported in NetPBM, caused due
to an off-by-one boundary error within pamtofits. This can be
exploited to cause a single byte buffer overflow when processing
a specially crafted input file.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

https://secure1.securityspace.com/smysecure/catid.html?in=TSLSA-2006-0037

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-2445
BugTraq ID: 18615
http://www.securityfocus.com/bid/18615
Bugtraq: 20060623 rPSA-2006-0110-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/438168/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
http://www.mandriva.com/security/advisories?name=MDKSA-2006:151
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=30f1e3dd8c72abda343bcf415f7d8894a02b4290
http://marc.info/?l=linux-kernel&m=115015841413687
http://www.osvdb.org/26947
http://secunia.com/advisories/20703
http://secunia.com/advisories/20831
http://secunia.com/advisories/20991
http://secunia.com/advisories/21045
http://secunia.com/advisories/21179
SuSE Security Announcement: SUSE-SA:2006:042 (Google Search)
http://www.novell.com/linux/security/advisories/2006_42_kernel.html
http://www.trustix.org/errata/2006/0037
http://www.ubuntu.com/usn/usn-311-1
http://www.vupen.com/english/advisories/2006/2451
XForce ISS Database: linux-runposixcputimers-dos(27380)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27380
Common Vulnerability Exposure (CVE) ID: CVE-2006-2448
18616
http://www.securityfocus.com/bid/18616
2006-0037
20060623 rPSA-2006-0110-1 kernel
20703
20831
20991
21179
21465
http://secunia.com/advisories/21465
21498
http://secunia.com/advisories/21498
22417
http://secunia.com/advisories/22417
ADV-2006-2451
RHSA-2006:0575
http://www.redhat.com/support/errata/RHSA-2006-0575.html
SUSE-SA:2006:042
SUSE-SA:2006:047
http://www.novell.com/linux/security/advisories/2006_47_kernel.html
USN-311-1
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c85d1f9d358b24c5b05c3a2783a78423775a080
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.21
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194215
oval:org.mitre.oval:def:10040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10040
Common Vulnerability Exposure (CVE) ID: CVE-2006-3085
BugTraq ID: 18550
http://www.securityfocus.com/bid/18550
http://www.osvdb.org/26680
http://securitytracker.com/id?1016347
SuSE Security Announcement: SUSE-SA:2006:047 (Google Search)
XForce ISS Database: linux-xt-sctp-dos(27384)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27384
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.