English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.703927
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 3927-1 (linux - security update)
Zusammenfassung:Several vulnerabilities have been discovered in the Linux kernel that;may lead to a privilege escalation, denial of service or information;leaks.;;CVE-2017-7346;Li Qiang discovered that the DRM driver for VMware virtual GPUs does;not properly check user-controlled values in the;vmw_surface_define_ioctl() functions for upper limits. A local user;can take advantage of this flaw to cause a denial of service.;;CVE-2017-7482;Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does;not properly verify metadata, leading to information disclosure,;denial of service or potentially execution of arbitrary code.;;CVE-2017-7533;Fan Wu and Shixiong Zhao discovered a race condition between inotify;events and VFS rename operations allowing an unprivileged local;attacker to cause a denial of service or escalate privileges.;;CVE-2017-7541;A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN;driver could allow a local user to cause kernel memory corruption,;leading to a denial of service or potentially privilege escalation.;;CVE-2017-7542;An integer overflow vulnerability in the ip6_find_1stfragopt();function was found allowing a local attacker with privileges to open;raw sockets to cause a denial of service.;;CVE-2017-9605;Murray McAllister discovered that the DRM driver for VMware virtual;GPUs does not properly initialize memory, potentially allowing a;local attacker to obtain sensitive information from uninitialized;kernel memory via a crafted ioctl call.;;CVE-2017-10810;Li Qiang discovered a memory leak flaw within the VirtIO GPU driver;resulting in denial of service (memory consumption).;;CVE-2017-10911 /;XSA-216;Anthony Perard of Citrix discovered an information leak flaw in Xen;blkif response handling, allowing a malicious unprivileged guest to;obtain sensitive information from the host or other guests.;;CVE-2017-11176;It was discovered that the mq_notify() function does not set the;sock pointer to NULL upon entry into the retry logic. An attacker;can take advantage of this flaw during a user-space close of a;Netlink socket to cause a denial of service or potentially cause;other impact.;;CVE-2017-1000365;It was discovered that argument and environment pointers are not;taken properly into account to the imposed size restrictions on;arguments and environmental strings passed through;RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of;this flaw in conjunction with other flaws to execute arbitrary code.
Beschreibung:Summary:
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2017-7346
Li Qiang discovered that the DRM driver for VMware virtual GPUs does
not properly check user-controlled values in the
vmw_surface_define_ioctl() functions for upper limits. A local user
can take advantage of this flaw to cause a denial of service.

CVE-2017-7482
Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does
not properly verify metadata, leading to information disclosure,
denial of service or potentially execution of arbitrary code.

CVE-2017-7533
Fan Wu and Shixiong Zhao discovered a race condition between inotify
events and VFS rename operations allowing an unprivileged local
attacker to cause a denial of service or escalate privileges.

CVE-2017-7541
A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN
driver could allow a local user to cause kernel memory corruption,
leading to a denial of service or potentially privilege escalation.

CVE-2017-7542
An integer overflow vulnerability in the ip6_find_1stfragopt()
function was found allowing a local attacker with privileges to open
raw sockets to cause a denial of service.

CVE-2017-9605
Murray McAllister discovered that the DRM driver for VMware virtual
GPUs does not properly initialize memory, potentially allowing a
local attacker to obtain sensitive information from uninitialized
kernel memory via a crafted ioctl call.

CVE-2017-10810
Li Qiang discovered a memory leak flaw within the VirtIO GPU driver
resulting in denial of service (memory consumption).

CVE-2017-10911 /
XSA-216
Anthony Perard of Citrix discovered an information leak flaw in Xen
blkif response handling, allowing a malicious unprivileged guest to
obtain sensitive information from the host or other guests.

CVE-2017-11176
It was discovered that the mq_notify() function does not set the
sock pointer to NULL upon entry into the retry logic. An attacker
can take advantage of this flaw during a user-space close of a
Netlink socket to cause a denial of service or potentially cause
other impact.

CVE-2017-1000365
It was discovered that argument and environment pointers are not
taken properly into account to the imposed size restrictions on
arguments and environmental strings passed through
RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of
this flaw in conjunction with other flaws to execute arbitrary code.

Affected Software/OS:
linux on Debian Linux

Solution:
For the oldstable distribution (jessie), these problems will be fixed in
a subsequent DSA.

For the stable distribution (stretch), these problems have been fixed in
version 4.9.30-2+deb9u3.

We recommend that you upgrade your linux packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-7346
BugTraq ID: 97257
http://www.securityfocus.com/bid/97257
Debian Security Information: DSA-3927 (Google Search)
http://www.debian.org/security/2017/dsa-3927
Debian Security Information: DSA-3945 (Google Search)
http://www.debian.org/security/2017/dsa-3945
Common Vulnerability Exposure (CVE) ID: CVE-2017-7482
BugTraq ID: 99299
http://www.securityfocus.com/bid/99299
https://www.debian.org/security/2017/dsa-3927
https://www.debian.org/security/2017/dsa-3945
http://seclists.org/oss-sec/2017/q2/602
RedHat Security Advisories: RHSA-2019:0641
https://access.redhat.com/errata/RHSA-2019:0641
http://www.securitytracker.com/id/1038787
Common Vulnerability Exposure (CVE) ID: CVE-2017-7533
BugTraq ID: 100123
http://www.securityfocus.com/bid/100123
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e
http://openwall.com/lists/oss-security/2017/08/03/2
https://bugzilla.redhat.com/show_bug.cgi?id=1468283
https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e
https://patchwork.kernel.org/patch/9755753/
https://patchwork.kernel.org/patch/9755757/
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1408967.html
http://www.openwall.com/lists/oss-security/2019/06/27/7
http://www.openwall.com/lists/oss-security/2019/06/28/1
http://www.openwall.com/lists/oss-security/2019/06/28/2
RedHat Security Advisories: RHSA-2017:2473
https://access.redhat.com/errata/RHSA-2017:2473
RedHat Security Advisories: RHSA-2017:2585
https://access.redhat.com/errata/RHSA-2017:2585
RedHat Security Advisories: RHSA-2017:2669
https://access.redhat.com/errata/RHSA-2017:2669
RedHat Security Advisories: RHSA-2017:2770
https://access.redhat.com/errata/RHSA-2017:2770
RedHat Security Advisories: RHSA-2017:2869
https://access.redhat.com/errata/RHSA-2017:2869
http://www.securitytracker.com/id/1039075
Common Vulnerability Exposure (CVE) ID: CVE-2017-7541
BugTraq ID: 99955
http://www.securityfocus.com/bid/99955
RedHat Security Advisories: RHSA-2017:2863
https://access.redhat.com/errata/RHSA-2017:2863
RedHat Security Advisories: RHSA-2017:2918
https://access.redhat.com/errata/RHSA-2017:2918
RedHat Security Advisories: RHSA-2017:2930
https://access.redhat.com/errata/RHSA-2017:2930
RedHat Security Advisories: RHSA-2017:2931
https://access.redhat.com/errata/RHSA-2017:2931
http://www.securitytracker.com/id/1038981
Common Vulnerability Exposure (CVE) ID: CVE-2017-7542
BugTraq ID: 99953
http://www.securityfocus.com/bid/99953
RedHat Security Advisories: RHSA-2018:0169
https://access.redhat.com/errata/RHSA-2018:0169
https://usn.ubuntu.com/3583-1/
https://usn.ubuntu.com/3583-2/
Common Vulnerability Exposure (CVE) ID: CVE-2017-9605
BugTraq ID: 99095
http://www.securityfocus.com/bid/99095
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.