English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 76783 Descripciones CVE y
40246 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.50517
Categoría:Mandrake Local Security Checks
Título:Mandrake Security Advisory MDKSA-2004:037 (kernel)
Resumen:Mandrake Security Advisory MDKSA-2004:037 (kernel)
Descripción:
The remote host is missing an update to kernel
announced via advisory MDKSA-2004:037.

A vulnerability was found in the framebuffer driver of the 2.6 kernel.
This is due to incorrect use of the fb_copy_cmap function. (CVE-2004-0229)

A vulnerability has been found in the Linux kernel in the ip_setsockopt()
function code. There is an exploitable integer overflow inside the code
handling the MCAST_MSFILTER socket option in the IP_MSFILTER_SIZE macro
calculation. This issue is present in both 2.4 (2.4.25) and 2.6 kernels.
(CVE-2004-0424)

There is a minor issue with the static buffer in 2.4 kernel's panic()
function. Although it's a possibly buffer overflow, it most like not
exploitable due to the nature of panic(). (CVE-2004-0394)

In do_fork(), if an error occurs after the mm_struct for the child has
been allocated, it is never freed. The exit_mm() meant to free it
increments the mm_count and this count is never decremented. (For a
running process that is exitting, schedule() takes care this
however,
the child process being cleaned up is not running.) In the CLONE_VM
case, the parent's mm_struct will get an extra mm_count and so it will
never be freed. This issue is present in both 2.4 and 2.6 kernels.

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located at:

http://www.mandrakesecure.net/en/kernelupdate.php

Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2


Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0424

Risk factor : High
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0229
Conectiva Linux advisory: CLA-2004:852
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
http://security.gentoo.org/glsa/glsa-200407-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:037
SuSE Security Announcement: SuSE-SA:2004:010 (Google Search)
http://www.novell.com/linux/security/advisories/2004_10_kernel.html
BugTraq ID: 10211
http://www.securityfocus.com/bid/10211
XForce ISS Database: linux-framebuffer(15974)
http://xforce.iss.net/xforce/xfdb/15974
Common Vulnerability Exposure (CVE) ID: CVE-2004-0424
http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt
Bugtraq: 20040420 Linux kernel setsockopt MCAST_MSFILTER integer overflow (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=108253171301153&w=2
http://www.redhat.com/support/errata/RHSA-2004-183.html
En Garde Linux Advisory: ESA-20040428-004
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.659586
SGI Security Advisory: 20040504-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
BugTraq ID: 10179
http://www.securityfocus.com/bid/10179
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11214
XForce ISS Database: linux-ipsetsockopt-integer-bo(15907)
http://xforce.iss.net/xforce/xfdb/15907
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:939
Common Vulnerability Exposure (CVE) ID: CVE-2004-0394
Conectiva Linux advisory: CLA-2004:846
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
Debian Security Information: DSA-1070 (Google Search)
http://www.debian.org/security/2006/dsa-1070
Debian Security Information: DSA-1067 (Google Search)
http://www.debian.org/security/2006/dsa-1067
Debian Security Information: DSA-1069 (Google Search)
http://www.debian.org/security/2006/dsa-1069
Debian Security Information: DSA-1082 (Google Search)
http://www.debian.org/security/2006/dsa-1082
http://lwn.net/Articles/81773/
SGI Security Advisory: 20040505-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc
BugTraq ID: 10233
http://www.securityfocus.com/bid/10233
http://secunia.com/advisories/20162
http://secunia.com/advisories/20163
http://secunia.com/advisories/20202
http://secunia.com/advisories/20338
XForce ISS Database: linux-panic-bo(15953)
http://xforce.iss.net/xforce/xfdb/15953
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 40246 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.