Test ID:	1.3.6.1.4.1.25623.1.0.51405
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2003:618
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2003:618. The Linux kernel is responsible for handling the basic functions of the GNU/Linux operating system. Alan Cox published[4] a vulnerability[1] in the linux kernel found by Andrzej Szombierski that could be used by a local attacker to obtain root privileges. When a process requires a feature that a certain kernel module provides, the kernel will spawn a child process, give it root privileges and call /sbin/modprobe to load that module. A local attacker can create such a process, make it request a kernel module and wait for the child process to be spawned. Before the privilege change, the attacker can attach to this child process and insert code that will later be run with root privileges. The Common Vulnerabilities and Exposures project has assigned the name CVE-2003-0127[1] to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0127 http://distro.conectiva.com.br/atualizacoes/ http://www.conectiva.com.br/suporte/pr/sistema.kernel.atualizar.html http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:618 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0127 Caldera Security Advisory: CSSA-2003-020.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt CERT/CC vulnerability note: VU#628849 http://www.kb.cert.org/vuls/id/628849 Debian Security Information: DSA-270 (Google Search) http://www.debian.org/security/2003/dsa-270 Debian Security Information: DSA-276 (Google Search) http://www.debian.org/security/2003/dsa-276 Debian Security Information: DSA-311 (Google Search) http://www.debian.org/security/2003/dsa-311 Debian Security Information: DSA-312 (Google Search) http://www.debian.org/security/2003/dsa-312 Debian Security Information: DSA-332 (Google Search) http://www.debian.org/security/2003/dsa-332 Debian Security Information: DSA-336 (Google Search) http://www.debian.org/security/2003/dsa-336 Debian Security Information: DSA-423 (Google Search) http://www.debian.org/security/2004/dsa-423 Debian Security Information: DSA-495 (Google Search) http://www.debian.org/security/2004/dsa-495 En Garde Linux Advisory: ESA-20030318-009 En Garde Linux Advisory: ESA-20030515-017 http://marc.info/?l=bugtraq&m=105301461726555&w=2 http://security.gentoo.org/glsa/glsa-200303-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2003:038 http://www.mandriva.com/security/advisories?name=MDKSA-2003:039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A254 RedHat Security Advisories: RHSA-2003:088 http://rhn.redhat.com/errata/RHSA-2003-088.html RedHat Security Advisories: RHSA-2003:098 http://rhn.redhat.com/errata/RHSA-2003-098.html http://www.redhat.com/support/errata/RHSA-2003-103.html http://www.redhat.com/support/errata/RHSA-2003-145.html SuSE Security Announcement: SuSE-SA:2003:021 (Google Search) http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.