Test ID:	1.3.6.1.4.1.25623.1.0.51034
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2004:106
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2004:106. The Linux kernel handles the basic functions of the operating system. This kernel updates several important drivers and fixes a number of bugs including potential security vulnerabilities. iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that root privileges may be obtained if the filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0109 to this issue. A flaw in return value checking in mremap() in the Linux kernel versions 2.4.24 and previous that may allow a local attacker to gain root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0077 to this issue. A flaw in ncp_lookup() in ncpfs could allow local privilege escalation. The ncpfs module allows a system to mount volumes of NetWare servers or print to NetWare printers. This is part of the kernel-unsupported package. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0010 to this issue. A flaw in the R128 Direct Render Infrastructure could allow local privilege escalation. This driver is part of the kernel-unsupported package. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0003 to this issue. An overflow was found in the ixj telephony card driver in Linux kernels prior to 2.4.20. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-1574 to this issue. The following drivers were updated: IBM Serveraid 6.11.07 MPT fusion v. 2.05.11.03 Qlogic v. 6.07.02-RH1 All users are advised to upgrade to these errata packages, which contain backported security patches that correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-106.html Risk factor : High CVSS Score: 7.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1574 BugTraq ID: 5985 http://www.securityfocus.com/bid/5985 Computer Incident Advisory Center Bulletin: N-096 http://www.ciac.org/ciac/bulletins/n-096.shtml http://www.redhat.com/support/errata/RHSA-2002-205.html http://www.redhat.com/support/errata/RHSA-2002-206.html http://www.redhat.com/support/errata/RHSA-2004-044.html http://www.redhat.com/support/errata/RHSA-2004-106.html XForce ISS Database: linux-ixj-root-privileges(10417) https://exchange.xforce.ibmcloud.com/vulnerabilities/10417 Common Vulnerability Exposure (CVE) ID: CVE-2004-0003 BugTraq ID: 9570 http://www.securityfocus.com/bid/9570 Computer Incident Advisory Center Bulletin: O-082 http://www.ciac.org/ciac/bulletins/o-082.shtml Computer Incident Advisory Center Bulletin: O-121 http://www.ciac.org/ciac/bulletins/o-121.shtml Computer Incident Advisory Center Bulletin: O-126 http://www.ciac.org/ciac/bulletins/o-126.shtml Computer Incident Advisory Center Bulletin: O-127 http://www.ciac.org/ciac/bulletins/o-127.shtml Computer Incident Advisory Center Bulletin: O-145 http://www.ciac.org/ciac/bulletins/o-145.shtml Debian Security Information: DSA-479 (Google Search) http://www.debian.org/security/2004/dsa-479 Debian Security Information: DSA-480 (Google Search) http://www.debian.org/security/2004/dsa-480 Debian Security Information: DSA-481 (Google Search) http://www.debian.org/security/2004/dsa-481 Debian Security Information: DSA-482 (Google Search) http://www.debian.org/security/2004/dsa-482 Debian Security Information: DSA-489 (Google Search) http://www.debian.org/security/2004/dsa-489 Debian Security Information: DSA-491 (Google Search) http://www.debian.org/security/2004/dsa-491 Debian Security Information: DSA-495 (Google Search) http://www.debian.org/security/2004/dsa-495 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:029 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A834 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9204 http://www.redhat.com/support/errata/RHSA-2004-065.html RedHat Security Advisories: RHSA-2004:166 http://secunia.com/advisories/10782 http://secunia.com/advisories/10911 http://secunia.com/advisories/10912 http://secunia.com/advisories/11202 http://secunia.com/advisories/11361 http://secunia.com/advisories/11362 http://secunia.com/advisories/11369 http://secunia.com/advisories/11370 http://secunia.com/advisories/11376 http://secunia.com/advisories/11464 http://secunia.com/advisories/11891 http://secunia.com/advisories/12075 SuSE Security Announcement: SuSE-SA:2004:005 (Google Search) http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html TurboLinux Advisory: TLSA-2004-14 http://www.turbolinux.com/security/2004/TLSA-2004-14.txt XForce ISS Database: linux-r128-gain-priviliges(15029) https://exchange.xforce.ibmcloud.com/vulnerabilities/15029 Common Vulnerability Exposure (CVE) ID: CVE-2004-0010 BugTraq ID: 9691 http://www.securityfocus.com/bid/9691 Conectiva Linux advisory: CLA-2004:820 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820 http://fedoranews.org/updates/FEDORA-2004-079.shtml http://www.mandriva.com/security/advisories?name=MDKSA-2004:015 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1035 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11388 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A835 http://www.redhat.com/support/errata/RHSA-2004-069.html http://www.redhat.com/support/errata/RHSA-2004-188.html TurboLinux Advisory: TLSA-2004-05 http://www.securityfocus.com/advisories/6759 XForce ISS Database: linux-ncplookup-gain-privileges(15250) https://exchange.xforce.ibmcloud.com/vulnerabilities/15250 Common Vulnerability Exposure (CVE) ID: CVE-2004-0077 BugTraq ID: 9686 http://www.securityfocus.com/bid/9686 Bugtraq: 20040218 Second critical mremap() bug found in all Linux kernels (Google Search) http://marc.info/?l=bugtraq&m=107711762014175&w=2 CERT/CC vulnerability note: VU#981222 http://www.kb.cert.org/vuls/id/981222 Debian Security Information: DSA-438 (Google Search) http://www.debian.org/security/2004/dsa-438 Debian Security Information: DSA-439 (Google Search) http://www.debian.org/security/2004/dsa-439 Debian Security Information: DSA-440 (Google Search) http://www.debian.org/security/2004/dsa-440 Debian Security Information: DSA-441 (Google Search) http://www.debian.org/security/2004/dsa-441 Debian Security Information: DSA-442 (Google Search) http://www.debian.org/security/2004/dsa-442 Debian Security Information: DSA-444 (Google Search) http://www.debian.org/security/2004/dsa-444 Debian Security Information: DSA-450 (Google Search) http://www.debian.org/security/2004/dsa-450 Debian Security Information: DSA-453 (Google Search) http://www.debian.org/security/2004/dsa-453 Debian Security Information: DSA-454 (Google Search) http://www.debian.org/security/2004/dsa-454 Debian Security Information: DSA-456 (Google Search) http://www.debian.org/security/2004/dsa-456 Debian Security Information: DSA-466 (Google Search) http://www.debian.org/security/2004/dsa-466 Debian Security Information: DSA-470 (Google Search) http://www.debian.org/security/2004/dsa-470 Debian Security Information: DSA-475 (Google Search) http://www.debian.org/security/2004/dsa-475 Debian Security Information: DSA-514 (Google Search) http://www.debian.org/security/2004/dsa-514 http://security.gentoo.org/glsa/glsa-200403-02.xml http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015 http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt http://www.osvdb.org/3986 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A825 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A837 http://www.redhat.com/support/errata/RHSA-2004-066.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734 http://marc.info/?l=bugtraq&m=107712137732553&w=2 http://marc.info/?l=bugtraq&m=107755871932680&w=2 TurboLinux Advisory: TLSA-2004-7 http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html XForce ISS Database: linux-mremap-gain-privileges(15244) https://exchange.xforce.ibmcloud.com/vulnerabilities/15244 Common Vulnerability Exposure (CVE) ID: CVE-2004-0109 BugTraq ID: 10141 http://www.securityfocus.com/bid/10141 Conectiva Linux advisory: CLA-2004:846 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 En Garde Linux Advisory: ESA-20040428-004 http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html http://security.gentoo.org/glsa/glsa-200407-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:029 http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10733 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A940 http://www.redhat.com/support/errata/RHSA-2004-105.html http://rhn.redhat.com/errata/RHSA-2004-166.html http://www.redhat.com/support/errata/RHSA-2004-183.html http://secunia.com/advisories/11373 http://secunia.com/advisories/11429 http://secunia.com/advisories/11469 http://secunia.com/advisories/11470 http://secunia.com/advisories/11486 http://secunia.com/advisories/11494 http://secunia.com/advisories/11518 http://secunia.com/advisories/11626 http://secunia.com/advisories/11861 http://secunia.com/advisories/11986 http://secunia.com/advisories/12003 SGI Security Advisory: 20040405-01-U ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc SGI Security Advisory: 20040504-01-U ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc SuSE Security Announcement: SuSE-SA:2004:009 (Google Search) http://www.novell.com/linux/security/advisories/2004_09_kernel.html http://marc.info/?l=bugtraq&m=108213675028441&w=2 XForce ISS Database: linux-iso9660-bo(15866) https://exchange.xforce.ibmcloud.com/vulnerabilities/15866
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.