Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.53176
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 479-2 (kernel-image-2.4.18-1-i386)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to kernel-image-2.4.18-1-i386
announced via advisory DSA 479-2.

Several serious problems have been discovered in the Linux kernel.
This update takes care of Linux 2.4.18 for the i386 architecture.
This advisory replaces the i386 part of DSA 479-1 (except for the
i386bf part). An unfortunate build error caused some of the kernel
packages in DSA 479-1 to be broken. They are updated with this
advisory. For completeness below is the original advisory text:

The Common Vulnerabilities and Exposures project identifies the
following problems that will be fixed with this update:

CVE-2004-0003

A vulnerability has been discovered in the R128 drive in the Linux
kernel which could potentially lead an attacker to gain
unauthorised privileges. Alan Cox and Thomas Biege developed a
correction for this

CVE-2004-0010

Arjan van de Ven discovered a stack-based buffer overflow in the
ncp_lookup function for ncpfs in the Linux kernel, which could
lead an attacker to gain unauthorised privileges. Petr Vandrovec
developed a correction for this.

CVE-2004-0109

zen-parse discovered a buffer overflow vulnerability in the
ISO9660 filesystem component of Linux kernel which could be abused
by an attacker to gain unauthorised root access. Sebastian
Krahmer and Ernie Petrides developed a correction for this.

CVE-2004-0177

Solar Designer discovered an information leak in the ext3 code of
Linux. In a worst case an attacker could read sensitive data such
as cryptographic keys which would otherwise never hit disk media.
Theodore Ts'o developed a correction for this.

CVE-2004-0178

Andreas Kies discovered a denial of service condition in the Sound
Blaster driver in Linux. He also developed a correction.

These problems will also be fixed by upstream in Linux 2.4.26 and
future versions of 2.6.

The following security matrix explains which kernel versions for which
architecture are already fixed. Kernel images in the unstable Debian
distribution (sid) will be fixed soon.

Architecture stable (woody) unstable (sid) removed in sid
source 2.4.18-14.3 2.4.25-3 --
alpha 2.4.18-15 soon --
i386 2.4.18-13.1 soon --
i386bf 2.4.18-5woody8 soon --
powerpc 2.4.18-1woody5 2.4.25-8 2.4.22

We recommend that you upgrade your kernel packages immediately, either


Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20479-2

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0003
BugTraq ID: 9570
http://www.securityfocus.com/bid/9570
Computer Incident Advisory Center Bulletin: O-082
http://www.ciac.org/ciac/bulletins/o-082.shtml
Computer Incident Advisory Center Bulletin: O-121
http://www.ciac.org/ciac/bulletins/o-121.shtml
Computer Incident Advisory Center Bulletin: O-126
http://www.ciac.org/ciac/bulletins/o-126.shtml
Computer Incident Advisory Center Bulletin: O-127
http://www.ciac.org/ciac/bulletins/o-127.shtml
Computer Incident Advisory Center Bulletin: O-145
http://www.ciac.org/ciac/bulletins/o-145.shtml
Debian Security Information: DSA-479 (Google Search)
http://www.debian.org/security/2004/dsa-479
Debian Security Information: DSA-480 (Google Search)
http://www.debian.org/security/2004/dsa-480
Debian Security Information: DSA-481 (Google Search)
http://www.debian.org/security/2004/dsa-481
Debian Security Information: DSA-482 (Google Search)
http://www.debian.org/security/2004/dsa-482
Debian Security Information: DSA-489 (Google Search)
http://www.debian.org/security/2004/dsa-489
Debian Security Information: DSA-491 (Google Search)
http://www.debian.org/security/2004/dsa-491
Debian Security Information: DSA-495 (Google Search)
http://www.debian.org/security/2004/dsa-495
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A834
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9204
http://www.redhat.com/support/errata/RHSA-2004-044.html
http://www.redhat.com/support/errata/RHSA-2004-065.html
http://www.redhat.com/support/errata/RHSA-2004-106.html
RedHat Security Advisories: RHSA-2004:166
http://secunia.com/advisories/10782
http://secunia.com/advisories/10911
http://secunia.com/advisories/10912
http://secunia.com/advisories/11202
http://secunia.com/advisories/11361
http://secunia.com/advisories/11362
http://secunia.com/advisories/11369
http://secunia.com/advisories/11370
http://secunia.com/advisories/11376
http://secunia.com/advisories/11464
http://secunia.com/advisories/11891
http://secunia.com/advisories/12075
SuSE Security Announcement: SuSE-SA:2004:005 (Google Search)
http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
TurboLinux Advisory: TLSA-2004-14
http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
XForce ISS Database: linux-r128-gain-priviliges(15029)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15029
Common Vulnerability Exposure (CVE) ID: CVE-2004-0010
BugTraq ID: 9691
http://www.securityfocus.com/bid/9691
Conectiva Linux advisory: CLA-2004:820
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
http://fedoranews.org/updates/FEDORA-2004-079.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1035
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11388
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A835
http://www.redhat.com/support/errata/RHSA-2004-069.html
http://www.redhat.com/support/errata/RHSA-2004-188.html
TurboLinux Advisory: TLSA-2004-05
http://www.securityfocus.com/advisories/6759
XForce ISS Database: linux-ncplookup-gain-privileges(15250)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15250
Common Vulnerability Exposure (CVE) ID: CVE-2004-0109
BugTraq ID: 10141
http://www.securityfocus.com/bid/10141
Conectiva Linux advisory: CLA-2004:846
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
En Garde Linux Advisory: ESA-20040428-004
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
http://security.gentoo.org/glsa/glsa-200407-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10733
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A940
http://www.redhat.com/support/errata/RHSA-2004-105.html
http://rhn.redhat.com/errata/RHSA-2004-166.html
http://www.redhat.com/support/errata/RHSA-2004-183.html
http://secunia.com/advisories/11373
http://secunia.com/advisories/11429
http://secunia.com/advisories/11469
http://secunia.com/advisories/11470
http://secunia.com/advisories/11486
http://secunia.com/advisories/11494
http://secunia.com/advisories/11518
http://secunia.com/advisories/11626
http://secunia.com/advisories/11861
http://secunia.com/advisories/11986
http://secunia.com/advisories/12003
SGI Security Advisory: 20040405-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc
SGI Security Advisory: 20040504-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
SuSE Security Announcement: SuSE-SA:2004:009 (Google Search)
http://www.novell.com/linux/security/advisories/2004_09_kernel.html
http://marc.info/?l=bugtraq&m=108213675028441&w=2
XForce ISS Database: linux-iso9660-bo(15866)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15866
Common Vulnerability Exposure (CVE) ID: CVE-2004-0177
BugTraq ID: 10152
http://www.securityfocus.com/bid/10152
https://bugzilla.fedora.us/show_bug.cgi?id=2336
http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556
http://www.redhat.com/support/errata/RHSA-2004-504.html
http://www.redhat.com/support/errata/RHSA-2004-505.html
http://www.redhat.com/support/errata/RHSA-2005-293.html
XForce ISS Database: linux-ext3-info-disclosure(15867)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15867
Common Vulnerability Exposure (CVE) ID: CVE-2004-0178
BugTraq ID: 9985
http://www.securityfocus.com/bid/9985
Computer Incident Advisory Center Bulletin: O-193
http://www.ciac.org/ciac/bulletins/o-193.shtml
http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9427
http://www.redhat.com/support/errata/RHSA-2004-413.html
http://www.redhat.com/support/errata/RHSA-2004-437.html
SGI Security Advisory: 20040804-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
XForce ISS Database: linux-sound-blaster-dos(15868)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15868
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.