Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.51489
Kategorie:Conectiva Local Security Checks
Titel:Conectiva Security Advisory CLA-2003:796
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory CLA-2003:796.

The Linux kernel is responsible for handling the basic functions of
the GNU/Linux operating system.

A vulnerability in the do_brk() function allows local attackers to
obtain root privileges. Exploits for this vulnerability have already
been published.

Additionally, the following vulnerabilities have been fixed in a
previous kernel release which was available on the ftp server but
lacked an official announcement:

- CVE-2003-0550[2] and CVE-2003-0551[3]: fixes for the STP protocol
- CVE-2003-0501[4]: fix for /proc/information disclosure
- CVE-2003-0464[5]: fix for RPC code (affects only CL9)
- CVE-2003-0476[6]: fix for the execve system call which could allow
local users to gain access to restricted file descriptors

Specific for Conectiva Linux 8 (already fixed in a previous
announcement for CL9[7]):
- CVE-2003-0619[8]: fix for XDR code
- CVE-2003-0246[9]: ioperm fix
- CVE-2003-0248[10]: mxcsr fix
- CVE-2003-0364[11]: TCP/IP fragments denial of service
- CVE-2003-0244[12]: denial of service in routing table
- CVE-2003-0247[13]: denial of service in the TTY layer

Starting with this update, Conectiva Linux 9 has support for the PPTP
protocol, which also requires an update for the iptables package.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0476
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000701&idioma=en
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0247
http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:796
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : Critical

CVSS Score:
10.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2003-0550
Debian Security Information: DSA-358 (Google Search)
http://www.debian.org/security/2004/dsa-358
Debian Security Information: DSA-423 (Google Search)
http://www.debian.org/security/2004/dsa-423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A380
http://www.redhat.com/support/errata/RHSA-2003-238.html
http://www.redhat.com/support/errata/RHSA-2003-239.html
Common Vulnerability Exposure (CVE) ID: CVE-2003-0551
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A384
http://www.redhat.com/support/errata/RHSA-2003-198.html
Common Vulnerability Exposure (CVE) ID: CVE-2003-0501
Bugtraq: 20030620 Linux /proc sensitive information disclosure (Google Search)
http://marc.info/?l=bugtraq&m=105621758104242
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A328
SuSE Security Announcement: SuSE-SA:2003:034 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2003-0464
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A311
Common Vulnerability Exposure (CVE) ID: CVE-2003-0476
Bugtraq: 20030626 Linux 2.4.x execve() file read race vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=105664924024009&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327
http://www.redhat.com/support/errata/RHSA-2003-368.html
http://www.redhat.com/support/errata/RHSA-2003-408.html
Common Vulnerability Exposure (CVE) ID: CVE-2003-0619
Bugtraq: 20030729 Remote Linux Kernel < 2.4.21 DoS in XDR routine. (Google Search)
http://marc.info/?l=bugtraq&m=105950927708272&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A386
Common Vulnerability Exposure (CVE) ID: CVE-2003-0246
Debian Security Information: DSA-311 (Google Search)
http://www.debian.org/security/2003/dsa-311
Debian Security Information: DSA-312 (Google Search)
http://www.debian.org/security/2003/dsa-312
Debian Security Information: DSA-332 (Google Search)
http://www.debian.org/security/2003/dsa-332
Debian Security Information: DSA-336 (Google Search)
http://www.debian.org/security/2003/dsa-336
Debian Security Information: DSA-442 (Google Search)
http://www.debian.org/security/2004/dsa-442
En Garde Linux Advisory: ESA-20030515-017
http://marc.info/?l=bugtraq&m=105301461726555&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A278
http://www.redhat.com/support/errata/RHSA-2003-147.html
http://www.redhat.com/support/errata/RHSA-2003-172.html
TurboLinux Advisory: TLSA-2003-41
http://www.turbolinux.com/security/TLSA-2003-41.txt
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html
Common Vulnerability Exposure (CVE) ID: CVE-2003-0248
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A292
http://www.redhat.com/support/errata/RHSA-2003-187.html
http://www.redhat.com/support/errata/RHSA-2003-195.html
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.