Red Hat Local Security Checks : RedHat Security Advisory RHSA-2004:017

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51098

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2004:017

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2004:017.

The Linux kernel handles the basic functions of the operating
system.

This is the first regular kernel update for Red Hat Enterprise
Linux version 3. It contains a new critical security fix, many
other bug fixes, several device driver updates, and numerous
performance and scalability enhancements.

On AMD64 systems, a fix was made to the eflags checking in
32-bit ptrace emulation that could have allowed local users
to elevate their privileges. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name
CVE-2004-0001 to this issue.

Other bug fixes were made in the following kernel areas:
VM, NPTL, IPC, kernel timer, ext3, NFS, netdump, SCSI,
ACPI, several device drivers, and machine-dependent
support for the x86_64, ppc64, and s390 architectures.

The VM subsystem was improved to better handle extreme
loads and resource contention (such as might occur during
heavy database application usage). This has resulted in
a significantly reduced possibility of hangs, OOM kills,
and low-mem exhaustion.

Several NPTL fixes were made to resolve POSIX compliance
issues concerning process IDs and thread IDs. A section
in the Release Notes elaborates on a related issue with
file record locking in multi-threaded applications.

AMD64 kernels are now configured with NUMA support,
S390 kernels now have CONFIG_BLK_STATS enabled, and
DMA capability was restored in the IA64 agpgart driver.

The following drivers have been upgraded to new versions:

cmpci ------ 6.36
e100 ------- 2.3.30-k1
e1000 ------ 5.2.20-k1
ips -------- 6.10.52
megaraid --- v1.18k
megaraid2 -- v2.00.9

All Red Hat Enterprise Linux 3 users are advised to upgrade
their kernels to the packages associated with their machine
architectures and configurations as listed in this erratum.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2004-017.html

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: BugTraq ID: 9429
Common Vulnerability Exposure (CVE) ID: CVE-2004-0001
http://www.securityfocus.com/bid/9429
CERT/CC vulnerability note: VU#337238
http://www.kb.cert.org/vuls/id/337238
http://security.gentoo.org/glsa/glsa-200402-06.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A868
http://www.redhat.com/support/errata/RHSA-2004-017.html
XForce ISS Database: linux-ptrace-gain-privilege(14888)
https://exchange.xforce.ibmcloud.com/vulnerabilities/14888

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51098
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:017
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:017. The Linux kernel handles the basic functions of the operating system. This is the first regular kernel update for Red Hat Enterprise Linux version 3. It contains a new critical security fix, many other bug fixes, several device driver updates, and numerous performance and scalability enhancements. On AMD64 systems, a fix was made to the eflags checking in 32-bit ptrace emulation that could have allowed local users to elevate their privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0001 to this issue. Other bug fixes were made in the following kernel areas: VM, NPTL, IPC, kernel timer, ext3, NFS, netdump, SCSI, ACPI, several device drivers, and machine-dependent support for the x86_64, ppc64, and s390 architectures. The VM subsystem was improved to better handle extreme loads and resource contention (such as might occur during heavy database application usage). This has resulted in a significantly reduced possibility of hangs, OOM kills, and low-mem exhaustion. Several NPTL fixes were made to resolve POSIX compliance issues concerning process IDs and thread IDs. A section in the Release Notes elaborates on a related issue with file record locking in multi-threaded applications. AMD64 kernels are now configured with NUMA support, S390 kernels now have CONFIG_BLK_STATS enabled, and DMA capability was restored in the IA64 agpgart driver. The following drivers have been upgraded to new versions: cmpci ------ 6.36 e100 ------- 2.3.30-k1 e1000 ------ 5.2.20-k1 ips -------- 6.10.52 megaraid --- v1.18k megaraid2 -- v2.00.9 All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-017.html Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	BugTraq ID: 9429 Common Vulnerability Exposure (CVE) ID: CVE-2004-0001 http://www.securityfocus.com/bid/9429 CERT/CC vulnerability note: VU#337238 http://www.kb.cert.org/vuls/id/337238 http://security.gentoo.org/glsa/glsa-200402-06.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A868 http://www.redhat.com/support/errata/RHSA-2004-017.html XForce ISS Database: linux-ptrace-gain-privilege(14888) https://exchange.xforce.ibmcloud.com/vulnerabilities/14888
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com