English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 94899 CVE descriptions
and 51984 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66289
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2009:301 (kernel)
Summary:Mandriva Security Advisory MDVSA-2009:301 (kernel)
Description:Description:
The remote host is missing an update to kernel
announced via advisory MDVSA-2009:301.

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

Memory leak in the appletalk subsystem in the Linux kernel 2.4.x
through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and
ipddp modules are loaded but the ipddpN device is not found, allows
remote attackers to cause a denial of service (memory consumption)
via IP-DDP datagrams. (CVE-2009-2903)

Multiple race conditions in fs/pipe.c in the Linux kernel before
2.6.32-rc6 allow local users to cause a denial of service (NULL pointer
dereference and system crash) or gain privileges by attempting to
open an anonymous pipe via a /proc/*/fd/ pathname. (CVE-2009-3547)

The tcf_fill_node function in net/sched/cls_api.c in the netlink
subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6
and earlier, does not initialize a certain tcm__pad2 structure member,
which might allow local users to obtain sensitive information from
kernel memory via unspecified vectors. NOTE: this issue exists
because of an incomplete fix for CVE-2005-4881. (CVE-2009-3612)

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows
local users to cause a denial of service (system hang) by creating an
abstract-namespace AF_UNIX listening socket, performing a shutdown
operation on this socket, and then performing a series of connect
operations to this socket. (CVE-2009-3621)

Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function
in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel
before 2.6.31.4 allows local users to have an unspecified impact
via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl
function. (CVE-2009-3638)

The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in
the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause
a denial of service (NULL pointer dereference and panic) by sending a
certain response containing incorrect file attributes, which trigger
attempted use of an open file that lacks NFSv4 state. (CVE-2009-3726)

Additionaly, it includes the fixes from the stable kernel version
2.6.27.39. It also fixes issues with the bnx2 module in which the
machine could become unresponsive. For details, see the package
changelog.

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

Affected: Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:301

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2903
http://www.openwall.com/lists/oss-security/2009/09/14/1
http://www.openwall.com/lists/oss-security/2009/09/14/2
http://www.openwall.com/lists/oss-security/2009/09/17/11
http://www.mandriva.com/security/advisories?name=MDVSA-2009:329
SuSE Security Announcement: SUSE-SA:2009:061 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
SuSE Security Announcement: SUSE-SA:2009:064 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
SuSE Security Announcement: SUSE-SA:2010:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
SuSE Security Announcement: SUSE-SA:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
http://www.ubuntu.com/usn/USN-852-1
BugTraq ID: 36379
http://www.securityfocus.com/bid/36379
http://secunia.com/advisories/36707
http://secunia.com/advisories/37909
http://secunia.com/advisories/37105
Common Vulnerability Exposure (CVE) ID: CVE-2009-3547
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/512019/100/0/threaded
http://lkml.org/lkml/2009/10/14/184
http://lkml.org/lkml/2009/10/21/42
http://marc.info/?l=oss-security&m=125724568017045&w=2
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html
RedHat Security Advisories: RHSA-2009:1540
https://rhn.redhat.com/errata/RHSA-2009-1540.html
RedHat Security Advisories: RHSA-2009:1541
https://rhn.redhat.com/errata/RHSA-2009-1541.html
RedHat Security Advisories: RHSA-2009:1548
https://rhn.redhat.com/errata/RHSA-2009-1548.html
RedHat Security Advisories: RHSA-2009:1550
https://rhn.redhat.com/errata/RHSA-2009-1550.html
http://www.redhat.com/support/errata/RHSA-2009-1672.html
SuSE Security Announcement: SUSE-SA:2009:054 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
SuSE Security Announcement: SUSE-SA:2009:056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
SuSE Security Announcement: SUSE-SA:2010:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
http://www.ubuntu.com/usn/usn-864-1
BugTraq ID: 36901
http://www.securityfocus.com/bid/36901
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11513
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7608
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9327
http://secunia.com/advisories/37351
http://secunia.com/advisories/38017
http://secunia.com/advisories/38794
http://secunia.com/advisories/38834
http://www.vupen.com/english/advisories/2010/0528
Common Vulnerability Exposure (CVE) ID: CVE-2005-4881
http://marc.info/?l=git-commits-head&m=112002138324380
http://www.openwall.com/lists/oss-security/2009/09/05/2
http://www.openwall.com/lists/oss-security/2009/09/06/2
http://www.openwall.com/lists/oss-security/2009/09/07/2
http://www.openwall.com/lists/oss-security/2009/09/17/1
http://www.openwall.com/lists/oss-security/2009/09/17/9
http://www.redhat.com/support/errata/RHSA-2009-1522.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11744
http://secunia.com/advisories/37084
Common Vulnerability Exposure (CVE) ID: CVE-2009-3612
http://www.openwall.com/lists/oss-security/2009/10/14/2
http://www.openwall.com/lists/oss-security/2009/10/15/1
http://www.openwall.com/lists/oss-security/2009/10/14/1
http://www.openwall.com/lists/oss-security/2009/10/15/3
http://www.redhat.com/support/errata/RHSA-2009-1670.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10395
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7557
http://secunia.com/advisories/37086
Common Vulnerability Exposure (CVE) ID: CVE-2009-3621
http://lkml.org/lkml/2009/10/19/50
http://www.openwall.com/lists/oss-security/2009/10/19/2
http://www.openwall.com/lists/oss-security/2009/10/19/4
http://www.redhat.com/support/errata/RHSA-2009-1671.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6895
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9921
Common Vulnerability Exposure (CVE) ID: CVE-2009-3638
http://marc.info/?l=oss-security&m=125628917011048&w=2
http://marc.info/?l=oss-security&m=125632898507373&w=2
BugTraq ID: 36803
http://www.securityfocus.com/bid/36803
XForce ISS Database: linux-kernel-supportedcpuid-code-execution(53934)
http://xforce.iss.net/xforce/xfdb/53934
Common Vulnerability Exposure (CVE) ID: CVE-2009-3726
http://www.spinics.net/linux/lists/linux-nfs/msg03357.html
http://www.openwall.com/lists/oss-security/2009/11/05/1
http://www.openwall.com/lists/oss-security/2009/11/05/4
Debian Security Information: DSA-2005 (Google Search)
http://www.debian.org/security/2010/dsa-2005
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://www.redhat.com/support/errata/RHSA-2010-0474.html
BugTraq ID: 36936
http://www.securityfocus.com/bid/36936
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6636
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9734
http://secunia.com/advisories/40218
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 51984 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.