Test ID:	1.3.6.1.4.1.25623.1.0.53143
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 444-1 (kernel-image-2.4.17-ia64)
Summary:	The remote host is missing an update to kernel-image-2.4.17-ia64;announced via advisory DSA 444-1.
Description:	Summary: The remote host is missing an update to kernel-image-2.4.17-ia64 announced via advisory DSA 444-1. Vulnerability Insight: Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. For the stable distribution (woody) this problem has been fixed in version 011226.16 of ia64 kernel source and images. Other architectures are or will be mentioned in a separate advisory respectively or are not affected (m68k). For the unstable distribution (sid) this problem will be fixed in version 2.4.24-3. This problem is also fixed in the upstream version of Linux 2.4.25 and 2.6.3. Solution: We recommend that you upgrade your Linux kernel packages immediately. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0077 BugTraq ID: 9686 http://www.securityfocus.com/bid/9686 Bugtraq: 20040218 Second critical mremap() bug found in all Linux kernels (Google Search) http://marc.info/?l=bugtraq&m=107711762014175&w=2 CERT/CC vulnerability note: VU#981222 http://www.kb.cert.org/vuls/id/981222 Computer Incident Advisory Center Bulletin: O-082 http://www.ciac.org/ciac/bulletins/o-082.shtml Conectiva Linux advisory: CLA-2004:820 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820 Debian Security Information: DSA-438 (Google Search) http://www.debian.org/security/2004/dsa-438 Debian Security Information: DSA-439 (Google Search) http://www.debian.org/security/2004/dsa-439 Debian Security Information: DSA-440 (Google Search) http://www.debian.org/security/2004/dsa-440 Debian Security Information: DSA-441 (Google Search) http://www.debian.org/security/2004/dsa-441 Debian Security Information: DSA-442 (Google Search) http://www.debian.org/security/2004/dsa-442 Debian Security Information: DSA-444 (Google Search) http://www.debian.org/security/2004/dsa-444 Debian Security Information: DSA-450 (Google Search) http://www.debian.org/security/2004/dsa-450 Debian Security Information: DSA-453 (Google Search) http://www.debian.org/security/2004/dsa-453 Debian Security Information: DSA-454 (Google Search) http://www.debian.org/security/2004/dsa-454 Debian Security Information: DSA-456 (Google Search) http://www.debian.org/security/2004/dsa-456 Debian Security Information: DSA-466 (Google Search) http://www.debian.org/security/2004/dsa-466 Debian Security Information: DSA-470 (Google Search) http://www.debian.org/security/2004/dsa-470 Debian Security Information: DSA-475 (Google Search) http://www.debian.org/security/2004/dsa-475 Debian Security Information: DSA-514 (Google Search) http://www.debian.org/security/2004/dsa-514 http://fedoranews.org/updates/FEDORA-2004-079.shtml http://security.gentoo.org/glsa/glsa-200403-02.xml http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015 http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt http://www.osvdb.org/3986 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A825 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A837 http://www.redhat.com/support/errata/RHSA-2004-065.html http://www.redhat.com/support/errata/RHSA-2004-066.html http://www.redhat.com/support/errata/RHSA-2004-069.html http://www.redhat.com/support/errata/RHSA-2004-106.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734 SuSE Security Announcement: SuSE-SA:2004:005 (Google Search) http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html http://marc.info/?l=bugtraq&m=107712137732553&w=2 http://marc.info/?l=bugtraq&m=107755871932680&w=2 TurboLinux Advisory: TLSA-2004-7 http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html XForce ISS Database: linux-mremap-gain-privileges(15244) https://exchange.xforce.ibmcloud.com/vulnerabilities/15244
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.