Fedora Local Security Checks : Fedora Core 1 FEDORA-2004-101 (kernel)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.50306
Category:	Fedora Local Security Checks
Title:	Fedora Core 1 FEDORA-2004-101 (kernel)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to kernel announced via advisory FEDORA-2004-101. The kernel package contains the Linux kernel (vmlinuz), the core of your Fedora Core Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Update Information: iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that they could gain root privileges if that filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0109 to this issue. Solar Designer from OpenWall discovered a minor information leak in the ext3 filesystem code due to the lack of initialization of journal descriptor blocks. This flaw has only minor security implications and exploitation requires privileged access to the raw device. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0133 to this issue. These packages also contain an updated fix with additional checks for issues in the R128 Direct Render Infrastructure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0003 to this issue. Additionally, additional hardening of the mremap function was applied to prevent a potential local denial of service attack. The low latency patch applied in previous kernels has also been found to cause stability problems under certain conditions. It has been disabled in this update whilst further investigation occurs. * Tue Apr 13 2004 Dave Jones - mremap NULL pointer dereference fix - Disable low latency patch, pending investigation into crashes. - Additional r128 DRM check. (CVE-2004-0003) - Bounds checking in ISO9660 filesystem. (CVE-2004-0109) - Fix Information leak in EXT3 (CVE-2004-0133) Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-101.shtml Risk factor : Medium CVSS Score: 4.6
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0109 BugTraq ID: 10141 http://www.securityfocus.com/bid/10141 Computer Incident Advisory Center Bulletin: O-121 http://www.ciac.org/ciac/bulletins/o-121.shtml Computer Incident Advisory Center Bulletin: O-127 http://www.ciac.org/ciac/bulletins/o-127.shtml Conectiva Linux advisory: CLA-2004:846 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 Debian Security Information: DSA-479 (Google Search) http://www.debian.org/security/2004/dsa-479 Debian Security Information: DSA-480 (Google Search) http://www.debian.org/security/2004/dsa-480 Debian Security Information: DSA-481 (Google Search) http://www.debian.org/security/2004/dsa-481 Debian Security Information: DSA-482 (Google Search) http://www.debian.org/security/2004/dsa-482 Debian Security Information: DSA-489 (Google Search) http://www.debian.org/security/2004/dsa-489 Debian Security Information: DSA-491 (Google Search) http://www.debian.org/security/2004/dsa-491 Debian Security Information: DSA-495 (Google Search) http://www.debian.org/security/2004/dsa-495 En Garde Linux Advisory: ESA-20040428-004 http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html http://security.gentoo.org/glsa/glsa-200407-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:029 http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10733 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A940 http://www.redhat.com/support/errata/RHSA-2004-105.html http://www.redhat.com/support/errata/RHSA-2004-106.html http://www.redhat.com/support/errata/RHSA-2004-166.html http://rhn.redhat.com/errata/RHSA-2004-166.html http://www.redhat.com/support/errata/RHSA-2004-183.html http://secunia.com/advisories/11361 http://secunia.com/advisories/11362 http://secunia.com/advisories/11373 http://secunia.com/advisories/11429 http://secunia.com/advisories/11464 http://secunia.com/advisories/11469 http://secunia.com/advisories/11470 http://secunia.com/advisories/11486 http://secunia.com/advisories/11494 http://secunia.com/advisories/11518 http://secunia.com/advisories/11626 http://secunia.com/advisories/11861 http://secunia.com/advisories/11891 http://secunia.com/advisories/11986 http://secunia.com/advisories/12003 SGI Security Advisory: 20040405-01-U ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc SGI Security Advisory: 20040504-01-U ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc SuSE Security Announcement: SuSE-SA:2004:009 (Google Search) http://www.novell.com/linux/security/advisories/2004_09_kernel.html http://marc.info/?l=bugtraq&m=108213675028441&w=2 TurboLinux Advisory: TLSA-2004-14 http://www.turbolinux.com/security/2004/TLSA-2004-14.txt XForce ISS Database: linux-iso9660-bo(15866) https://exchange.xforce.ibmcloud.com/vulnerabilities/15866 Common Vulnerability Exposure (CVE) ID: CVE-2004-0133 BugTraq ID: 10151 http://www.securityfocus.com/bid/10151 XForce ISS Database: linux-xfs-info-disclosure(15901) https://exchange.xforce.ibmcloud.com/vulnerabilities/15901 Common Vulnerability Exposure (CVE) ID: CVE-2004-0003 BugTraq ID: 9570 http://www.securityfocus.com/bid/9570 Computer Incident Advisory Center Bulletin: O-082 http://www.ciac.org/ciac/bulletins/o-082.shtml Computer Incident Advisory Center Bulletin: O-126 http://www.ciac.org/ciac/bulletins/o-126.shtml Computer Incident Advisory Center Bulletin: O-145 http://www.ciac.org/ciac/bulletins/o-145.shtml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:029 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A834 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9204 http://www.redhat.com/support/errata/RHSA-2004-044.html http://www.redhat.com/support/errata/RHSA-2004-065.html http://secunia.com/advisories/10782 http://secunia.com/advisories/10911 http://secunia.com/advisories/10912 http://secunia.com/advisories/11202 http://secunia.com/advisories/11369 http://secunia.com/advisories/11370 http://secunia.com/advisories/11376 http://secunia.com/advisories/12075 SuSE Security Announcement: SuSE-SA:2004:005 (Google Search) http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html XForce ISS Database: linux-r128-gain-priviliges(15029) https://exchange.xforce.ibmcloud.com/vulnerabilities/15029
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com