Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51268
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2005:017
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2005:017.

The Linux kernel handles the basic functions of the operating system.

This advisory includes fixes for the following security issues:

iSEC Security Research discovered a VMA handling flaw in the uselib(2)
system call of the Linux kernel. A local user could make use of this
flaw to gain elevated (root) privileges. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-1235 to
this issue.

iSEC Security Research discovered a flaw in the page fault handler code
that could lead to local users gaining elevated (root) privileges on
multiprocessor machines. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0001 to this issue.

A flaw was discovered where an executable could cause a VMA overlap leading
to a crash. On Itanium systems, a local user could trigger this flaw by
creating a carefully crafted ELF binary. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-0003 to
this issue.

iSEC Security Research and Georgi Guninski independently discovered a flaw
in the scm_send function in the auxiliary message layer. A local user
could create a carefully crafted auxiliary message which could cause a
denial of service (system hang). The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-1016 to this issue.

Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to
2.4.26. A local user could create a carefully crafted binary in such a
way that it would cause a denial of service (system crash). The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-1234 to this issue.

These packages also fix issues in the io_edgeport driver (CVE-2004-1017), a
memory leak in ip_options_get (CVE-2004-1335), and missing VM_IO
flags in some drivers (CVE-2004-1057).

Olaf Kirch discovered that the recent security fixes for cmsg_len handling
(CVE-2004-1016) broke 32-bit compatibility on 64-bit platforms. A patch to
correct this issue is included.

A recent Internet Draft by Fernando Gont recommended that ICMP Source
Quench messages be ignored by hosts. A patch to ignore these messages is
included.

All Red Hat Enterprise Linux 2.1 users running Itanium are advised to
upgrade their kernels to the packages listed in this erratum.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-017.html
http://marc.theaimsgroup.com/?m=109503896031720
http://www.isec.pl/vulnerabilities/isec-0019-scm.txt
http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt
http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-1016
BugTraq ID: 11921
http://www.securityfocus.com/bid/11921
Debian Security Information: DSA-1067 (Google Search)
http://www.debian.org/security/2006/dsa-1067
Debian Security Information: DSA-1069 (Google Search)
http://www.debian.org/security/2006/dsa-1069
Debian Security Information: DSA-1070 (Google Search)
http://www.debian.org/security/2006/dsa-1070
Debian Security Information: DSA-1082 (Google Search)
http://www.debian.org/security/2006/dsa-1082
https://bugzilla.fedora.us/show_bug.cgi?id=2336
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
http://isec.pl/vulnerabilities/isec-0019-scm.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11816
http://www.redhat.com/support/errata/RHSA-2004-689.html
http://www.redhat.com/support/errata/RHSA-2005-016.html
http://www.redhat.com/support/errata/RHSA-2005-017.html
http://secunia.com/advisories/20162
http://secunia.com/advisories/20163
http://secunia.com/advisories/20202
http://secunia.com/advisories/20338
SuSE Security Announcement: SUSE-SA:2004:044 (Google Search)
http://www.novell.com/linux/security/advisories/2004_44_kernel.html
https://www.ubuntu.com/usn/usn-38-1/
XForce ISS Database: linux-scmsend-dos(18483)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18483
Common Vulnerability Exposure (CVE) ID: CVE-2004-1017
BugTraq ID: 12102
http://www.securityfocus.com/bid/12102
Debian Security Information: DSA-1017 (Google Search)
http://www.debian.org/security/2006/dsa-1017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9786
http://secunia.com/advisories/19374
XForce ISS Database: linux-ioedgeport-bo(18433)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18433
Common Vulnerability Exposure (CVE) ID: CVE-2004-1057
BugTraq ID: 12338
http://www.securityfocus.com/bid/12338
http://www.kernel.org/pub/linux/kernel/people/andrea/kernels/v2.4/2.4.23aa3/00_VM_IO-4
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11474
http://www.redhat.com/support/errata/RHSA-2006-0140.html
http://secunia.com/advisories/18562
XForce ISS Database: linux-kernel-vmio-dos(19275)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19275
Common Vulnerability Exposure (CVE) ID: CVE-2004-1234
BugTraq ID: 12101
http://www.securityfocus.com/bid/12101
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10608
XForce ISS Database: linux-loadelfbinary-dos(18687)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18687
Common Vulnerability Exposure (CVE) ID: CVE-2004-1235
BugTraq ID: 12190
http://www.securityfocus.com/bid/12190
Bugtraq: 20050107 Linux kernel sys_uselib local root vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110512575901427&w=2
Conectiva Linux advisory: CLA-2005:930
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
http://www.securityfocus.com/advisories/7806
http://www.securityfocus.com/advisories/7805
http://isec.pl/vulnerabilities/isec-0021-uselib.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9567
http://www.redhat.com/support/errata/RHSA-2005-043.html
http://www.redhat.com/support/errata/RHSA-2005-092.html
SuSE Security Announcement: SUSE-SR:2005:001 (Google Search)
http://www.novell.com/linux/security/advisories/2005_01_sr.html
http://www.trustix.org/errata/2005/0001/
XForce ISS Database: linux-uselib-gain-privileges(18800)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18800
Common Vulnerability Exposure (CVE) ID: CVE-2004-1335
BugTraq ID: 11956
http://www.securityfocus.com/bid/11956
Bugtraq: 20041215 [USN-47-1] Linux kernel vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110383108211524&w=2
http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html
http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11085
XForce ISS Database: linux-ipoptionsget-memory-leak(18524)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18524
Common Vulnerability Exposure (CVE) ID: CVE-2005-0001
BugTraq ID: 12244
http://www.securityfocus.com/bid/12244
Bugtraq: 20050112 Linux kernel i386 SMP page fault handler privilege escalation (Google Search)
http://marc.info/?l=bugtraq&m=110554694522719&w=2
Bugtraq: 20050114 [USN-60-0] Linux kernel vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110581146702951&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html
http://isec.pl/vulnerabilities/isec-0022-pagefault.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10322
http://securitytracker.com/id?1012862
http://secunia.com/advisories/13822
XForce ISS Database: linux-fault-handler-gain-privileges(18849)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18849
Common Vulnerability Exposure (CVE) ID: CVE-2005-0003
BugTraq ID: 12261
http://www.securityfocus.com/bid/12261
http://linux.bkbits.net:8080/linux-2.6/cset@41a6721cce-LoPqkzKXudYby_3TUmg
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9512
http://securitytracker.com/id?1012885
SuSE Security Announcement: SUSE-SA:2005:018 (Google Search)
http://www.novell.com/linux/security/advisories/2005_18_kernel.html
XForce ISS Database: linux-vma-gain-privileges(18886)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18886
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.