English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75096 CVE descriptions
and 39644 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.50653
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2004:015 (kernel)
Summary:Mandrake Security Advisory MDKSA-2004:015 (kernel)
Description:
The remote host is missing an update to kernel
announced via advisory MDKSA-2004:015.

Paul Staretz discovered a flaw in return value checking in the
mremap() function in the Linux kernel, versions 2.4.24 and previous
that could allow a local user to obtain root privileges.

A vulnerability was found in the R128 DRI driver by Alan Cox. This
could allow local privilege escalation.

A flaw in the ncp_lookup() function in the ncpfs code (which is used
to mount NetWare volumes or print to NetWare printers) was found by
Arjen van de Ven that could allow local privilege escalation.

The Vicam USB driver in Linux kernel versions prior to 2.4.25 does
not use the copy_from_user function to access userspace, which crosses
security boundaries. This problem does not affect the Mandrake Linux
9.2 kernel.

Additionally, a ptrace hole that only affects the amd64/x86_64
platform has been corrected.

The provided packages are patched to fix these vulnerabilities. All
users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located at:

http://www.mandrakesecure.net/en/kernelupdate.php

Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2


Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0077

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0003
Debian Security Information: DSA-479 (Google Search)
http://www.debian.org/security/2004/dsa-479
Debian Security Information: DSA-480 (Google Search)
http://www.debian.org/security/2004/dsa-480
Debian Security Information: DSA-481 (Google Search)
http://www.debian.org/security/2004/dsa-481
Debian Security Information: DSA-482 (Google Search)
http://www.debian.org/security/2004/dsa-482
Debian Security Information: DSA-489 (Google Search)
http://www.debian.org/security/2004/dsa-489
Debian Security Information: DSA-491 (Google Search)
http://www.debian.org/security/2004/dsa-491
Debian Security Information: DSA-495 (Google Search)
http://www.debian.org/security/2004/dsa-495
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:029
http://www.redhat.com/support/errata/RHSA-2004-044.html
http://www.redhat.com/support/errata/RHSA-2004-065.html
http://www.redhat.com/support/errata/RHSA-2004-106.html
http://www.redhat.com/support/errata/RHSA-2004-166.html
SuSE Security Announcement: SuSE-SA:2004:005 (Google Search)
http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
TurboLinux Advisory: TLSA-2004-14
http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
Computer Incident Advisory Center Bulletin: O-082
http://www.ciac.org/ciac/bulletins/o-082.shtml
Computer Incident Advisory Center Bulletin: O-121
http://www.ciac.org/ciac/bulletins/o-121.shtml
Computer Incident Advisory Center Bulletin: O-126
http://www.ciac.org/ciac/bulletins/o-126.shtml
Computer Incident Advisory Center Bulletin: O-127
http://www.ciac.org/ciac/bulletins/o-127.shtml
Computer Incident Advisory Center Bulletin: O-145
http://www.ciac.org/ciac/bulletins/o-145.shtml
BugTraq ID: 9570
http://www.securityfocus.com/bid/9570
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9204
http://secunia.com/advisories/10782
http://secunia.com/advisories/10911
http://secunia.com/advisories/10912
http://secunia.com/advisories/11202
http://secunia.com/advisories/11361
http://secunia.com/advisories/11362
http://secunia.com/advisories/11369
http://secunia.com/advisories/11370
http://secunia.com/advisories/11376
http://secunia.com/advisories/11464
http://secunia.com/advisories/11891
http://secunia.com/advisories/12075
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1017
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:834
XForce ISS Database: linux-r128-gain-priviliges(15029)
http://xforce.iss.net/xforce/xfdb/15029
Common Vulnerability Exposure (CVE) ID: CVE-2004-0010
Conectiva Linux advisory: CLA-2004:820
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
http://fedoranews.org/updates/FEDORA-2004-079.shtml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:015
http://www.redhat.com/support/errata/RHSA-2004-069.html
http://www.redhat.com/support/errata/RHSA-2004-188.html
TurboLinux Advisory: TLSA-2004-05
http://www.securityfocus.com/advisories/6759
BugTraq ID: 9691
http://www.securityfocus.com/bid/9691
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11388
XForce ISS Database: linux-ncplookup-gain-privileges(15250)
http://xforce.iss.net/xforce/xfdb/15250
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1035
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:835
Common Vulnerability Exposure (CVE) ID: CVE-2004-0075
Conectiva Linux advisory: CLA-2004:846
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015
http://www.redhat.com/support/errata/RHSA-2005-293.html
BugTraq ID: 9690
http://www.securityfocus.com/bid/9690
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:836
XForce ISS Database: linux-vicam-dos(15246)
http://xforce.iss.net/xforce/xfdb/15246
Common Vulnerability Exposure (CVE) ID: CVE-2004-0077
Bugtraq: 20040218 Second critical mremap() bug found in all Linux kernels (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107711762014175&w=2
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html
http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
Debian Security Information: DSA-438 (Google Search)
http://www.debian.org/security/2004/dsa-438
Debian Security Information: DSA-439 (Google Search)
http://www.debian.org/security/2004/dsa-439
Debian Security Information: DSA-440 (Google Search)
http://www.debian.org/security/2004/dsa-440
Debian Security Information: DSA-441 (Google Search)
http://www.debian.org/security/2004/dsa-441
Debian Security Information: DSA-442 (Google Search)
http://www.debian.org/security/2004/dsa-442
Debian Security Information: DSA-444 (Google Search)
http://www.debian.org/security/2004/dsa-444
Debian Security Information: DSA-450 (Google Search)
http://www.debian.org/security/2004/dsa-450
Debian Security Information: DSA-453 (Google Search)
http://www.debian.org/security/2004/dsa-453
Debian Security Information: DSA-454 (Google Search)
http://www.debian.org/security/2004/dsa-454
Debian Security Information: DSA-456 (Google Search)
http://www.debian.org/security/2004/dsa-456
Debian Security Information: DSA-466 (Google Search)
http://www.debian.org/security/2004/dsa-466
Debian Security Information: DSA-470 (Google Search)
http://www.debian.org/security/2004/dsa-470
Debian Security Information: DSA-514 (Google Search)
http://www.debian.org/security/2004/dsa-514
Debian Security Information: DSA-475 (Google Search)
http://www.debian.org/security/2004/dsa-475
http://www.redhat.com/support/errata/RHSA-2004-066.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734
http://marc.theaimsgroup.com/?l=bugtraq&m=107712137732553&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=107755871932680&w=2
TurboLinux Advisory: TLSA-2004-7
http://security.gentoo.org/glsa/glsa-200403-02.xml
CERT/CC vulnerability note: VU#981222
http://www.kb.cert.org/vuls/id/981222
BugTraq ID: 9686
http://www.securityfocus.com/bid/9686
http://www.osvdb.org/3986
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:825
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:837
XForce ISS Database: linux-mremap-gain-privileges(15244)
http://xforce.iss.net/xforce/xfdb/15244
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 39644 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.