Test ID:	1.3.6.1.4.1.25623.1.0.50548
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2004:066 (kernel)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to kernel announced via advisory MDKSA-2004:066. A number of vulnerabilities were discovered in the Linux kernel that are corrected with this update: Multiple vulnerabilities were found by the Sparse source checker that could allow local users to elevate privileges or gain access to kernel memory (CVE-2004-0495). Missing Discretionary Access Controls (DAC) checks in the chown(2) system call could allow an attacker with a local account to change the group ownership of arbitrary files, which could lead to root privileges on affected systems (CVE-2004-0497). An information leak vulnerability that affects only ia64 systems was fixed (CVE-2004-0565). Insecure permissions on /proc/scsi/qla2300/HbaApiNode could allow a local user to cause a DoS on the system this only affects Mandrakelinux 9.2 and below (CVE-2004-0587). A vulnerability that could crash the kernel has also been fixed. This crash, however, can only be exploited via root (in br_if.c). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/security/kernelupdate Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0587 Risk factor : High CVSS Score: 7.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0495 BugTraq ID: 10566 http://www.securityfocus.com/bid/10566 Conectiva Linux advisory: CLA-2004:845 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 Conectiva Linux advisory: CLA-2004:846 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 http://lwn.net/Articles/91155/ http://security.gentoo.org/glsa/glsa-200407-02.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2961 http://www.redhat.com/support/errata/RHSA-2004-255.html http://www.redhat.com/support/errata/RHSA-2004-260.html SuSE Security Announcement: SUSE-SA:2004:020 (Google Search) http://www.novell.com/linux/security/advisories/2004_20_kernel.html XForce ISS Database: linux-drivers-gain-privileges(16449) https://exchange.xforce.ibmcloud.com/vulnerabilities/16449 Common Vulnerability Exposure (CVE) ID: CVE-2004-0497 Conectiva Linux advisory: CLA-2004:852 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9867 http://www.redhat.com/support/errata/RHSA-2004-354.html http://www.redhat.com/support/errata/RHSA-2004-360.html XForce ISS Database: linux-fchown-groupid-modify(16599) https://exchange.xforce.ibmcloud.com/vulnerabilities/16599 Common Vulnerability Exposure (CVE) ID: CVE-2004-0565 BugTraq ID: 10687 http://www.securityfocus.com/bid/10687 Debian Security Information: DSA-1067 (Google Search) http://www.debian.org/security/2006/dsa-1067 Debian Security Information: DSA-1069 (Google Search) http://www.debian.org/security/2006/dsa-1069 Debian Security Information: DSA-1070 (Google Search) http://www.debian.org/security/2006/dsa-1070 Debian Security Information: DSA-1082 (Google Search) http://www.debian.org/security/2006/dsa-1082 http://www.mandriva.com/security/advisories?name=MDKSA-2004:066 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734 http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10714 http://www.redhat.com/support/errata/RHSA-2004-504.html http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 XForce ISS Database: linux-ia64-info-disclosure(16644) https://exchange.xforce.ibmcloud.com/vulnerabilities/16644 Common Vulnerability Exposure (CVE) ID: CVE-2004-0587 BugTraq ID: 10279 http://www.securityfocus.com/bid/10279 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9398 http://www.redhat.com/support/errata/RHSA-2004-413.html http://www.redhat.com/support/errata/RHSA-2004-418.html http://securitytracker.com/id?1010057 SGI Security Advisory: 20040804-01-U ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc SuSE Security Announcement: SuSE-SA:2004:010 (Google Search) http://www.novell.com/linux/security/advisories/2004_10_kernel.html XForce ISS Database: suse-hbaapinode-dos(16062) https://exchange.xforce.ibmcloud.com/vulnerabilities/16062
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.