ID de Prueba:	1.3.6.1.4.1.25623.1.0.51036
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:183
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:183. The Linux kernel handles the basic functions of the operating system. iSEC Security Research discovered a flaw in the ip_setsockopt() function code of the Linux kernel versions 2.4.22 to 2.4.25 inclusive. This flaw also affects the 2.4.21 kernel in Red Hat Enterprise Linux 3 which contained a backported version of the affected code. A local user could use this flaw to gain root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0424 to this issue. iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that root privileges may be obtained if the filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0109 to this issue. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-183.html http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt http://www.idefense.com/application/poi/display?id=101 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0109 BugTraq ID: 10141 http://www.securityfocus.com/bid/10141 Computer Incident Advisory Center Bulletin: O-121 http://www.ciac.org/ciac/bulletins/o-121.shtml Computer Incident Advisory Center Bulletin: O-127 http://www.ciac.org/ciac/bulletins/o-127.shtml Conectiva Linux advisory: CLA-2004:846 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 Debian Security Information: DSA-479 (Google Search) http://www.debian.org/security/2004/dsa-479 Debian Security Information: DSA-480 (Google Search) http://www.debian.org/security/2004/dsa-480 Debian Security Information: DSA-481 (Google Search) http://www.debian.org/security/2004/dsa-481 Debian Security Information: DSA-482 (Google Search) http://www.debian.org/security/2004/dsa-482 Debian Security Information: DSA-489 (Google Search) http://www.debian.org/security/2004/dsa-489 Debian Security Information: DSA-491 (Google Search) http://www.debian.org/security/2004/dsa-491 Debian Security Information: DSA-495 (Google Search) http://www.debian.org/security/2004/dsa-495 En Garde Linux Advisory: ESA-20040428-004 http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html http://security.gentoo.org/glsa/glsa-200407-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:029 http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10733 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A940 http://www.redhat.com/support/errata/RHSA-2004-105.html http://www.redhat.com/support/errata/RHSA-2004-106.html RedHat Security Advisories: RHSA-2004:166 http://rhn.redhat.com/errata/RHSA-2004-166.html http://www.redhat.com/support/errata/RHSA-2004-183.html http://secunia.com/advisories/11361 http://secunia.com/advisories/11362 http://secunia.com/advisories/11373 http://secunia.com/advisories/11429 http://secunia.com/advisories/11464 http://secunia.com/advisories/11469 http://secunia.com/advisories/11470 http://secunia.com/advisories/11486 http://secunia.com/advisories/11494 http://secunia.com/advisories/11518 http://secunia.com/advisories/11626 http://secunia.com/advisories/11861 http://secunia.com/advisories/11891 http://secunia.com/advisories/11986 http://secunia.com/advisories/12003 SGI Security Advisory: 20040405-01-U ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc SGI Security Advisory: 20040504-01-U ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc SuSE Security Announcement: SuSE-SA:2004:009 (Google Search) http://www.novell.com/linux/security/advisories/2004_09_kernel.html http://marc.info/?l=bugtraq&m=108213675028441&w=2 TurboLinux Advisory: TLSA-2004-14 http://www.turbolinux.com/security/2004/TLSA-2004-14.txt XForce ISS Database: linux-iso9660-bo(15866) https://exchange.xforce.ibmcloud.com/vulnerabilities/15866 Common Vulnerability Exposure (CVE) ID: CVE-2004-0424 BugTraq ID: 10179 http://www.securityfocus.com/bid/10179 Bugtraq: 20040420 Linux kernel setsockopt MCAST_MSFILTER integer overflow (Google Search) http://marc.info/?l=bugtraq&m=108253171301153&w=2 Conectiva Linux advisory: CLA-2004:852 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 http://www.mandriva.com/security/advisories?name=MDKSA-2004:037 http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11214 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A939 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.659586 SuSE Security Announcement: SuSE-SA:2004:010 (Google Search) http://www.novell.com/linux/security/advisories/2004_10_kernel.html XForce ISS Database: linux-ipsetsockopt-integer-bo(15907) https://exchange.xforce.ibmcloud.com/vulnerabilities/15907
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.