ID de Prueba:	1.3.6.1.4.1.25623.1.0.51405
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:618
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:618. The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. Alan Cox published[4] a vulnerability[1] in the linux kernel found by Andrzej Szombierski that could be used by a local attacker to obtain root privileges. When a process requires a feature that a certain kernel module provides, the kernel will spawn a child process, give it root privileges and call /sbin/modprobe to load that module. A local attacker can create such a process, make it request a kernel module and wait for the child process to be spawned. Before the privilege change, the attacker can attach to this child process and insert code that will later be run with root privileges. The Common Vulnerabilities and Exposures project has assigned the name CVE-2003-0127[1] to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0127 http://distro.conectiva.com.br/atualizacoes/ http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:618 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0127 Caldera Security Advisory: CSSA-2003-020.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt CERT/CC vulnerability note: VU#628849 http://www.kb.cert.org/vuls/id/628849 Debian Security Information: DSA-270 (Google Search) http://www.debian.org/security/2003/dsa-270 Debian Security Information: DSA-276 (Google Search) http://www.debian.org/security/2003/dsa-276 Debian Security Information: DSA-311 (Google Search) http://www.debian.org/security/2003/dsa-311 Debian Security Information: DSA-312 (Google Search) http://www.debian.org/security/2003/dsa-312 Debian Security Information: DSA-332 (Google Search) http://www.debian.org/security/2003/dsa-332 Debian Security Information: DSA-336 (Google Search) http://www.debian.org/security/2003/dsa-336 Debian Security Information: DSA-423 (Google Search) http://www.debian.org/security/2004/dsa-423 Debian Security Information: DSA-495 (Google Search) http://www.debian.org/security/2004/dsa-495 En Garde Linux Advisory: ESA-20030318-009 En Garde Linux Advisory: ESA-20030515-017 http://marc.info/?l=bugtraq&m=105301461726555&w=2 http://security.gentoo.org/glsa/glsa-200303-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2003:038 http://www.mandriva.com/security/advisories?name=MDKSA-2003:039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A254 RedHat Security Advisories: RHSA-2003:088 http://rhn.redhat.com/errata/RHSA-2003-088.html RedHat Security Advisories: RHSA-2003:098 http://rhn.redhat.com/errata/RHSA-2003-098.html http://www.redhat.com/support/errata/RHSA-2003-103.html http://www.redhat.com/support/errata/RHSA-2003-145.html SuSE Security Announcement: SuSE-SA:2003:021 (Google Search) http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.