English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 72151 Descripciones CVE y
38907 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.51352
Categoría:Conectiva Local Security Checks
Título:Conectiva Security Advisory CLA-2004:852
Resumen:Conectiva Security Advisory CLA-2004:852
Descripción:
The remote host is missing updates announced in
advisory CLA-2004:852.

The Linux kernel is responsible for handling the basic functions of
the GNU/Linux operating system.

This announcement fixes the following vulnerabilities:

1. Integer overflow in netfilter's tcp_find_option function
(CVE-2004-0626[1])

Adam Osuchowski and Tomasz Dubinski noticed[2] that when using
iptables and TCP options rules, the tcp_find_option function of the
netfilter subsystem in Linux kernel 2.6 allows remote attackers to
cause a denial of service via a large option length that produces a
negative integer after a casting operation to the char type. They
also provided the corretion for this bug.

2. Missing DAC check's in inode_change_ok function
(CVE-2004-0497[3])

Missing Discretionary Access Control (DAC) checks in chown system
call allowed a local user to change the group ownership of arbitrary
files to a group that he or she belongs to, leading to a privileges
escalation vulnerability.

3. Integer overflow in ip_setsockopt function (CVE-2004-0424[4])

iSEC Security Research published[5] an integer overflow
vulnerability[4] in the ip_setsockopt function on Linux kernel 2.6.1
through 2.6.3 which allows local users to cause a denial of service
condition or execute arbitrary code via the MCAST_MSFILTER socket
option.

4. Incorrect usage of the fb_copy_cmap function in framebuffer
(CVE-2004-0229[6])

The framebuffer driver in Linux kernel 2.6.x did not properly use the
fb_copy_cmap function, possibly allowing privileges escalation for
local attackers.

5. Integer overflow in the cpufreq proc handler (CVE-2004-0228[7])

Brad Spender found an integer overflow bug in the Linux kernel
cpufreq code that allowed a local attacker to read arbitrary kernel
memory.


Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0626
http://www.securityfocus.com/archive/1/367615/2004-06-27/2004-07-03/0
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0424
http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0228
http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html
http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:852
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : High
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0626
Bugtraq: 20040630 Remote DoS vulnerability in Linux kernel 2.6.x (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=108861141304495&w=2
Conectiva Linux advisory: CLA-2004:852
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852
http://lwn.net/Articles/91964/
http://www.gentoo.org/security/en/glsa/glsa-200407-12.xml
SuSE Security Announcement: SUSE-SA:2004:020 (Google Search)
http://www.novell.com/linux/security/advisories/2004_20_kernel.html
XForce ISS Database: linux-tcpfindoption-dos(16554)
http://xforce.iss.net/xforce/xfdb/16554
Common Vulnerability Exposure (CVE) ID: CVE-2004-0497
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066
http://www.redhat.com/support/errata/RHSA-2004-354.html
http://www.redhat.com/support/errata/RHSA-2004-360.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9867
XForce ISS Database: linux-fchown-groupid-modify(16599)
http://xforce.iss.net/xforce/xfdb/16599
Common Vulnerability Exposure (CVE) ID: CVE-2004-0424
http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt
Bugtraq: 20040420 Linux kernel setsockopt MCAST_MSFILTER integer overflow (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=108253171301153&w=2
http://www.redhat.com/support/errata/RHSA-2004-183.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:037
En Garde Linux Advisory: ESA-20040428-004
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.659586
SGI Security Advisory: 20040504-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc
SuSE Security Announcement: SuSE-SA:2004:010 (Google Search)
http://www.novell.com/linux/security/advisories/2004_10_kernel.html
BugTraq ID: 10179
http://www.securityfocus.com/bid/10179
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11214
XForce ISS Database: linux-ipsetsockopt-integer-bo(15907)
http://xforce.iss.net/xforce/xfdb/15907
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:939
Common Vulnerability Exposure (CVE) ID: CVE-2004-0229
http://security.gentoo.org/glsa/glsa-200407-02.xml
BugTraq ID: 10211
http://www.securityfocus.com/bid/10211
XForce ISS Database: linux-framebuffer(15974)
http://xforce.iss.net/xforce/xfdb/15974
Common Vulnerability Exposure (CVE) ID: CVE-2004-0228
http://fedoranews.org/updates/FEDORA-2004-111.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:050
http://secunia.com/advisories/11429
http://secunia.com/advisories/11464
http://secunia.com/advisories/11486
http://secunia.com/advisories/11491
http://secunia.com/advisories/11683
XForce ISS Database: linux-cpufreq-info-disclosure(15951)
http://xforce.iss.net/xforce/xfdb/15951
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 38907 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.