Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.62989
Kategorie:SuSE Local Security Checks
Titel:SuSE Security Advisory SUSE-SA:2008:037 (kernel)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory SUSE-SA:2008:037.

The openSUSE 11.0 kernel was updated to 2.6.25.11-0.1.

It fixes following security problems:
CVE-2008-2812: Various tty / serial devices did not check
function pointers for NULL before calling them, leading to potential
crashes or code execution. The devices affected are usually only
accessible by the root user though.

CVE-2008-2750: The pppol2tp_recvmsg function in drivers/net/pppol2tp.c
in the Linux kernel allows remote attackers to cause a denial of
service (kernel heap memory corruption and system crash) and possibly
have unspecified other impact via a crafted PPPOL2TP packet that
results in a large value for a certain length variable.

CVE-2008-3247: On x86_64 systems, a incorrect buffer size in LDT
handling might lead to local untrusted attackers causing a crash
of the machine or potentially execute code with kernel privileges.
This problem only affects the openSUSE 11.0 kernel, since the problem
was introduced in the 2.6.25 kernel.

The update also has lots of other bugfixes that are listed in the
RPM changelog.

We previously also released a 2.6.25.9-0.2 kernel but did not
separately announce it. That update fixed the following security
problems:

CVE-2008-2372: A resource starvation issue within mmap was fixed,
which could have been used by local attackers to hang the machine.

CVE-2008-2826: A integer overflow in SCTP was fixed, which might have
been used by remote attackers to crash the machine or potentially
execute code.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2008:037

Risk factor : High

CVSS Score:
7.8

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-2372
http://new-ubuntu-news.blogspot.com/2008/06/re-pending-stable-kernel-security_25.html
http://www.ussg.iu.edu/hypermail/linux/kernel/0804.3/3203.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9383
http://www.redhat.com/support/errata/RHSA-2008-0585.html
http://www.redhat.com/support/errata/RHSA-2008-0957.html
http://secunia.com/advisories/30901
http://secunia.com/advisories/30982
http://secunia.com/advisories/31202
http://secunia.com/advisories/31628
http://secunia.com/advisories/32393
http://secunia.com/advisories/32485
SuSE Security Announcement: SUSE-SA:2008:035 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html
SuSE Security Announcement: SUSE-SA:2008:037 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html
SuSE Security Announcement: SUSE-SA:2008:038 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html
http://www.ubuntu.com/usn/usn-659-1
XForce ISS Database: linux-kernel-getuserpages-dos(43550)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43550
Common Vulnerability Exposure (CVE) ID: CVE-2008-2750
BugTraq ID: 29747
http://www.securityfocus.com/bid/29747
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00082.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
http://www.openwall.com/lists/oss-security/2008/06/19/3
http://securitytracker.com/id?1020297
http://secunia.com/advisories/30719
http://secunia.com/advisories/30920
http://secunia.com/advisories/31107
http://www.ubuntu.com/usn/usn-625-1
http://www.vupen.com/english/advisories/2008/1854
XForce ISS Database: linux-kernel-pppol2tprecvmsg-dos(43111)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43111
Common Vulnerability Exposure (CVE) ID: CVE-2008-2812
BugTraq ID: 30076
http://www.securityfocus.com/bid/30076
Debian Security Information: DSA-1630 (Google Search)
http://www.debian.org/security/2008/dsa-1630
http://www.openwall.com/lists/oss-security/2008/07/03/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633
http://www.redhat.com/support/errata/RHSA-2008-0612.html
http://www.redhat.com/support/errata/RHSA-2008-0665.html
http://www.redhat.com/support/errata/RHSA-2008-0973.html
http://secunia.com/advisories/31048
http://secunia.com/advisories/31229
http://secunia.com/advisories/31341
http://secunia.com/advisories/31551
http://secunia.com/advisories/31614
http://secunia.com/advisories/31685
http://secunia.com/advisories/32103
http://secunia.com/advisories/32370
http://secunia.com/advisories/32759
http://secunia.com/advisories/33201
SuSE Security Announcement: SUSE-SA:2008:047 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html
SuSE Security Announcement: SUSE-SA:2008:049 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
SuSE Security Announcement: SUSE-SA:2008:052 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
https://usn.ubuntu.com/637-1/
http://www.vupen.com/english/advisories/2008/2063/references
XForce ISS Database: kernel-tty-dos(43687)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43687
Common Vulnerability Exposure (CVE) ID: CVE-2008-2826
BugTraq ID: 29990
http://www.securityfocus.com/bid/29990
http://www.mandriva.com/security/advisories?name=MDVSA-2008:174
http://www.securitytracker.com/id?1020514
http://www.vupen.com/english/advisories/2008/2511
XForce ISS Database: linux-kernel-sctpgetsockopt-dos(43559)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43559
Common Vulnerability Exposure (CVE) ID: CVE-2008-3247
BugTraq ID: 30351
http://www.securityfocus.com/bid/30351
http://www.securitytracker.com/id?1020544
http://secunia.com/advisories/31172
XForce ISS Database: linux-kernel-ldt-dos(43979)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43979
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.