Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.52887
Kategorie:Turbolinux Local Security Tests
Titel:Turbolinux TLSA-2004-14 (kernel)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to kernel
announced via advisory TLSA-2004-14.

The kernel package contains the Linux kernel (vmlinuz), the core of your Linux operating system.

- Real time clock (RTC) routines in Linux kernel does not properly initialize their structures,
which could leak kernel data to user space.
- The R128 driver has a vulnerability.
- Stack-based buffer overflow in the ncp_lookup function for ncpfs in kernel.
- Buffer overflow in the ISO9660 file system component for Linux kernel.
- The OSS code for the Sound Blaster driver in Linux 2.4.x does not properly handle certain sample sizes,
which allows local users to cause a denial of service (crash).
- The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written
to the device for an ext3 file system, which allows local users to obtain sensitive information by
reading the raw device.
- A potential buffer overflow exists in the panic() function in kernel.
- The do_fork function in Linux 2.4.x and 2.6.x does not properly decrement the mm_count counter
when an error occurs after the mm_struct for a child process has been activated,
which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion).

The vulnerabilities may allow an attacker to cause a denial of
service to the kernel and gain sensitive information from your system.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2004-14

Risk factor : High

CVSS Score:
7.2

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-0010
BugTraq ID: 9691
http://www.securityfocus.com/bid/9691
Computer Incident Advisory Center Bulletin: O-082
http://www.ciac.org/ciac/bulletins/o-082.shtml
Conectiva Linux advisory: CLA-2004:820
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
Debian Security Information: DSA-479 (Google Search)
http://www.debian.org/security/2004/dsa-479
Debian Security Information: DSA-480 (Google Search)
http://www.debian.org/security/2004/dsa-480
Debian Security Information: DSA-481 (Google Search)
http://www.debian.org/security/2004/dsa-481
Debian Security Information: DSA-482 (Google Search)
http://www.debian.org/security/2004/dsa-482
Debian Security Information: DSA-489 (Google Search)
http://www.debian.org/security/2004/dsa-489
Debian Security Information: DSA-491 (Google Search)
http://www.debian.org/security/2004/dsa-491
Debian Security Information: DSA-495 (Google Search)
http://www.debian.org/security/2004/dsa-495
http://fedoranews.org/updates/FEDORA-2004-079.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1035
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11388
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A835
http://www.redhat.com/support/errata/RHSA-2004-065.html
http://www.redhat.com/support/errata/RHSA-2004-069.html
http://www.redhat.com/support/errata/RHSA-2004-188.html
SuSE Security Announcement: SuSE-SA:2004:005 (Google Search)
http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
TurboLinux Advisory: TLSA-2004-05
http://www.securityfocus.com/advisories/6759
XForce ISS Database: linux-ncplookup-gain-privileges(15250)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15250
Common Vulnerability Exposure (CVE) ID: CVE-2004-0394
BugTraq ID: 10233
http://www.securityfocus.com/bid/10233
Conectiva Linux advisory: CLA-2004:846
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
Debian Security Information: DSA-1067 (Google Search)
http://www.debian.org/security/2006/dsa-1067
Debian Security Information: DSA-1069 (Google Search)
http://www.debian.org/security/2006/dsa-1069
Debian Security Information: DSA-1070 (Google Search)
http://www.debian.org/security/2006/dsa-1070
Debian Security Information: DSA-1082 (Google Search)
http://www.debian.org/security/2006/dsa-1082
En Garde Linux Advisory: ESA-20040428-004
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
http://security.gentoo.org/glsa/glsa-200407-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:037
http://lwn.net/Articles/81773/
http://secunia.com/advisories/20162
http://secunia.com/advisories/20163
http://secunia.com/advisories/20202
http://secunia.com/advisories/20338
SGI Security Advisory: 20040504-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
SGI Security Advisory: 20040505-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc
SuSE Security Announcement: SuSE-SA:2004:010 (Google Search)
http://www.novell.com/linux/security/advisories/2004_10_kernel.html
XForce ISS Database: linux-panic-bo(15953)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15953
Common Vulnerability Exposure (CVE) ID: CVE-2004-0427
BugTraq ID: 10221
http://www.securityfocus.com/bid/10221
Computer Incident Advisory Center Bulletin: O-164
http://www.ciac.org/ciac/bulletins/o-164.shtml
http://fedoranews.org/updates/FEDORA-2004-111.shtml
http://linux.bkbits.net:8080/linux-2.4/cset@407bf20eDeeejm8t36_tpvSE-8EFHA
http://linux.bkbits.net:8080/linux-2.6/cset@407b1217x4jtqEkpFW2g_-RcF0726A
http://marc.info/?l=linux-kernel&m=108139073506983&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10297
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2819
http://www.redhat.com/support/errata/RHSA-2004-255.html
http://www.redhat.com/support/errata/RHSA-2004-260.html
http://www.redhat.com/support/errata/RHSA-2004-327.html
http://secunia.com/advisories/11429
http://secunia.com/advisories/11464
http://secunia.com/advisories/11486
http://secunia.com/advisories/11541
http://secunia.com/advisories/11861
http://secunia.com/advisories/11891
http://secunia.com/advisories/11892
TurboLinux Advisory: TLSA-2004-14
http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
XForce ISS Database: linux-dofork-memory-leak(16002)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16002
Common Vulnerability Exposure (CVE) ID: CVE-2004-0109
BugTraq ID: 10141
http://www.securityfocus.com/bid/10141
Computer Incident Advisory Center Bulletin: O-121
http://www.ciac.org/ciac/bulletins/o-121.shtml
Computer Incident Advisory Center Bulletin: O-127
http://www.ciac.org/ciac/bulletins/o-127.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10733
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A940
http://www.redhat.com/support/errata/RHSA-2004-105.html
http://www.redhat.com/support/errata/RHSA-2004-106.html
http://www.redhat.com/support/errata/RHSA-2004-166.html
http://rhn.redhat.com/errata/RHSA-2004-166.html
http://www.redhat.com/support/errata/RHSA-2004-183.html
http://secunia.com/advisories/11361
http://secunia.com/advisories/11362
http://secunia.com/advisories/11373
http://secunia.com/advisories/11469
http://secunia.com/advisories/11470
http://secunia.com/advisories/11494
http://secunia.com/advisories/11518
http://secunia.com/advisories/11626
http://secunia.com/advisories/11986
http://secunia.com/advisories/12003
SGI Security Advisory: 20040405-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc
SuSE Security Announcement: SuSE-SA:2004:009 (Google Search)
http://www.novell.com/linux/security/advisories/2004_09_kernel.html
http://marc.info/?l=bugtraq&m=108213675028441&w=2
XForce ISS Database: linux-iso9660-bo(15866)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15866
Common Vulnerability Exposure (CVE) ID: CVE-2003-0984
BugTraq ID: 9154
http://www.securityfocus.com/bid/9154
Bugtraq: 20040112 SmoothWall Project Security Advisory SWP-2004:001 (Google Search)
http://marc.info/?l=bugtraq&m=107394143105081&w=2
Conectiva Linux advisory: CLA-2004:799
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
En Garde Linux Advisory: ESA-20040105-001
http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00000.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:001
http://www.osvdb.org/3317
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A859
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9406
http://www.redhat.com/support/errata/RHSA-2003-417.html
http://www.securitytracker.com/id?1008594
http://secunia.com/advisories/10533
http://secunia.com/advisories/10536
http://secunia.com/advisories/10537
http://secunia.com/advisories/10538
http://secunia.com/advisories/10555
http://secunia.com/advisories/10582
http://secunia.com/advisories/10583
SuSE Security Announcement: SuSE-SA:2003:049 (Google Search)
http://www.novell.com/linux/security/advisories/2003_049_kernel.html
XForce ISS Database: linux-rtc-memory-leak(13943)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13943
Common Vulnerability Exposure (CVE) ID: CVE-2004-0003
BugTraq ID: 9570
http://www.securityfocus.com/bid/9570
Computer Incident Advisory Center Bulletin: O-126
http://www.ciac.org/ciac/bulletins/o-126.shtml
Computer Incident Advisory Center Bulletin: O-145
http://www.ciac.org/ciac/bulletins/o-145.shtml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A834
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9204
http://www.redhat.com/support/errata/RHSA-2004-044.html
http://secunia.com/advisories/10782
http://secunia.com/advisories/10911
http://secunia.com/advisories/10912
http://secunia.com/advisories/11202
http://secunia.com/advisories/11369
http://secunia.com/advisories/11370
http://secunia.com/advisories/11376
http://secunia.com/advisories/12075
XForce ISS Database: linux-r128-gain-priviliges(15029)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15029
Common Vulnerability Exposure (CVE) ID: CVE-2004-0178
BugTraq ID: 9985
http://www.securityfocus.com/bid/9985
Computer Incident Advisory Center Bulletin: O-193
http://www.ciac.org/ciac/bulletins/o-193.shtml
http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9427
http://www.redhat.com/support/errata/RHSA-2004-413.html
http://www.redhat.com/support/errata/RHSA-2004-437.html
SGI Security Advisory: 20040804-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
XForce ISS Database: linux-sound-blaster-dos(15868)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15868
Common Vulnerability Exposure (CVE) ID: CVE-2004-0181
BugTraq ID: 10143
http://www.securityfocus.com/bid/10143
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10329
http://www.redhat.com/support/errata/RHSA-2004-504.html
http://www.redhat.com/support/errata/RHSA-2005-663.html
http://secunia.com/advisories/17002
http://www.vupen.com/english/advisories/2005/1878
XForce ISS Database: linux-jfs-info-disclosure(15902)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15902
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.