English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.50655
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2004:015-1 (kernel)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to kernel
announced via advisory MDKSA-2004:015-1.

Paul Staretz discovered a flaw in return value checking in the
mremap() function in the Linux kernel, versions 2.4.24 and previous
that could allow a local user to obtain root privileges.

A vulnerability was found in the R128 DRI driver by Alan Cox. This
could allow local privilege escalation.

A flaw in the ncp_lookup() function in the ncpfs code (which is used
to mount NetWare volumes or print to NetWare printers) was found by
Arjen van de Ven that could allow local privilege escalation.

The Vicam USB driver in Linux kernel versions prior to 2.4.25 does
not use the copy_from_user function to access userspace, which crosses
security boundaries. This problem does not affect the Mandrake Linux
9.2 kernel.

Additionally, a ptrace hole that only affects the amd64/x86_64
platform has been corrected.

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located at:

http://www.mandrakesecure.net/en/kernelupdate.php

Update:

Kernels for Corporate Server 2.1/x86_64 are now available.

Affected versions: Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:015-1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0077

Risk factor : High

CVSS Score:
7.2

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0003
BugTraq ID: 9570
http://www.securityfocus.com/bid/9570
Computer Incident Advisory Center Bulletin: O-082
http://www.ciac.org/ciac/bulletins/o-082.shtml
Computer Incident Advisory Center Bulletin: O-121
http://www.ciac.org/ciac/bulletins/o-121.shtml
Computer Incident Advisory Center Bulletin: O-126
http://www.ciac.org/ciac/bulletins/o-126.shtml
Computer Incident Advisory Center Bulletin: O-127
http://www.ciac.org/ciac/bulletins/o-127.shtml
Computer Incident Advisory Center Bulletin: O-145
http://www.ciac.org/ciac/bulletins/o-145.shtml
Debian Security Information: DSA-479 (Google Search)
http://www.debian.org/security/2004/dsa-479
Debian Security Information: DSA-480 (Google Search)
http://www.debian.org/security/2004/dsa-480
Debian Security Information: DSA-481 (Google Search)
http://www.debian.org/security/2004/dsa-481
Debian Security Information: DSA-482 (Google Search)
http://www.debian.org/security/2004/dsa-482
Debian Security Information: DSA-489 (Google Search)
http://www.debian.org/security/2004/dsa-489
Debian Security Information: DSA-491 (Google Search)
http://www.debian.org/security/2004/dsa-491
Debian Security Information: DSA-495 (Google Search)
http://www.debian.org/security/2004/dsa-495
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A834
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9204
http://www.redhat.com/support/errata/RHSA-2004-044.html
http://www.redhat.com/support/errata/RHSA-2004-065.html
http://www.redhat.com/support/errata/RHSA-2004-106.html
http://www.redhat.com/support/errata/RHSA-2004-166.html
http://secunia.com/advisories/10782
http://secunia.com/advisories/10911
http://secunia.com/advisories/10912
http://secunia.com/advisories/11202
http://secunia.com/advisories/11361
http://secunia.com/advisories/11362
http://secunia.com/advisories/11369
http://secunia.com/advisories/11370
http://secunia.com/advisories/11376
http://secunia.com/advisories/11464
http://secunia.com/advisories/11891
http://secunia.com/advisories/12075
SuSE Security Announcement: SuSE-SA:2004:005 (Google Search)
http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
TurboLinux Advisory: TLSA-2004-14
http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
XForce ISS Database: linux-r128-gain-priviliges(15029)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15029
Common Vulnerability Exposure (CVE) ID: CVE-2004-0010
BugTraq ID: 9691
http://www.securityfocus.com/bid/9691
Conectiva Linux advisory: CLA-2004:820
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
http://fedoranews.org/updates/FEDORA-2004-079.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1035
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11388
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A835
http://www.redhat.com/support/errata/RHSA-2004-069.html
http://www.redhat.com/support/errata/RHSA-2004-188.html
TurboLinux Advisory: TLSA-2004-05
http://www.securityfocus.com/advisories/6759
XForce ISS Database: linux-ncplookup-gain-privileges(15250)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15250
Common Vulnerability Exposure (CVE) ID: CVE-2004-0075
BugTraq ID: 9690
http://www.securityfocus.com/bid/9690
Conectiva Linux advisory: CLA-2004:846
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A836
http://www.redhat.com/support/errata/RHSA-2005-293.html
XForce ISS Database: linux-vicam-dos(15246)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15246
Common Vulnerability Exposure (CVE) ID: CVE-2004-0077
BugTraq ID: 9686
http://www.securityfocus.com/bid/9686
Bugtraq: 20040218 Second critical mremap() bug found in all Linux kernels (Google Search)
http://marc.info/?l=bugtraq&m=107711762014175&w=2
CERT/CC vulnerability note: VU#981222
http://www.kb.cert.org/vuls/id/981222
Debian Security Information: DSA-438 (Google Search)
http://www.debian.org/security/2004/dsa-438
Debian Security Information: DSA-439 (Google Search)
http://www.debian.org/security/2004/dsa-439
Debian Security Information: DSA-440 (Google Search)
http://www.debian.org/security/2004/dsa-440
Debian Security Information: DSA-441 (Google Search)
http://www.debian.org/security/2004/dsa-441
Debian Security Information: DSA-442 (Google Search)
http://www.debian.org/security/2004/dsa-442
Debian Security Information: DSA-444 (Google Search)
http://www.debian.org/security/2004/dsa-444
Debian Security Information: DSA-450 (Google Search)
http://www.debian.org/security/2004/dsa-450
Debian Security Information: DSA-453 (Google Search)
http://www.debian.org/security/2004/dsa-453
Debian Security Information: DSA-454 (Google Search)
http://www.debian.org/security/2004/dsa-454
Debian Security Information: DSA-456 (Google Search)
http://www.debian.org/security/2004/dsa-456
Debian Security Information: DSA-466 (Google Search)
http://www.debian.org/security/2004/dsa-466
Debian Security Information: DSA-470 (Google Search)
http://www.debian.org/security/2004/dsa-470
Debian Security Information: DSA-475 (Google Search)
http://www.debian.org/security/2004/dsa-475
Debian Security Information: DSA-514 (Google Search)
http://www.debian.org/security/2004/dsa-514
http://security.gentoo.org/glsa/glsa-200403-02.xml
http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
http://www.osvdb.org/3986
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A825
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A837
http://www.redhat.com/support/errata/RHSA-2004-066.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734
http://marc.info/?l=bugtraq&m=107712137732553&w=2
http://marc.info/?l=bugtraq&m=107755871932680&w=2
TurboLinux Advisory: TLSA-2004-7
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html
XForce ISS Database: linux-mremap-gain-privileges(15244)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15244
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.