ID de Prueba:	1.3.6.1.4.1.25623.1.0.51818
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2005:930
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2005:930. The following issues have been fixed in the associated files: 1 a.out local DoS (CVE-2004-1074) 2 IGMP vulnerability (CVE-2004-1137) 3 uselib local privilege escalation vulnerability (CVE-2004-1235) 4 LSM Module Local Privilege Elevation (CAN 2004-1337) 5 i386 SMP page fault handler privilege escalation (CVE-2005-0001) 6 SHM insufficient permission checking (CVE-2005-0176) 7 Local DoS in nls_ascii.c (CVE-2005-0177) 8 setsid local DoS (CVE-2005-0178) 9 mlockall local DoS (CVE-2005-0179) 10 Integer signedness errors in scsi functions (CVE-2005-0180) 11 NFS client O_DIRECT error (CVE-2005-0207) 12 /proc heap overflow (CVE-2005-0529) 13 Signedess error in n_tty.c (CVE-2005-0530) 14 Possible buffer oferflow in atm_get_addr() (CVE-2005-0531) 15 read/write VFS range checking Please note that a number of drivers included in this package have known issues, including those for NVidia, and winmodem drivers slmodem and ltmodem. For complete details, please visit the referenced advisory. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://linux.bkbits.net:8080/linux-2.6/cset@41db2d65wbgJvuXTv4x9_quExW0vEA http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html http://linux.bkbits.net:8080/linux-2.6/patch@1.1966.1.68 http://linux.bkbits.net:8080/linux-2.6/patch@1.1966.1.67 http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2005:930 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1074 BugTraq ID: 11754 http://www.securityfocus.com/bid/11754 Bugtraq: 20041216 [USN-39-1] Linux amd64 kernel vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110322596918807&w=2 Conectiva Linux advisory: CLA-2005:930 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 Debian Security Information: DSA-1067 (Google Search) http://www.debian.org/security/2006/dsa-1067 Debian Security Information: DSA-1069 (Google Search) http://www.debian.org/security/2006/dsa-1069 Debian Security Information: DSA-1070 (Google Search) http://www.debian.org/security/2006/dsa-1070 Debian Security Information: DSA-1082 (Google Search) http://www.debian.org/security/2006/dsa-1082 https://bugzilla.fedora.us/show_bug.cgi?id=2336 http://www.mandriva.com/security/advisories?name=MDKSA-2005:022 http://marc.info/?l=linux-kernel&m=110021173607372&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9751 http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 http://www.trustix.org/errata/2005/0001/ XForce ISS Database: linux-aout-binary-dos(18290) https://exchange.xforce.ibmcloud.com/vulnerabilities/18290 Common Vulnerability Exposure (CVE) ID: CVE-2004-1137 Bugtraq: 20041214 Linux kernel IGMP vulnerabilities (Google Search) Bugtraq: 20041214 [USN-38-1] Linux kernel vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110306397320336&w=2 http://isec.pl/vulnerabilities/isec-0018-igmp.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11144 http://www.redhat.com/support/errata/RHSA-2005-092.html SuSE Security Announcement: SUSE-SA:2004:044 (Google Search) http://www.novell.com/linux/security/advisories/2004_44_kernel.html XForce ISS Database: linux-igmpmarksources-dos(18482) https://exchange.xforce.ibmcloud.com/vulnerabilities/18482 XForce ISS Database: linux-ipmcsource-code-execution(18481) https://exchange.xforce.ibmcloud.com/vulnerabilities/18481 Common Vulnerability Exposure (CVE) ID: CVE-2004-1235 BugTraq ID: 12190 http://www.securityfocus.com/bid/12190 Bugtraq: 20050107 Linux kernel sys_uselib local root vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110512575901427&w=2 http://www.securityfocus.com/advisories/7806 http://www.securityfocus.com/advisories/7805 http://isec.pl/vulnerabilities/isec-0021-uselib.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9567 http://www.redhat.com/support/errata/RHSA-2005-016.html http://www.redhat.com/support/errata/RHSA-2005-017.html http://www.redhat.com/support/errata/RHSA-2005-043.html SuSE Security Announcement: SUSE-SR:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_sr.html XForce ISS Database: linux-uselib-gain-privileges(18800) https://exchange.xforce.ibmcloud.com/vulnerabilities/18800 Common Vulnerability Exposure (CVE) ID: CVE-2005-0001 BugTraq ID: 12244 http://www.securityfocus.com/bid/12244 Bugtraq: 20050112 Linux kernel i386 SMP page fault handler privilege escalation (Google Search) http://marc.info/?l=bugtraq&m=110554694522719&w=2 Bugtraq: 20050114 [USN-60-0] Linux kernel vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110581146702951&w=2 http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html http://isec.pl/vulnerabilities/isec-0022-pagefault.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10322 http://securitytracker.com/id?1012862 http://secunia.com/advisories/13822 XForce ISS Database: linux-fault-handler-gain-privileges(18849) https://exchange.xforce.ibmcloud.com/vulnerabilities/18849 Common Vulnerability Exposure (CVE) ID: CVE-2005-0176 BugTraq ID: 12598 http://www.securityfocus.com/bid/12598 Bugtraq: 20050215 [USN-82-1] Linux kernel vulnerabilities (Google Search) http://marc.info/?l=full-disclosure&m=110846102231365&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1225 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8778 http://www.redhat.com/support/errata/RHSA-2005-472.html http://secunia.com/advisories/19607 SGI Security Advisory: 20060402-01-U ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U Common Vulnerability Exposure (CVE) ID: CVE-2005-0177 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10298 Common Vulnerability Exposure (CVE) ID: CVE-2005-0178 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10647 Common Vulnerability Exposure (CVE) ID: CVE-2005-0179 http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9890 http://www.redhat.com/support/errata/RHSA-2005-663.html http://secunia.com/advisories/17002 http://www.vupen.com/english/advisories/2005/1878 Common Vulnerability Exposure (CVE) ID: CVE-2005-0180 BugTraq ID: 12198 http://www.securityfocus.com/bid/12198 Bugtraq: 20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories (Google Search) http://www.securityfocus.com/archive/1/386374 http://www.mandriva.com/security/advisories?name=MDKSA-2005:218 http://www.mandriva.com/security/advisories?name=MDKSA-2005:219 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10667 http://secunia.com/advisories/17826 Common Vulnerability Exposure (CVE) ID: CVE-2005-0207 BugTraq ID: 12330 http://www.securityfocus.com/bid/12330 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000930 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11001 http://www.redhat.com/support/errata/RHSA-2005-366.html SuSE Security Announcement: SUSE-SA:2005:003 (Google Search) http://www.securityfocus.com/advisories/7880 Common Vulnerability Exposure (CVE) ID: CVE-2005-0529 Bugtraq: 20050315 [USN-95-1] Linux kernel vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=111091402626556&w=2 http://marc.info/?l=full-disclosure&m=110846727602817&w=2 http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8994 SuSE Security Announcement: SUSE-SA:2005:018 (Google Search) http://www.novell.com/linux/security/advisories/2005_18_kernel.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0530 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10960 Common Vulnerability Exposure (CVE) ID: CVE-2005-0531 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10095 Common Vulnerability Exposure (CVE) ID: CVE-2004-1337 BugTraq ID: 12093 http://www.securityfocus.com/bid/12093 Bugtraq: 20041223 Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation (Google Search) http://marc.info/?l=bugtraq&m=110384535113035&w=2 XForce ISS Database: linux-security-module-gain-privileges(18673) https://exchange.xforce.ibmcloud.com/vulnerabilities/18673
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.