Test ID:	1.3.6.1.4.1.25623.1.0.50766
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2003:110 (kernel)
Summary:	Mandrake Security Advisory MDKSA-2003:110 (kernel)
Description:	The remote host is missing an update to kernel announced via advisory MDKSA-2003:110. A vulnerability was discovered in the Linux kernel versions 2.4.22 and previous. A flaw in bounds checking in the do_brk() function can allow a local attacker to gain root privileges. This vulnerability is known to be exploitable an exploit is in the wild at this time. The Mandrake Linux 9.2 kernels are not vulnerable to this problem as the fix for it is already present in those kernels. MandrakeSoft encourages all users to upgrade their systems immediately. Affected versions: 9.0, 9.1, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:110 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0961 Risk factor : High
Cross-Ref:	BugTraq ID: 9138 Common Vulnerability Exposure (CVE) ID: CVE-2003-0961 Bugtraq: 20031204 [iSEC] Linux kernel do_brk() vulnerability details (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=107064798706473&w=2 http://isec.pl/papers/linux_kernel_do_brk.pdf http://www.redhat.com/support/errata/RHSA-2003-368.html http://www.redhat.com/support/errata/RHSA-2003-389.html Debian Security Information: DSA-403 (Google Search) http://www.debian.org/security/2003/dsa-403 Debian Security Information: DSA-417 (Google Search) http://www.debian.org/security/2004/dsa-417 Debian Security Information: DSA-423 (Google Search) http://www.debian.org/security/2004/dsa-423 Debian Security Information: DSA-433 (Google Search) http://www.debian.org/security/2004/dsa-433 Debian Security Information: DSA-439 (Google Search) http://www.debian.org/security/2004/dsa-439 Debian Security Information: DSA-440 (Google Search) http://www.debian.org/security/2004/dsa-440 Debian Security Information: DSA-442 (Google Search) http://www.debian.org/security/2004/dsa-442 Debian Security Information: DSA-450 (Google Search) http://www.debian.org/security/2004/dsa-450 Debian Security Information: DSA-470 (Google Search) http://www.debian.org/security/2004/dsa-470 Debian Security Information: DSA-475 (Google Search) http://www.debian.org/security/2004/dsa-475 http://www.mandriva.com/security/advisories?name=MDKSA-2003:110 Conectiva Linux advisory: CLA-2003:796 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796 SuSE Security Announcement: SuSE-SA:2003:049 (Google Search) http://www.novell.com/linux/security/advisories/2003_049_kernel.html Bugtraq: 20031204 Hot fix for do_brk bug (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=107064830206816&w=2 Bugtraq: 20040112 SmoothWall Project Security Advisory SWP-2004:001 (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2 CERT/CC vulnerability note: VU#301156 http://www.kb.cert.org/vuls/id/301156 http://secunia.com/advisories/10328 http://secunia.com/advisories/10329 http://secunia.com/advisories/10330 http://secunia.com/advisories/10333 http://secunia.com/advisories/10338
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: