English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.52776
Category:Fedora Local Security Checks
Title:Fedora Legacy Security Advisory FLSA-2004:1284
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory FLSA-2004:1284.

Paul Starzetz discovered a flaw in return value checking in mremap() in
the Linux kernel versions 2.4.24 and previous that may allow a local
attacker to gain root privileges. No exploit is currently available

however this issue is exploitable. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0077
to this issue.

The Vicam USB driver in kernel versions prior to 2.4.25 does not use the
copy_from_user function to access userspace, which crosses security
boundaries. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0075 to this issue.

Arjan van de Ven discovered a flaw in ncp_lookup() in ncpfs that could
allow local privilege escalation. ncpfs is only used to allow a system
to mount volumes of NetWare servers or print to NetWare printers. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0010 to this issue.

Alan Cox found issues in the R128 Direct Render Infrastructure that
could allow local privilege escalation. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0003
to this issue.

All users are advised to upgrade to these errata packages, which contain
backported security patches that correct these issues.

Fedora Legacy would like to thank Paul Starzetz from ISEC for reporting
the issue CVE-2004-0077, and Dominic Hargreaves for providing
backported rpms for all issues.

Affected platforms:
Redhat 7.2
Redhat 7.3
Redhat 8

Solution:
http://www.securityspace.com/smysecure/catid.html?in=FLSA-2004:1284

Risk factor : High

CVSS Score:
7.2

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0077
BugTraq ID: 9686
http://www.securityfocus.com/bid/9686
Bugtraq: 20040218 Second critical mremap() bug found in all Linux kernels (Google Search)
http://marc.info/?l=bugtraq&m=107711762014175&w=2
CERT/CC vulnerability note: VU#981222
http://www.kb.cert.org/vuls/id/981222
Computer Incident Advisory Center Bulletin: O-082
http://www.ciac.org/ciac/bulletins/o-082.shtml
Conectiva Linux advisory: CLA-2004:820
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
Debian Security Information: DSA-438 (Google Search)
http://www.debian.org/security/2004/dsa-438
Debian Security Information: DSA-439 (Google Search)
http://www.debian.org/security/2004/dsa-439
Debian Security Information: DSA-440 (Google Search)
http://www.debian.org/security/2004/dsa-440
Debian Security Information: DSA-441 (Google Search)
http://www.debian.org/security/2004/dsa-441
Debian Security Information: DSA-442 (Google Search)
http://www.debian.org/security/2004/dsa-442
Debian Security Information: DSA-444 (Google Search)
http://www.debian.org/security/2004/dsa-444
Debian Security Information: DSA-450 (Google Search)
http://www.debian.org/security/2004/dsa-450
Debian Security Information: DSA-453 (Google Search)
http://www.debian.org/security/2004/dsa-453
Debian Security Information: DSA-454 (Google Search)
http://www.debian.org/security/2004/dsa-454
Debian Security Information: DSA-456 (Google Search)
http://www.debian.org/security/2004/dsa-456
Debian Security Information: DSA-466 (Google Search)
http://www.debian.org/security/2004/dsa-466
Debian Security Information: DSA-470 (Google Search)
http://www.debian.org/security/2004/dsa-470
Debian Security Information: DSA-475 (Google Search)
http://www.debian.org/security/2004/dsa-475
Debian Security Information: DSA-514 (Google Search)
http://www.debian.org/security/2004/dsa-514
http://fedoranews.org/updates/FEDORA-2004-079.shtml
http://security.gentoo.org/glsa/glsa-200403-02.xml
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015
http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
http://www.osvdb.org/3986
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A825
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A837
http://www.redhat.com/support/errata/RHSA-2004-065.html
http://www.redhat.com/support/errata/RHSA-2004-066.html
http://www.redhat.com/support/errata/RHSA-2004-069.html
http://www.redhat.com/support/errata/RHSA-2004-106.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734
SuSE Security Announcement: SuSE-SA:2004:005 (Google Search)
http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
http://marc.info/?l=bugtraq&m=107712137732553&w=2
http://marc.info/?l=bugtraq&m=107755871932680&w=2
TurboLinux Advisory: TLSA-2004-7
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html
XForce ISS Database: linux-mremap-gain-privileges(15244)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15244
Common Vulnerability Exposure (CVE) ID: CVE-2004-0075
BugTraq ID: 9690
http://www.securityfocus.com/bid/9690
Conectiva Linux advisory: CLA-2004:846
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A836
http://www.redhat.com/support/errata/RHSA-2005-293.html
XForce ISS Database: linux-vicam-dos(15246)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15246
Common Vulnerability Exposure (CVE) ID: CVE-2004-0010
BugTraq ID: 9691
http://www.securityfocus.com/bid/9691
Debian Security Information: DSA-479 (Google Search)
http://www.debian.org/security/2004/dsa-479
Debian Security Information: DSA-480 (Google Search)
http://www.debian.org/security/2004/dsa-480
Debian Security Information: DSA-481 (Google Search)
http://www.debian.org/security/2004/dsa-481
Debian Security Information: DSA-482 (Google Search)
http://www.debian.org/security/2004/dsa-482
Debian Security Information: DSA-489 (Google Search)
http://www.debian.org/security/2004/dsa-489
Debian Security Information: DSA-491 (Google Search)
http://www.debian.org/security/2004/dsa-491
Debian Security Information: DSA-495 (Google Search)
http://www.debian.org/security/2004/dsa-495
http://www.mandriva.com/security/advisories?name=MDKSA-2004:015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1035
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11388
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A835
http://www.redhat.com/support/errata/RHSA-2004-188.html
TurboLinux Advisory: TLSA-2004-05
http://www.securityfocus.com/advisories/6759
XForce ISS Database: linux-ncplookup-gain-privileges(15250)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15250
Common Vulnerability Exposure (CVE) ID: CVE-2004-0003
BugTraq ID: 9570
http://www.securityfocus.com/bid/9570
Computer Incident Advisory Center Bulletin: O-121
http://www.ciac.org/ciac/bulletins/o-121.shtml
Computer Incident Advisory Center Bulletin: O-126
http://www.ciac.org/ciac/bulletins/o-126.shtml
Computer Incident Advisory Center Bulletin: O-127
http://www.ciac.org/ciac/bulletins/o-127.shtml
Computer Incident Advisory Center Bulletin: O-145
http://www.ciac.org/ciac/bulletins/o-145.shtml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:029
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A834
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9204
http://www.redhat.com/support/errata/RHSA-2004-044.html
http://www.redhat.com/support/errata/RHSA-2004-166.html
http://secunia.com/advisories/10782
http://secunia.com/advisories/10911
http://secunia.com/advisories/10912
http://secunia.com/advisories/11202
http://secunia.com/advisories/11361
http://secunia.com/advisories/11362
http://secunia.com/advisories/11369
http://secunia.com/advisories/11370
http://secunia.com/advisories/11376
http://secunia.com/advisories/11464
http://secunia.com/advisories/11891
http://secunia.com/advisories/12075
TurboLinux Advisory: TLSA-2004-14
http://www.turbolinux.com/security/2004/TLSA-2004-14.txt
XForce ISS Database: linux-r128-gain-priviliges(15029)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15029
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.