Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.69179 |
Categoría: | Red Hat Local Security Checks |
Título: | RedHat Security Advisory RHSA-2011:0320 |
Resumen: | NOSUMMARY |
Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2011:0320. The libcgroup packages provide tools and libraries to control and monitor control groups. A heap-based buffer overflow flaw was found in the way libcgroup converted a list of user-provided controllers for a particular task into an array of strings. A local attacker could use this flaw to escalate their privileges via a specially-crafted list of controllers. (CVE-2011-1006) It was discovered that libcgroup did not properly check the origin of Netlink messages. A local attacker could use this flaw to send crafted Netlink messages to the cgrulesengd daemon, causing it to put processes into one or more existing control groups, based on the attacker's choosing, possibly allowing the particular tasks to run with more resources (memory, CPU, etc.) than originally intended. (CVE-2011-1022) Red Hat would like to thank Nelson Elhage for reporting the CVE-2011-1006 issue. All libcgroup users should upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0320.html Risk factor : High CVSS Score: 7.2 |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-1006 BugTraq ID: 46729 http://www.securityfocus.com/bid/46729 Debian Security Information: DSA-2193 (Google Search) http://www.debian.org/security/2011/dsa-2193 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html http://www.redhat.com/support/errata/RHSA-2011-0320.html http://www.securitytracker.com/id?1025158 http://secunia.com/advisories/43611 http://secunia.com/advisories/43758 http://secunia.com/advisories/43891 http://secunia.com/advisories/44093 SuSE Security Announcement: openSUSE-SU-2011:0316 (Google Search) http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html http://www.vupen.com/english/advisories/2011/0679 http://www.vupen.com/english/advisories/2011/0774 Common Vulnerability Exposure (CVE) ID: CVE-2011-1022 BugTraq ID: 46578 http://www.securityfocus.com/bid/46578 http://sourceforge.net/mailarchive/message.php?msg_id=26598749 http://sourceforge.net/mailarchive/message.php?msg_id=27102603 http://openwall.com/lists/oss-security/2011/02/25/6 http://openwall.com/lists/oss-security/2011/02/25/11 http://openwall.com/lists/oss-security/2011/02/25/12 http://openwall.com/lists/oss-security/2011/02/25/14 http://openwall.com/lists/oss-security/2011/02/25/9 http://www.securitytracker.com/id?1025157 |
Copyright | Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |