Red Hat Local Security Checks : RedHat Security Advisory RHSA-2003:239

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50947

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2003:239

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2003:239.

The Linux kernel handles the basic functions of the operating system.

Security issues have been found that affect the versions of the Linux
kernel shipped with Red Hat Enterprise Linux:

CVE-2003-0462: Paul Starzetz discovered a file read race condition existing
in the execve() system call, which could cause a local crash.

CVE-2003-0501: The /proc filesystem in Linux allows local users to obtain
sensitive information by opening various entries in /proc/self before
executing a setuid program. This causes the program to fail to change the
ownership and permissions of already opened entries.

CVE-2003-0550: The STP protocol is known to have no security, which could
allow attackers to alter the bridge topology. STP is now turned off by
default.

CVE-2003-0551: STP input processing was lax in its length checking, which
could lead to a denial of service (DoS).

CVE-2003-0552: Jerry Kreuscher discovered that the Forwarding table could
be spoofed by sending forged packets with bogus source addresses the same
as the local host.

CVE-2003-0619: An integer signedness error in the decode_fh function of
nfs3xdr.c allows remote attackers to cause a denial of service (kernel
panic) via a negative size value within XDR data of an NFSv3 procedure call.

CVE-2003-0699: The C-Media PCI sound driver in Linux kernel versions prior
to 2.4.21 accesses userspace without using the get_user function, which is
a potential security hole.

All users are advised to upgrade to these erratum packages, which contain
backported security patches correcting these vulnerabilities.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-239.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0462
Debian Security Information: DSA-358 (Google Search)
http://www.debian.org/security/2004/dsa-358
Debian Security Information: DSA-423 (Google Search)
http://www.debian.org/security/2004/dsa-423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A309
http://www.redhat.com/support/errata/RHSA-2003-198.html
http://www.redhat.com/support/errata/RHSA-2003-238.html
http://www.redhat.com/support/errata/RHSA-2003-239.html
Common Vulnerability Exposure (CVE) ID: CVE-2003-0501
Bugtraq: 20030620 Linux /proc sensitive information disclosure (Google Search)
http://marc.info/?l=bugtraq&m=105621758104242
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A328
SuSE Security Announcement: SuSE-SA:2003:034 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2003-0550
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A380
Common Vulnerability Exposure (CVE) ID: CVE-2003-0551
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A384
Common Vulnerability Exposure (CVE) ID: CVE-2003-0552
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A385
Common Vulnerability Exposure (CVE) ID: CVE-2003-0619
Bugtraq: 20030729 Remote Linux Kernel < 2.4.21 DoS in XDR routine. (Google Search)
http://marc.info/?l=bugtraq&m=105950927708272&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A386
Common Vulnerability Exposure (CVE) ID: CVE-2003-0699
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A387

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50947
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2003:239
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2003:239. The Linux kernel handles the basic functions of the operating system. Security issues have been found that affect the versions of the Linux kernel shipped with Red Hat Enterprise Linux: CVE-2003-0462: Paul Starzetz discovered a file read race condition existing in the execve() system call, which could cause a local crash. CVE-2003-0501: The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program. This causes the program to fail to change the ownership and permissions of already opened entries. CVE-2003-0550: The STP protocol is known to have no security, which could allow attackers to alter the bridge topology. STP is now turned off by default. CVE-2003-0551: STP input processing was lax in its length checking, which could lead to a denial of service (DoS). CVE-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. CVE-2003-0619: An integer signedness error in the decode_fh function of nfs3xdr.c allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. CVE-2003-0699: The C-Media PCI sound driver in Linux kernel versions prior to 2.4.21 accesses userspace without using the get_user function, which is a potential security hole. All users are advised to upgrade to these erratum packages, which contain backported security patches correcting these vulnerabilities. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-239.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0462 Debian Security Information: DSA-358 (Google Search) http://www.debian.org/security/2004/dsa-358 Debian Security Information: DSA-423 (Google Search) http://www.debian.org/security/2004/dsa-423 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A309 http://www.redhat.com/support/errata/RHSA-2003-198.html http://www.redhat.com/support/errata/RHSA-2003-238.html http://www.redhat.com/support/errata/RHSA-2003-239.html Common Vulnerability Exposure (CVE) ID: CVE-2003-0501 Bugtraq: 20030620 Linux /proc sensitive information disclosure (Google Search) http://marc.info/?l=bugtraq&m=105621758104242 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A328 SuSE Security Announcement: SuSE-SA:2003:034 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2003-0550 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A380 Common Vulnerability Exposure (CVE) ID: CVE-2003-0551 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A384 Common Vulnerability Exposure (CVE) ID: CVE-2003-0552 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A385 Common Vulnerability Exposure (CVE) ID: CVE-2003-0619 Bugtraq: 20030729 Remote Linux Kernel < 2.4.21 DoS in XDR routine. (Google Search) http://marc.info/?l=bugtraq&m=105950927708272&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A386 Common Vulnerability Exposure (CVE) ID: CVE-2003-0699 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A387
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com