Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.881979
Categoría:CentOS Local Security Checks
Título:CentOS Update for kernel CESA-2014:0981 centos6
Resumen:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any
Linux operating system.

* A use-after-free flaw was found in the way the ping_init_sock() function
of the Linux kernel handled the group_info reference counter. A local,
unprivileged user could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2014-2851, Important)

* A NULL pointer dereference flaw was found in the way the
futex_wait_requeue_pi() function of the Linux kernel's futex subsystem
handled the requeuing of certain Priority Inheritance (PI) futexes.
A local, unprivileged user could use this flaw to crash the system.
(CVE-2012-6647, Moderate)

* A NULL pointer dereference flaw was found in the rds_ib_laddr_check()
function in the Linux kernel's implementation of Reliable Datagram Sockets
(RDS). A local, unprivileged user could use this flaw to crash the system.
(CVE-2013-7339, Moderate)

* It was found that a remote attacker could use a race condition flaw in
the ath_tx_aggr_sleep() function to crash the system by creating large
network traffic on the system's Atheros 9k wireless network adapter.
(CVE-2014-2672, Moderate)

* A NULL pointer dereference flaw was found in the rds_iw_laddr_check()
function in the Linux kernel's implementation of Reliable Datagram Sockets
(RDS). A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-2678, Moderate)

* A race condition flaw was found in the way the Linux kernel's mac80211
subsystem implementation handled synchronization between TX and STA wake-up
code paths. A remote attacker could use this flaw to crash the system.
(CVE-2014-2706, Moderate)

* An out-of-bounds memory access flaw was found in the Netlink Attribute
extension of the Berkeley Packet Filter (BPF) interpreter functionality in
the Linux kernel's networking implementation. A local, unprivileged user
could use this flaw to crash the system or leak kernel memory to user space
via a specially crafted socket filter. (CVE-2014-3144, CVE-2014-3145,
Moderate)

This update also fixes several bugs and adds one enhancement.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add this
enhancement. The system must be rebooted for this update to take effect.

Affected Software/OS:
kernel on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-6647
http://www.openwall.com/lists/oss-security/2014/05/14/9
Common Vulnerability Exposure (CVE) ID: CVE-2013-7339
BugTraq ID: 66351
http://www.securityfocus.com/bid/66351
http://www.openwall.com/lists/oss-security/2014/03/20/14
http://secunia.com/advisories/59386
Common Vulnerability Exposure (CVE) ID: CVE-2014-2672
BugTraq ID: 66492
http://www.securityfocus.com/bid/66492
http://www.openwall.com/lists/oss-security/2014/03/30/5
http://secunia.com/advisories/57468
Common Vulnerability Exposure (CVE) ID: CVE-2014-2678
BugTraq ID: 66543
http://www.securityfocus.com/bid/66543
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html
https://lkml.org/lkml/2014/3/29/188
http://www.openwall.com/lists/oss-security/2014/03/31/10
http://secunia.com/advisories/60130
http://secunia.com/advisories/60471
Common Vulnerability Exposure (CVE) ID: CVE-2014-2706
BugTraq ID: 66591
http://www.securityfocus.com/bid/66591
http://www.openwall.com/lists/oss-security/2014/04/01/8
http://www.securitytracker.com/id/1038201
http://secunia.com/advisories/60613
SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-2851
BugTraq ID: 66779
http://www.securityfocus.com/bid/66779
Debian Security Information: DSA-2926 (Google Search)
http://www.debian.org/security/2014/dsa-2926
https://lkml.org/lkml/2014/4/10/736
http://www.openwall.com/lists/oss-security/2014/04/11/4
http://www.securitytracker.com/id/1030769
http://secunia.com/advisories/59599
Common Vulnerability Exposure (CVE) ID: CVE-2014-3144
BugTraq ID: 67309
http://www.securityfocus.com/bid/67309
Debian Security Information: DSA-2949 (Google Search)
http://www.debian.org/security/2014/dsa-2949
http://www.openwall.com/lists/oss-security/2014/05/09/6
http://secunia.com/advisories/58990
http://secunia.com/advisories/59311
http://secunia.com/advisories/59597
http://www.ubuntu.com/usn/USN-2251-1
http://www.ubuntu.com/usn/USN-2252-1
http://www.ubuntu.com/usn/USN-2259-1
http://www.ubuntu.com/usn/USN-2261-1
http://www.ubuntu.com/usn/USN-2262-1
http://www.ubuntu.com/usn/USN-2263-1
http://www.ubuntu.com/usn/USN-2264-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3145
BugTraq ID: 67321
http://www.securityfocus.com/bid/67321
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.