Description: | Description:
The remote host is missing updates announced in advisory CLA-2003:618.
The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system.
Alan Cox published[4] a vulnerability[1] in the linux kernel found by Andrzej Szombierski that could be used by a local attacker to obtain root privileges.
When a process requires a feature that a certain kernel module provides, the kernel will spawn a child process, give it root privileges and call /sbin/modprobe to load that module. A local attacker can create such a process, make it request a kernel module and wait for the child process to be spawned. Before the privilege change, the attacker can attach to this child process and insert code that will later be run with root privileges.
The Common Vulnerabilities and Exposures project has assigned the name CVE-2003-0127[1] to this issue.
Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade'
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0127 http://distro.conectiva.com.br/atualizacoes/ http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:618 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003
Risk factor : High
CVSS Score: 7.2
|