ID de Prueba:	1.3.6.1.4.1.25623.1.0.51347
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:845
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:845. The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. This announcement fixes the following vulnerabilities: 1. Local denial of service vulnerability (CVE-2004-0554[1]) Stian Skjelstad found[2] a vulnerability[1] in the fpu controller code that can be used by local attackers to cause a denial of service (DoS) on the system. 2. Local memory disclosure vulnerability (CVE-2004-0535[3]) Chris Wright found a vulnerability[3] in the Intel(R) PRO/1000 ethernet card driver that could allow a local attacker to read some bytes of kernel memory. 3. Sparse vulnerabilities (CVE-2004-0495[4]) Al Viro, by using Sparse[5] (a code inspection tool), found several vulnerabilities which, in the worst case, might allow local attackers to obtain root privileges. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0554 http://marc.theaimsgroup.com/?l=linux-kernel&m=108681568931323&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0535 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0495 http://sparse.bkbits.net:8080/sparse/ http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:845 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0554 BugTraq ID: 10538 http://www.securityfocus.com/bid/10538 Bugtraq: 20040620 TSSA-2004-011 - kernel (Google Search) http://marc.info/?l=bugtraq&m=108786114032681&w=2 CERT/CC vulnerability note: VU#973654 http://www.kb.cert.org/vuls/id/973654 Conectiva Linux advisory: CLA-2004:845 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 Debian Security Information: DSA-1067 (Google Search) http://www.debian.org/security/2006/dsa-1067 Debian Security Information: DSA-1069 (Google Search) http://www.debian.org/security/2006/dsa-1069 Debian Security Information: DSA-1070 (Google Search) http://www.debian.org/security/2006/dsa-1070 Debian Security Information: DSA-1082 (Google Search) http://www.debian.org/security/2006/dsa-1082 En Garde Linux Advisory: ESA-20040621-005 http://marc.info/?l=bugtraq&m=108793699910896&w=2 http://lwn.net/Articles/91155/ http://security.gentoo.org/glsa/glsa-200407-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:062 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=15905 http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html http://marc.info/?l=linux-kernel&m=108681568931323&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2915 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9426 http://www.redhat.com/support/errata/RHSA-2004-255.html http://www.redhat.com/support/errata/RHSA-2004-260.html http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 SuSE Security Announcement: SuSE-SA:2004:017 (Google Search) http://www.novell.com/linux/security/advisories/2004_17_kernel.html http://www.trustix.net/errata/2004/0034/ XForce ISS Database: linux-dos(16412) https://exchange.xforce.ibmcloud.com/vulnerabilities/16412 Common Vulnerability Exposure (CVE) ID: CVE-2004-0535 BugTraq ID: 10352 http://www.securityfocus.com/bid/10352 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11136 http://www.redhat.com/support/errata/RHSA-2004-413.html http://www.redhat.com/support/errata/RHSA-2004-418.html SGI Security Advisory: 20040804-01-U ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc SuSE Security Announcement: SUSE-SA:2004:020 (Google Search) http://www.novell.com/linux/security/advisories/2004_20_kernel.html XForce ISS Database: linux-e1000-bo(16159) https://exchange.xforce.ibmcloud.com/vulnerabilities/16159 Common Vulnerability Exposure (CVE) ID: CVE-2004-0495 BugTraq ID: 10566 http://www.securityfocus.com/bid/10566 Conectiva Linux advisory: CLA-2004:846 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2961 XForce ISS Database: linux-drivers-gain-privileges(16449) https://exchange.xforce.ibmcloud.com/vulnerabilities/16449
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.