Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2013-190)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120302

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2013-190)

Resumen: The remote host is missing an update announced via the referenced Security Advisory.

Descripción: Summary:
The remote host is missing an update announced via the referenced Security Advisory.

Vulnerability Insight:
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

Solution:
Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-2094
http://www.exploit-db.com/exploits/33589
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
http://news.ycombinator.com/item?id=5703758
http://packetstormsecurity.com/files/121616/semtex.c
http://twitter.com/djrbliss/statuses/334301992648331267
http://www.reddit.com/r/netsec/comments/1eb9iw
http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html
http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html
http://www.openwall.com/lists/oss-security/2013/05/14/6
http://www.osvdb.org/93361
RedHat Security Advisories: RHSA-2013:0830
http://rhn.redhat.com/errata/RHSA-2013-0830.html
SuSE Security Announcement: SUSE-SU-2013:0819 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html
SuSE Security Announcement: openSUSE-SU-2013:0847 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html
SuSE Security Announcement: openSUSE-SU-2013:0925 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
SuSE Security Announcement: openSUSE-SU-2013:0951 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html
SuSE Security Announcement: openSUSE-SU-2013:1042 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html
http://www.ubuntu.com/usn/USN-1825-1
http://www.ubuntu.com/usn/USN-1826-1
http://www.ubuntu.com/usn/USN-1827-1
http://www.ubuntu.com/usn/USN-1828-1
http://www.ubuntu.com/usn/USN-1836-1
http://www.ubuntu.com/usn/USN-1838-1

Copyright Copyright (C) 2015 Eero Volotinen

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120302
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2013-190)
Resumen:	The remote host is missing an update announced via the referenced Security Advisory.
Descripción:	Summary: The remote host is missing an update announced via the referenced Security Advisory. Vulnerability Insight: The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. Solution: Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2094 http://www.exploit-db.com/exploits/33589 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://news.ycombinator.com/item?id=5703758 http://packetstormsecurity.com/files/121616/semtex.c http://twitter.com/djrbliss/statuses/334301992648331267 http://www.reddit.com/r/netsec/comments/1eb9iw http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html http://www.openwall.com/lists/oss-security/2013/05/14/6 http://www.osvdb.org/93361 RedHat Security Advisories: RHSA-2013:0830 http://rhn.redhat.com/errata/RHSA-2013-0830.html SuSE Security Announcement: SUSE-SU-2013:0819 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html SuSE Security Announcement: openSUSE-SU-2013:0847 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html SuSE Security Announcement: openSUSE-SU-2013:0925 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html SuSE Security Announcement: openSUSE-SU-2013:0951 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html SuSE Security Announcement: openSUSE-SU-2013:1042 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html http://www.ubuntu.com/usn/USN-1825-1 http://www.ubuntu.com/usn/USN-1826-1 http://www.ubuntu.com/usn/USN-1827-1 http://www.ubuntu.com/usn/USN-1828-1 http://www.ubuntu.com/usn/USN-1836-1 http://www.ubuntu.com/usn/USN-1838-1
Copyright	Copyright (C) 2015 Eero Volotinen