Red Hat Enterprise Linux
dereference[1], discovered by Tavis Ormandy and Julien Tinnes. This exploit
was written to illustrate the exploitability of this vulnerability on
Power/Cell BE architecture.
The exploit makes use of the SELinux and the mmap_min_addr problem to exploit
this vulnerability on Red Hat Enterprise Linux 5.3 and CentOS 5.3. The
problem, first noticed by Brad Spengler, was described by Red Hat in Red Hat
Knowledgebase article: Security-Enhanced Linux (SELinux) policy and the
mmap_min_addr protection[2].
Support for i386 and x86_64 was added for completeness. For a more complete
Microsoft Windows XP Professional / Home SP2
Linux Operating Systems
Version
Red Hat Enterprise Linux (WS/ES/AS) 5
Red Hat Enterprise Linux (WS/ES/AS) 4
Red Hat Enterprise Linux (WS/ES/AS) 3
HP has provided HP SNMP Agents for Linux v8.7.0 or subsequent and HP Insight Management Agents for Windows v8.70.0 or subsequent to resolve the vulnerabilities. These products are available as individual patches. They are also available on the Proliant Support Pack (PSP).
Patches
Red Hat Enterprise Linux - HP SNMP Agents v8.7.0
Product
File Name
HP SNMP Agents for Red Hat Enterprise Linux 5 (AMD64/EM64T)
Microsoft Windows Small Business 2003 Server Premium / Standard (incl. R2)
Microsoft Windows XP Professional / Home SP2
Linux Operating Systems
Red Hat Enterprise Linux (WS/ES/AS) 5
Red Hat Enterprise Linux (WS/ES/AS) 4
Red Hat Enterprise Linux (WS/ES/AS) 3
Microsoft Windows Small Business 2003 Server Premium / Standard (incl. R2)
Microsoft Windows XP Professional / Home SP2
==================
Linux Operating Systems
==================
Red Hat Enterprise Linux (WS/ES/AS) 5
Red Hat Enterprise Linux (WS/ES/AS) 4
Red Hat Enterprise Linux (WS/ES/AS) 3
SuSE Linux Enterprise Server 10
SuSE Linux Enterprise Server 9
===================
HP-UX B.11.31 (11i v3)
A.11.17.01
A.05.01, A.05.02
Red Hat Linux Advanced Server 2.1, Red Hat Enterprise Linux 3 or 4, SLES8/United Linux 1.0, Novell Linux Desktop 9, SLES9, Microsoft Windows XP Pro, Microsoft Windows 2000 Professional with SP1 or later, Windows 2003 Server Edition
A.11.16, A.11.17
A.05.00
Red Hat Enterprise Linux 4, SLES9, SLES10, Novell Linux Desktop 10.1, Windows XP Pro, Windows 2003 Server or Windows 2000 Professional with SP1 or later
A.11.16, A.11.17, A.11.17.01
ACE Management Server for Windows
ACE Management Server installation file for Windows
md5sum:33a015c4b236329bcb7e12c82271c417
ACE Management Server for Red Hat Enterprise Linux 4
ACE Management Server installation file for Red Hat Enterprise Linux 4
md5sum:dc3bd89fd2285f41ed42f8b28cd5535f
ACE Management Server for SUSE Enterprise Linux 9
ACE Management Server installation file for SUSE Enterprise Linux 9
ACE Management Server for SUSE Enterprise Linux 9
md5sum: 59b3ad5964daef2844e72fd1765590fc
sha1sum: 91048de7665f5dc466f06e2ebc4c08f08026a97f
ACE Management Server for Red Hat Enterprise Linux 4
md5sum: 6623f6a8a645402a1c8c351ec99a1889
sha1sum: a6d74ba072c5a513fcf8993edebaaf7f8225c05d
VMware ACE 2.5.4
----------------
Version 13.0.0 of the Helix Server and the Helix Mobile Server. This
only pertains to supported versions of the platforms listed below. The
updated version will be available on your RealNetworks PAM site after
12:00 am PST, on July 14, 2009."
. Red Hat Enterprise Linux 4
. Red Hat Enterprise Linux 5
. Sun Solaris 10
. Windows 2003
Affected Platforms:
Microsoft Windows 2003 R2
Microsoft Windows 2003 SP1
Microsoft Windows 2003 SP2
Microsoft Windows 2000 Server Family with SP4 applied (32 bit only)
Red Hat Enterprise Linux 3.0 x86
Red Hat Enterprise Linux 4.0 x86
SUSE Linux Enterprise Server 9 (SLES) x86
SUSE Linux Enterprise Server 10 SP1 (SLES) x86
Sun Solaris 9 SPARC (64 bit only)
Sun Solaris 10 SPARC (64 bit only)
ACE Management Server for Windows
ACE Management Server installation file for Windows
md5sum: 33a015c4b236329bcb7e12c82271c417
ACE Management Server for Red Hat Enterprise Linux 4
ACE Management Server installation file for Red Hat Enterprise Linux 4
md5sum: dc3bd89fd2285f41ed42f8b28cd5535f
ACE Management Server for SUSE Enterprise Linux 9
ACE Management Server installation file for SUSE Enterprise Linux 9
ACE Management Server for SUSE Enterprise Linux 9
md5sum: 59b3ad5964daef2844e72fd1765590fc
sha1sum: 91048de7665f5dc466f06e2ebc4c08f08026a97f
ACE Management Server for Red Hat Enterprise Linux 4
md5sum: 6623f6a8a645402a1c8c351ec99a1889
sha1sum: a6d74ba072c5a513fcf8993edebaaf7f8225c05d
VMware ACE 2.5.4
----------------
The kernel in rPath Linux 2 has been updated to 2.6.32.
In order to provide maximum hardware compatibility without
removing features already shipping as a part of rPath Linux 2,
we have decided to base the rPath Linux kernel on the sources
to the Red Hat Enterprise Linux 6 kernel. This is a 2.6.32
kernel with a number of patches added for performance
improvements and additional hardware support. Using this as
our "upstream" source will make it easier for us to keep up
with security and hardware support updates, and may also make
it simpler for customers to build third party kernel modules
Note: Two HP System Management Homepage for Windows v2.1.10.186 files are available, one localized for English and one localized for Japanese. One file is available for HP System Management Homepage for Linux (x86) and one file is available for HP System Management Homepage for Linux (AMD64/EM64T). Each Linux file contains the localizations for both English and Japanese.
HP System Management Homepage v2.1.10-186 is also available in the following ProLiant Support Packs.
ProLiant Support Pack for Red Hat Enterprise Linux 5 version 7.90 http://h18023.www1.hp.com/support/files/server/us/download/27567.html
ProLiant Support Pack for Microsoft Windows Server 2003 version 7.90 A http://h18023.www1.hp.com/support/files/server/us/download/27534.html
Platform
Windows
Solaris
Red Hat Enterprise Linux
Affected Products
CA Arcot WebFort Versatile Authentication Server (VAS) prior to 6.2.5
ACE Management Server for SUSE Enterprise Linux 9
SLES 9 .rpm
md5sum: a4fc92d7197f0d569361cdf4b8cca642
sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4
RHEL 4 .rpm
md5sum: 841005151338c8b954f08d035815fd58
sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
ACE Management Server for SUSE Enterprise Linux 9
SLES 9 .rpm
md5sum: 7fcb0409474c7e81accc90f25d80b00e
sha1sum: 385b254930dd6b8c53e3c805653c1fa1b07a6161
ACE Management Server for Red Hat Enterprise Linux 4
RHEL 4 .rpm
md5sum: 745e3115f8557fa04c2ddaf25320a911
sha1sum: ef75d572325a32a7582dbb4c352541978d3cebeb
Who is affected?
Users of all Webwasher appliances version 6.x (CGLinux 4 or 5):
•If not running current version of Webwasher software but build numbers prior to 3150
Users of Webwasher software versions
•If running on RedHat Enterprise Linux 4, Debian Linux 4 or Linux Suse Linue 10
•And if not running current version of Webwasher software but build numbers prior to 3150
Who is not affected?
•All Webwasher installations on current versions – build numbers 3150 or newer
•Webwasher Software customers on Windows, Solaris, Linux RedHat Enterprise 3, Linux Suse 8 and 9, Debian 3.1 and Webwasher appliances running with CGLinux 3.x are not affected.
ACE Management Server for SUSE Enterprise Linux 9
SLES 9 .rpm
md5sum: 7fcb0409474c7e81accc90f25d80b00e
sha1sum: 385b254930dd6b8c53e3c805653c1fa1b07a6161
ACE Management Server for Red Hat Enterprise Linux 4
RHEL 4 .rpm
md5sum: 745e3115f8557fa04c2ddaf25320a911
sha1sum: ef75d572325a32a7582dbb4c352541978d3cebeb
ACE Management Server for SUSE Enterprise Linux 9
SLES 9 .rpm
md5sum: a4fc92d7197f0d569361cdf4b8cca642
sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4
RHEL 4 .rpm
md5sum: 841005151338c8b954f08d035815fd58
sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
The gfs2_lock function in the Linux kernel before
2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux
kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly
remove POSIX locks on files that are setgid without group-execute
permission, which allows local users to cause a denial of service
(BUG and system crash) by locking a file on a (1) GFS or (2) GFS2
filesystem, and then changing this file's permissions. (CVE-2010-0727)
security content. The OpenVAS server can now execute OVAL files just like its
own Network Vulnerability Tests (NVTs) using the OVAL definitions interpreter
"ovaldi". While the plain ovaldi tool can only check local systems where it
is installed, the combination with OpenVAS enables ovaldi to test any target
system for which OpenVAS has collected information. OpenVAS 2.0.0 includes
readily available support for Red Hat Enterprise Linux security announcements
as published in OVAL format. OVAL support will expand to further platforms.
* OpenVAS Transfer Protocol (OTP):
A comprehensive audit of the Nessus Transfer Protocol (NTP) resulted in
numerous improvements and fixes and lead to the OpenVAS Transfer Protocol
ACE Management Server for SUSE Enterprise Linux 9
SLES 9 .rpm
md5sum: a4fc92d7197f0d569361cdf4b8cca642
sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4
RHEL 4 .rpm
md5sum: 841005151338c8b954f08d035815fd58
sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
etch:
deb https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ debian-etch/syslog-ng-2.1 syslog-ng-pe
RedHat Enterprise Linux
-----------------------
RHEL-4
rpm https://USERNAME:PASSWORD@apt.balabit.com/syslog-ng/premium/ rhel-4/syslog-ng-2.1 syslog-ng-pe
ACE Management Server for SUSE Enterprise Linux 9
SLES 9 .rpm
md5sum: 7fcb0409474c7e81accc90f25d80b00e
sha1sum: 385b254930dd6b8c53e3c805653c1fa1b07a6161
ACE Management Server for Red Hat Enterprise Linux 4
RHEL 4 .rpm
md5sum: 745e3115f8557fa04c2ddaf25320a911
sha1sum: ef75d572325a32a7582dbb4c352541978d3cebeb
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
g. vMA and Service Console package openssh update to 4.3p2-36.el5_4.2
A Red Hat specific patch used in the openssh packages as shipped in
Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain
ownership requirements for directories used as arguments for the
ChrootDirectory configuration options. A malicious user that also
has or previously had non-chroot shell access to a system could
possibly use this flaw to escalate their privileges and run
commands as any system user.
Multiple vulnerabilities was discovered and fixed in glibc:
Multiple untrusted search path vulnerabilities in elf/dl-object.c in
certain modified versions of the GNU C Library (aka glibc or libc6),
including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat
Enterprise Linux, allow local users to gain privileges via a crafted
dynamic shared object (DSO) in a subdirectory of the current working
directory during execution of a (1) setuid or (2) setgid program that
has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because
of an incorrect fix for CVE-2010-3847 (CVE-2011-0536).
Details
=======
ANM is a network management application that manages Cisco ACE modules
or appliances. ANM is installed on customer provided servers with a Red
Hat Enterprise Linux operating system. The ACE Device Manager provides
a browser-based interface for configuring and managing a single ACE
appliance. The ACE Device Manager resides in flash memory on the ACE
appliance. Multiple vulnerabilities exist in ANM and one in the ACE
Device Manager products. The following details are provided for each
vulnerability addressed in this security advisory.
Problem Description:
A vulnerability has been found and corrected in net-snmp:
agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise
Linux (RHEL) 3 allows remote attackers to cause a denial of service
(daemon crash) via a crafted SNMP GETBULK request that triggers a
divide-by-zero error. NOTE: this vulnerability exists because of an
incorrect fix for CVE-2008-4309 (CVE-2009-1887).
This update provides fixes for this vulnerability.
EnterpriseDB Advanced Server 8.2 in all supported operative systems.
Tested Operative Systems:
Microsoft Windows 2003 SP2 x86
Red hat Enterprise Linux 4 x86
Vulnerability Details:
A problem was found in the product EnterpriseDB which may lead to remote
code execution altought that point wasn't demostrated. At least, it is a
|
