English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 92797 CVE descriptions
and 51507 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63681
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1749-1 (linux-2.6)
Summary:Debian Security Advisory DSA 1749-1 (linux-2.6)
Description:Description:
The remote host is missing an update to linux-2.6
announced via advisory DSA 1749-1.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following
problems:

CVE-2009-0029

Christian Borntraeger discovered an issue effecting the alpha,
mips, powerpc, s390 and sparc64 architectures that allows local
users to cause a denial of service or potentially gain elevated
privileges.

CVE-2009-0031

Vegard Nossum discovered a memory leak in the keyctl subsystem
that allows local users to cause a denial of service by consuming
all of kernel memory.

CVE-2009-0065

Wei Yongjun discovered a memory overflow in the SCTP
implementation that can be triggered by remote users.

CVE-2009-0269

Duane Griffin provided a fix for an issue in the eCryptfs
subsystem which allows local users to cause a denial of service
(fault or memory corruption).

CVE-2009-0322

Pavel Roskin provided a fix for an issue in the dell_rbu driver
that allows a local user to cause a denial of service (oops) by
reading 0 byts from a sysfs entry.

CVE-2009-0676

Clement LECIGNE discovered a bug in the sock_getsockopt function
that may result in leaking sensitive kernel memory.

CVE-2009-0675

Roel Kluin discovered inverted logic in the skfddi driver that
permits local, unprivileged users to reset the driver statistics.

CVE-2009-0745

Peter Kerwien discovered an issue in the ext4 filesystem that
allows local users to cause a denial of service (kernel oops)
during a resize operation.

CVE-2009-0746

Sami Liedes reported an issue in the ext4 filesystem that allows
local users to cause a denial of service (kernel oops) when
accessing a specially crafted corrupt filesystem.

CVE-2009-0747

David Maciejak reported an issue in the ext4 filesystem that
allows local users to cause a denial of service (kernel oops) when
mounting a specially crafted corrupt filesystem.

CVE-2009-0748

David Maciejak reported an additional issue in the ext4 filesystem
that allows local users to cause a denial of service (kernel oops)
when mounting a specially crafted corrupt filesystem.

For the stable distribution (lenny), these problems have been fixed in
version 2.6.26-13lenny2.

For the oldstable distribution (etch), these problems, where applicable,
will be fixed in future updates to linux-2.6 and linux-2.6.24.

We recommend that you upgrade your linux-2.6 packages.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201749-1

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0029
http://marc.info/?l=linux-kernel&m=123155111608910&w=2
Debian Security Information: DSA-1749 (Google Search)
http://www.debian.org/security/2009/dsa-1749
Debian Security Information: DSA-1787 (Google Search)
http://www.debian.org/security/2009/dsa-1787
Debian Security Information: DSA-1794 (Google Search)
http://www.debian.org/security/2009/dsa-1794
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135
SuSE Security Announcement: SUSE-SA:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
BugTraq ID: 33275
http://www.securityfocus.com/bid/33275
http://secunia.com/advisories/33477
http://secunia.com/advisories/33674
http://secunia.com/advisories/34394
http://secunia.com/advisories/34981
http://secunia.com/advisories/35011
Common Vulnerability Exposure (CVE) ID: CVE-2009-0031
http://www.openwall.com/lists/oss-security/2009/01/19/4
RedHat Security Advisories: RHSA-2009:0264
http://rhn.redhat.com/errata/RHSA-2009-0264.html
http://www.redhat.com/support/errata/RHSA-2009-0331.html
http://www.redhat.com/support/errata/RHSA-2009-0360.html
http://www.ubuntu.com/usn/usn-751-1
http://osvdb.org/51501
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11386
http://secunia.com/advisories/33858
http://secunia.com/advisories/34252
http://secunia.com/advisories/34502
http://secunia.com/advisories/34762
Common Vulnerability Exposure (CVE) ID: CVE-2009-0065
http://www.openwall.com/lists/oss-security/2009/01/05/1
HPdes Security Advisory: HPSBNS02449
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832118
HPdes Security Advisory: SSSRT090149
http://www.redhat.com/support/errata/RHSA-2009-0053.html
http://www.redhat.com/support/errata/RHSA-2009-1055.html
SuSE Security Announcement: SUSE-SA:2009:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
SuSE Security Announcement: SUSE-SA:2009:031 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
BugTraq ID: 33113
http://www.securityfocus.com/bid/33113
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10872
http://www.securitytracker.com/id?1022698
http://secunia.com/advisories/34680
http://secunia.com/advisories/35174
http://secunia.com/advisories/35390
http://secunia.com/advisories/35394
http://secunia.com/advisories/36191
http://www.vupen.com/english/advisories/2009/0029
http://secunia.com/advisories/33854
http://www.vupen.com/english/advisories/2009/2193
Common Vulnerability Exposure (CVE) ID: CVE-2009-0269
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
https://lists.launchpad.net/ecryptfs-devel/msg00010.html
https://lists.launchpad.net/ecryptfs-devel/msg00011.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:118
http://www.redhat.com/support/errata/RHSA-2009-0326.html
BugTraq ID: 33412
http://www.securityfocus.com/bid/33412
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8169
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8944
http://secunia.com/advisories/33758
http://secunia.com/advisories/37471
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: linux-kernel-readlink-bo(48188)
http://xforce.iss.net/xforce/xfdb/48188
Common Vulnerability Exposure (CVE) ID: CVE-2009-0322
BugTraq ID: 33428
http://www.securityfocus.com/bid/33428
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10163
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7734
http://secunia.com/advisories/33656
Common Vulnerability Exposure (CVE) ID: CVE-2009-0676
http://lkml.org/lkml/2009/2/12/123
http://openwall.com/lists/oss-security/2009/02/20/1
http://marc.info/?l=linux-kernel&m=123540732700371&w=2
http://www.openwall.com/lists/oss-security/2009/02/24/1
http://www.openwall.com/lists/oss-security/2009/03/02/6
http://www.mandriva.com/security/advisories?name=MDVSA-2009:071
RedHat Security Advisories: RHSA-2009:0459
http://rhn.redhat.com/errata/RHSA-2009-0459.html
SuSE Security Announcement: SUSE-SA:2009:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html
BugTraq ID: 33846
http://www.securityfocus.com/bid/33846
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11653
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8618
http://secunia.com/advisories/34786
http://secunia.com/advisories/34962
XForce ISS Database: kernel-sock-information-disclosure(48847)
http://xforce.iss.net/xforce/xfdb/48847
Common Vulnerability Exposure (CVE) ID: CVE-2009-0675
http://lists.openwall.net/netdev/2009/01/28/90
http://openwall.com/lists/oss-security/2009/02/20/2
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11529
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8685
http://secunia.com/advisories/33938
Common Vulnerability Exposure (CVE) ID: CVE-2009-0745
RedHat Security Advisories: RHSA-2009:1243
http://rhn.redhat.com/errata/RHSA-2009-1243.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10942
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7765
http://secunia.com/advisories/36562
http://www.vupen.com/english/advisories/2009/0509
Common Vulnerability Exposure (CVE) ID: CVE-2009-0746
http://osvdb.org/52202
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10342
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8039
XForce ISS Database: linux-kernel-makeindexeddir-ext4-dos(48872)
http://xforce.iss.net/xforce/xfdb/48872
Common Vulnerability Exposure (CVE) ID: CVE-2009-0747
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8585
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9200
Common Vulnerability Exposure (CVE) ID: CVE-2009-0748
http://osvdb.org/52203
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10683
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8526
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 51507 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.