Slackware Local Security Checks : Slackware: Security Advisory (SSA:2003-336-01)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.53877

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2003-336-01)

Resumen: The remote host is missing an update for the 'Kernel' package(s) announced via the SSA:2003-336-01 advisory.

Descripción: Summary:
The remote host is missing an update for the 'Kernel' package(s) announced via the SSA:2003-336-01 advisory.

Vulnerability Insight:
New kernels are available for Slackware 9.1 and -current. These
have been upgraded to Linux kernel version 2.4.23, which fixes a
bug in the kernel's do_brk() function that could be exploited to
gain root privileges. These updated kernels and modules should be
installed by any sites running a 2.4 kernel earlier than 2.4.23.
Linux 2.0 and 2.2 kernels are not vulnerable.

More details about the Apache issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

[link moved to references]

Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Mon Dec 1 21:36:30 PST 2003
patches/kernels/: Upgraded to Linux 2.4.23. This fixes a bug in the
kernel's do_brk() function which a local user could exploit to gain
root privileges. For more details, see:
[link moved to references]
Sites should upgrade to the 2.4.23 kernel and kernel modules. After
installing the new kernel, be sure to run 'lilo'.
(* Security fix *)
patches/packages/alsa-driver-0.9.8-i486-1.tgz: Upgraded to
alsa-driver-0.9.8, compiled against linux-2.4.23.
patches/packages/alsa-lib-0.9.8-i486-1.tgz: Upgraded to alsa-lib-0.9.8.
patches/packages/alsa-oss-0.9.8-i486-1.tgz: Upgraded to alsa-oss-0.9.8.
patches/packages/alsa-utils-0.9.8-i486-1.tgz: Upgraded to
alsa-utils-0.9.8.
patches/packages/kernel-ide-2.4.23-i486-1.tgz: Upgraded bare.i kernel
package to Linux 2.4.23.
patches/packages/kernel-modules-2.4.23-i486-1.tgz: Upgraded to Linux
2.4.23 kernel modules.
patches/packages/kernel-source-2.4.23-noarch-2.tgz: Upgraded to Linux
2.4.23 kernel source, with XFS and Speakup patches included (but not
pre-applied).
patches/packages/kernel-modules-xfs/alsa-driver-xfs-0.9.8-i486-1.tgz:
Upgraded to alsa-driver-0.9.8, compiled against linux-2.4.23-xfs.
patches/packages/kernel-modules-xfs/kernel-modules-xfs-2.4.23-i486-1.tgz:
Upgraded to Linux 2.4.23 kernel modules for the xfs.s (XFS patched)
kernel.
+--------------------------+

Affected Software/OS:
'Kernel' package(s) on Slackware 9.1, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0961
Bugtraq: 20031204 Hot fix for do_brk bug (Google Search)
http://marc.info/?l=bugtraq&m=107064830206816&w=2
Bugtraq: 20031204 [iSEC] Linux kernel do_brk() vulnerability details (Google Search)
http://marc.info/?l=bugtraq&m=107064798706473&w=2
Bugtraq: 20040112 SmoothWall Project Security Advisory SWP-2004:001 (Google Search)
http://marc.info/?l=bugtraq&m=107394143105081&w=2
CERT/CC vulnerability note: VU#301156
http://www.kb.cert.org/vuls/id/301156
Conectiva Linux advisory: CLA-2003:796
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796
Debian Security Information: DSA-403 (Google Search)
http://www.debian.org/security/2003/dsa-403
Debian Security Information: DSA-417 (Google Search)
http://www.debian.org/security/2004/dsa-417
Debian Security Information: DSA-423 (Google Search)
http://www.debian.org/security/2004/dsa-423
Debian Security Information: DSA-433 (Google Search)
http://www.debian.org/security/2004/dsa-433
Debian Security Information: DSA-439 (Google Search)
http://www.debian.org/security/2004/dsa-439
Debian Security Information: DSA-440 (Google Search)
http://www.debian.org/security/2004/dsa-440
Debian Security Information: DSA-442 (Google Search)
http://www.debian.org/security/2004/dsa-442
Debian Security Information: DSA-450 (Google Search)
http://www.debian.org/security/2004/dsa-450
Debian Security Information: DSA-470 (Google Search)
http://www.debian.org/security/2004/dsa-470
Debian Security Information: DSA-475 (Google Search)
http://www.debian.org/security/2004/dsa-475
http://www.mandriva.com/security/advisories?name=MDKSA-2003:110
http://isec.pl/papers/linux_kernel_do_brk.pdf
http://www.redhat.com/support/errata/RHSA-2003-368.html
http://www.redhat.com/support/errata/RHSA-2003-389.html
http://secunia.com/advisories/10328
http://secunia.com/advisories/10329
http://secunia.com/advisories/10330
http://secunia.com/advisories/10333
http://secunia.com/advisories/10338
SuSE Security Announcement: SuSE-SA:2003:049 (Google Search)
http://www.novell.com/linux/security/advisories/2003_049_kernel.html

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.53877
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2003-336-01)
Resumen:	The remote host is missing an update for the 'Kernel' package(s) announced via the SSA:2003-336-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'Kernel' package(s) announced via the SSA:2003-336-01 advisory. Vulnerability Insight: New kernels are available for Slackware 9.1 and -current. These have been upgraded to Linux kernel version 2.4.23, which fixes a bug in the kernel's do_brk() function that could be exploited to gain root privileges. These updated kernels and modules should be installed by any sites running a 2.4 kernel earlier than 2.4.23. Linux 2.0 and 2.2 kernels are not vulnerable. More details about the Apache issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Mon Dec 1 21:36:30 PST 2003 patches/kernels/: Upgraded to Linux 2.4.23. This fixes a bug in the kernel's do_brk() function which a local user could exploit to gain root privileges. For more details, see: [link moved to references] Sites should upgrade to the 2.4.23 kernel and kernel modules. After installing the new kernel, be sure to run 'lilo'. (* Security fix *) patches/packages/alsa-driver-0.9.8-i486-1.tgz: Upgraded to alsa-driver-0.9.8, compiled against linux-2.4.23. patches/packages/alsa-lib-0.9.8-i486-1.tgz: Upgraded to alsa-lib-0.9.8. patches/packages/alsa-oss-0.9.8-i486-1.tgz: Upgraded to alsa-oss-0.9.8. patches/packages/alsa-utils-0.9.8-i486-1.tgz: Upgraded to alsa-utils-0.9.8. patches/packages/kernel-ide-2.4.23-i486-1.tgz: Upgraded bare.i kernel package to Linux 2.4.23. patches/packages/kernel-modules-2.4.23-i486-1.tgz: Upgraded to Linux 2.4.23 kernel modules. patches/packages/kernel-source-2.4.23-noarch-2.tgz: Upgraded to Linux 2.4.23 kernel source, with XFS and Speakup patches included (but not pre-applied). patches/packages/kernel-modules-xfs/alsa-driver-xfs-0.9.8-i486-1.tgz: Upgraded to alsa-driver-0.9.8, compiled against linux-2.4.23-xfs. patches/packages/kernel-modules-xfs/kernel-modules-xfs-2.4.23-i486-1.tgz: Upgraded to Linux 2.4.23 kernel modules for the xfs.s (XFS patched) kernel. +--------------------------+ Affected Software/OS: 'Kernel' package(s) on Slackware 9.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0961 Bugtraq: 20031204 Hot fix for do_brk bug (Google Search) http://marc.info/?l=bugtraq&m=107064830206816&w=2 Bugtraq: 20031204 [iSEC] Linux kernel do_brk() vulnerability details (Google Search) http://marc.info/?l=bugtraq&m=107064798706473&w=2 Bugtraq: 20040112 SmoothWall Project Security Advisory SWP-2004:001 (Google Search) http://marc.info/?l=bugtraq&m=107394143105081&w=2 CERT/CC vulnerability note: VU#301156 http://www.kb.cert.org/vuls/id/301156 Conectiva Linux advisory: CLA-2003:796 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796 Debian Security Information: DSA-403 (Google Search) http://www.debian.org/security/2003/dsa-403 Debian Security Information: DSA-417 (Google Search) http://www.debian.org/security/2004/dsa-417 Debian Security Information: DSA-423 (Google Search) http://www.debian.org/security/2004/dsa-423 Debian Security Information: DSA-433 (Google Search) http://www.debian.org/security/2004/dsa-433 Debian Security Information: DSA-439 (Google Search) http://www.debian.org/security/2004/dsa-439 Debian Security Information: DSA-440 (Google Search) http://www.debian.org/security/2004/dsa-440 Debian Security Information: DSA-442 (Google Search) http://www.debian.org/security/2004/dsa-442 Debian Security Information: DSA-450 (Google Search) http://www.debian.org/security/2004/dsa-450 Debian Security Information: DSA-470 (Google Search) http://www.debian.org/security/2004/dsa-470 Debian Security Information: DSA-475 (Google Search) http://www.debian.org/security/2004/dsa-475 http://www.mandriva.com/security/advisories?name=MDKSA-2003:110 http://isec.pl/papers/linux_kernel_do_brk.pdf http://www.redhat.com/support/errata/RHSA-2003-368.html http://www.redhat.com/support/errata/RHSA-2003-389.html http://secunia.com/advisories/10328 http://secunia.com/advisories/10329 http://secunia.com/advisories/10330 http://secunia.com/advisories/10333 http://secunia.com/advisories/10338 SuSE Security Announcement: SuSE-SA:2003:049 (Google Search) http://www.novell.com/linux/security/advisories/2003_049_kernel.html
Copyright	Copyright (C) 2012 Greenbone AG