Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.55415
Category:Trustix Local Security Checks
Title:Trustix Security Advisory TSLSA-2005-0049 (Multiple packages)
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory TSLSA-2005-0049.

kernel < TSL 3.0 >
- SECURITY Fix: Fix unchecked __get_user that could be tricked into
generating a memory read on an arbitrary address. The result of the
read is not returned directly but you may be able to divine some
information about it, or use the read to cause a crash on some
architectures by reading hardware state.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2005-2492 to this issue.

- SECURITY Fix: Al Viro reported a flaw in sendmsg(). When we copy
32bit ->msg_control contents to kernel, we walk the same userland data
twice without sanity checks on the second pass. Moreover, if original
looks small enough, we end up copying to on-stack array.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2005-2490 to this issue.

util-linux < TSL 3.0 > < TSL 2.2 > < TSEL-2 >
- SECURITY Fix: unintentional grant of privileges by umount in util-linux
allows local users with unmount permissions to gain privileges via the
-r (remount) option, which causes the file system to be remounted with
just the read-only flag, which effectively clears the nosuid, nodev,
and other flags. (SA16795)

xorg-x11 < TSL 3.0 >
- SECURITY Fix: Heap overflow in pixmap allocation, An integer overflow
in pixmap memory allocation potentially allows any xorg-x11 user to
execute arbitrary code with elevated privileges.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2005-2495 to this issue.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

https://secure1.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0049

Risk factor : High

CVSS Score:
5.1

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-2492
BugTraq ID: 14787
http://www.securityfocus.com/bid/14787
http://www.securityfocus.com/archive/1/427980/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2005:220
http://www.mandriva.com/security/advisories?name=MDKSA-2005:235
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166830
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11031
http://www.redhat.com/support/errata/RHSA-2005-514.html
http://secunia.com/advisories/16747/
http://secunia.com/advisories/17073
http://secunia.com/advisories/17918
SuSE Security Announcement: SUSE-SA:2005:068 (Google Search)
http://www.securityfocus.com/archive/1/419522/100/0/threaded
http://marc.info/?l=bugtraq&m=112690609622266&w=2
http://www.ubuntu.com/usn/usn-178-1
XForce ISS Database: kernel-rawsendmsg-obtain-information(22218)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22218
Common Vulnerability Exposure (CVE) ID: CVE-2005-2490
BugTraq ID: 14785
http://www.securityfocus.com/bid/14785
Debian Security Information: DSA-1017 (Google Search)
http://www.debian.org/security/2006/dsa-1017
http://www.securityfocus.com/archive/1/428028/100/0/threaded
http://www.securityfocus.com/archive/1/428058/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166248
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10481
http://www.redhat.com/support/errata/RHSA-2005-663.html
http://secunia.com/advisories/17002
http://secunia.com/advisories/17826
http://secunia.com/advisories/19374
http://www.vupen.com/english/advisories/2005/1878
XForce ISS Database: kernel-sendmsg-bo(22217)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22217
Common Vulnerability Exposure (CVE) ID: CVE-2005-2495
BugTraq ID: 14807
http://www.securityfocus.com/bid/14807
CERT/CC vulnerability note: VU#102441
http://www.kb.cert.org/vuls/id/102441
Debian Security Information: DSA-816 (Google Search)
http://www.debian.org/security/2005/dsa-816
http://www.securityfocus.com/advisories/9285
http://www.securityfocus.com/advisories/9286
http://www.securityfocus.com/archive/1/427045/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200509-07.xml
HPdes Security Advisory: HPSBUX02137
http://www.securityfocus.com/archive/1/442163/100/0/threaded
HPdes Security Advisory: SSRT051024
http://www.mandriva.com/security/advisories?name=MDKSA-2005:164
http://www.osvdb.org/19352
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1044
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9615
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A998
http://www.redhat.com/support/errata/RHSA-2005-329.html
http://www.redhat.com/support/errata/RHSA-2005-396.html
http://www.redhat.com/support/errata/RHSA-2005-501.html
SCO Security Bulletin: SCOSA-2006.22
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.22/SCOSA-2006.22.txt
http://securitytracker.com/id?1014887
http://secunia.com/advisories/16777
http://secunia.com/advisories/16790
http://secunia.com/advisories/17044
http://secunia.com/advisories/17215
http://secunia.com/advisories/17258
http://secunia.com/advisories/17278
http://secunia.com/advisories/19624
http://secunia.com/advisories/19796
http://secunia.com/advisories/21318
SGI Security Advisory: 20060403-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101926-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101953-1
SuSE Security Announcement: SUSE-SA:2005:056 (Google Search)
http://www.novell.com/linux/security/advisories/2005_56_xserver.html
SuSE Security Announcement: SUSE-SR:2005:023 (Google Search)
http://www.novell.com/linux/security/advisories/2005_23_sr.html
https://www.ubuntu.com/usn/usn-182-1/
http://www.vupen.com/english/advisories/2006/3140
XForce ISS Database: xorg-pixmap-bo(22244)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22244
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.