| Description: | Description:
The remote host is missing an update to kernel
announced via advisory FEDORA-2004-079.
The kernel package contains the Linux kernel (vmlinuz), the core of your
Fedora Core Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
Update Information:
Paul Starzetz discovered a flaw in return value checking in mremap() in the
Linux kernel versions 2.4.24 and previous that may allow a local attacker
to gain root privileges. No exploit is currently available
however this
issue is exploitable. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0077 to this issue.
Arjan van de Ven discovered a flaw in ncp_lookup() in ncpfs that could
allow local privilege escalation. ncpfs is only used to allow a system to
mount volumes of NetWare servers or print to NetWare printers. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-0010 to this issue.
All users are advised to upgrade to these errata packages, which contain
backported security patches that correct these issues.
Red Hat would like to thank Paul Starzetz from ISEC for reporting the issue
CVE-2004-0077.
* Wed Feb 18 2004 Dave Jones
- Fix security problem in gamma DRI driver.
* Tue Feb 17 2004 Dave Jones
- Fix leak in SSTFB driver.
* Sat Feb 14 2004 Dave Jones
- aacraid fix for #92129
* Fri Feb 13 2004 Dave Jones
- Fix building of vt8231.o
* Thu Feb 05 2004 Dave Jones
- Check do_mremap return values (CVE-2004-0077)
* Mon Feb 02 2004 Dave Jones
- Disable stack overflow checking.
- More bits from 2.4.25pre
- Fix ipt_conntrack/ipt_state module refcounting.
- Zero last byte of mount option page
- AMD64 update
- Fix deep stack usage in ncpfs (CVE-2004-0010)
Solution: Apply the appropriate updates.
http://www.fedoranews.org/updates/FEDORA-2004-079.shtml
Risk factor : High
CVSS Score:
7.2
|
