ID de Prueba:	1.3.6.1.4.1.25623.1.0.51085
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:069
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:069. The Linux kernel handles the basic functions of the operating system. Paul Starzetz discovered a flaw in return value checking in mremap() in the Linux kernel versions 2.4.24 and previous that may allow a local attacker to gain root privileges. No exploit is currently available however this issue is exploitable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0077 to this issue. Arjan van de Ven discovered a flaw in ncp_lookup() in ncpfs that could allow local privilege escalation. ncpfs is only used to allow a system to mount volumes of NetWare servers or print to NetWare printers. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0010 to this issue. All users are advised to upgrade to these errata packages, which contain backported security patches that correct these issues. Red Hat would like to thank Paul Starzetz from ISEC for reporting this issue CVE-2004-0077. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-069.html Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0010 BugTraq ID: 9691 http://www.securityfocus.com/bid/9691 Computer Incident Advisory Center Bulletin: O-082 http://www.ciac.org/ciac/bulletins/o-082.shtml Conectiva Linux advisory: CLA-2004:820 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820 Debian Security Information: DSA-479 (Google Search) http://www.debian.org/security/2004/dsa-479 Debian Security Information: DSA-480 (Google Search) http://www.debian.org/security/2004/dsa-480 Debian Security Information: DSA-481 (Google Search) http://www.debian.org/security/2004/dsa-481 Debian Security Information: DSA-482 (Google Search) http://www.debian.org/security/2004/dsa-482 Debian Security Information: DSA-489 (Google Search) http://www.debian.org/security/2004/dsa-489 Debian Security Information: DSA-491 (Google Search) http://www.debian.org/security/2004/dsa-491 Debian Security Information: DSA-495 (Google Search) http://www.debian.org/security/2004/dsa-495 http://fedoranews.org/updates/FEDORA-2004-079.shtml http://www.mandriva.com/security/advisories?name=MDKSA-2004:015 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11388 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A835 http://www.redhat.com/support/errata/RHSA-2004-065.html http://www.redhat.com/support/errata/RHSA-2004-069.html http://www.redhat.com/support/errata/RHSA-2004-188.html SuSE Security Announcement: SuSE-SA:2004:005 (Google Search) http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html TurboLinux Advisory: TLSA-2004-05 http://www.securityfocus.com/advisories/6759 XForce ISS Database: linux-ncplookup-gain-privileges(15250) https://exchange.xforce.ibmcloud.com/vulnerabilities/15250 Common Vulnerability Exposure (CVE) ID: CVE-2004-0077 BugTraq ID: 9686 http://www.securityfocus.com/bid/9686 Bugtraq: 20040218 Second critical mremap() bug found in all Linux kernels (Google Search) http://marc.info/?l=bugtraq&m=107711762014175&w=2 CERT/CC vulnerability note: VU#981222 http://www.kb.cert.org/vuls/id/981222 Debian Security Information: DSA-438 (Google Search) http://www.debian.org/security/2004/dsa-438 Debian Security Information: DSA-439 (Google Search) http://www.debian.org/security/2004/dsa-439 Debian Security Information: DSA-440 (Google Search) http://www.debian.org/security/2004/dsa-440 Debian Security Information: DSA-441 (Google Search) http://www.debian.org/security/2004/dsa-441 Debian Security Information: DSA-442 (Google Search) http://www.debian.org/security/2004/dsa-442 Debian Security Information: DSA-444 (Google Search) http://www.debian.org/security/2004/dsa-444 Debian Security Information: DSA-450 (Google Search) http://www.debian.org/security/2004/dsa-450 Debian Security Information: DSA-453 (Google Search) http://www.debian.org/security/2004/dsa-453 Debian Security Information: DSA-454 (Google Search) http://www.debian.org/security/2004/dsa-454 Debian Security Information: DSA-456 (Google Search) http://www.debian.org/security/2004/dsa-456 Debian Security Information: DSA-466 (Google Search) http://www.debian.org/security/2004/dsa-466 Debian Security Information: DSA-470 (Google Search) http://www.debian.org/security/2004/dsa-470 Debian Security Information: DSA-475 (Google Search) http://www.debian.org/security/2004/dsa-475 Debian Security Information: DSA-514 (Google Search) http://www.debian.org/security/2004/dsa-514 http://security.gentoo.org/glsa/glsa-200403-02.xml http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015 http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt http://www.osvdb.org/3986 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A825 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A837 http://www.redhat.com/support/errata/RHSA-2004-066.html http://www.redhat.com/support/errata/RHSA-2004-106.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734 http://marc.info/?l=bugtraq&m=107712137732553&w=2 http://marc.info/?l=bugtraq&m=107755871932680&w=2 TurboLinux Advisory: TLSA-2004-7 http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html XForce ISS Database: linux-mremap-gain-privileges(15244) https://exchange.xforce.ibmcloud.com/vulnerabilities/15244
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.