| Beschreibung: | Description:
The remote host is missing an update to linux-2.6
announced via advisory DSA 1872-1.
Several vulnerabilities have been discovered in the Linux kernel that
may lead to denial of service, privilege escalation or a leak of
sensitive memory. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-2698
Herbert Xu discovered an issue in the way UDP tracks corking
status that could allow local users to cause a denial of service
(system crash). Tavis Ormandy and Julien Tinnes discovered that
this issue could also be used by local users to gain elevated
privileges.
CVE-2009-2846
Michael Buesch noticed a typing issue in the eisa-eeprom driver
for the hppa architecture. Local users could exploit this issue to
gain access to restricted memory.
CVE-2009-2847
Ulrich Drepper noticed an issue in the do_sigalstack routine on
64-bit systems. This issue allows local users to gain access to
potentially sensitive memory on the kernel stack.
CVE-2009-2848
Eric Dumazet discovered an issue in the execve path, where the
clear_child_tid variable was not being properly cleared. Local
users could exploit this issue to cause a denial of service
(memory corruption).
CVE-2009-2849
Neil Brown discovered an issue in the sysfs interface to md
devices. When md arrays are not active, local users can exploit
this vulnerability to cause a denial of service (oops).
For the oldstable distribution (etch), this problem has been fixed in
version 2.6.18.dfsg.1-24etch4.
We recommend that you upgrade your linux-2.6, fai-kernels, and
Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201872-1
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:N
|
