English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 123947 CVE descriptions
and 58962 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.54045
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2004:037 (kernel)
Summary:SuSE Security Advisory SUSE-SA:2004:037 (kernel)
Description:Description:

The remote host is missing updates announced in
advisory SUSE-SA:2004:037.

An integer underflow problem in the iptables firewall logging rules
can allow a remote attacker to crash the machine by using a handcrafted
IP packet. This attack is only possible with firewalling enabled.

We would like to thank Richard Hart for reporting the problem.

This problem has already been fixed in the 2.6.8 upstream Linux kernel,
this update contains a backport of the fix.

Products running a 2.4 kernel are not affected.

Mitre has assigned the CVE ID CVE-2004-0816 for this problem.

Additionaly Martin Schwidefsky of IBM found an incorrectly handled
privileged instruction which can lead to a local user gaining
root user privileges.

This only affects the SUSE Linux Enterprise Server 9 on the S/390
platform and has been assigned CVE ID CVE-2004-0887.

Additionaly the following non-security bugs were fixed:

- Two CD burning problems.

- USB 2.0 stability problems under high load on SMP systems.

- Several SUSE Linux Enterprise Server issues.
(see the Maintenance Information Mail for more informations).

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2004:037

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0816
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
SuSE Security Announcement: SUSE-SA:2004:037 (Google Search)
http://www.novell.com/linux/security/advisories/2004_37_kernel.html
BugTraq ID: 11488
http://www.securityfocus.com/bid/11488
http://secunia.com/advisories/11202/
XForce ISS Database: linux-ip-packet-dos(17800)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17800
Common Vulnerability Exposure (CVE) ID: CVE-2004-0887
Debian Security Information: DSA-1018 (Google Search)
http://www.debian.org/security/2006/dsa-1018
BugTraq ID: 11489
http://www.securityfocus.com/bid/11489
http://secunia.com/advisories/19369
XForce ISS Database: linux-instruction-gain-privileges(17801)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17801
Common Vulnerability Exposure (CVE) ID: CVE-2004-0803
Bugtraq: 20041013 CESA-2004-006: libtiff (Google Search)
http://marc.info/?l=bugtraq&m=109778785107450&w=2
http://scary.beasts.org/security/CESA-2004-006.txt
Conectiva Linux advisory: CLA-2004:888
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
Debian Security Information: DSA-567 (Google Search)
http://www.debian.org/security/2004/dsa-567
http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
http://www.redhat.com/support/errata/RHSA-2004-577.html
http://www.redhat.com/support/errata/RHSA-2005-354.html
http://www.redhat.com/support/errata/RHSA-2005-021.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
SuSE Security Announcement: SUSE-SA:2004:038 (Google Search)
http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
CERT/CC vulnerability note: VU#948752
http://www.kb.cert.org/vuls/id/948752
BugTraq ID: 11406
http://www.securityfocus.com/bid/11406
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896
http://secunia.com/advisories/12818
XForce ISS Database: libtiff-library-decoding-bo(17703)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17703
Common Vulnerability Exposure (CVE) ID: CVE-2004-0804
http://bugzilla.remotesensing.org/show_bug.cgi?id=111
CERT/CC vulnerability note: VU#555304
http://www.kb.cert.org/vuls/id/555304
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711
XForce ISS Database: libtiff-dos(17755)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17755
Common Vulnerability Exposure (CVE) ID: CVE-2004-0886
http://www.trustix.org/errata/2004/0054/
http://marc.info/?l=bugtraq&m=109779465621929&w=2
CERT/CC vulnerability note: VU#687568
http://www.kb.cert.org/vuls/id/687568
Computer Incident Advisory Center Bulletin: P-015
http://www.ciac.org/ciac/bulletins/p-015.shtml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907
http://securitytracker.com/id?1011674
XForce ISS Database: libtiff-bo(17715)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17715
Common Vulnerability Exposure (CVE) ID: CVE-2004-0884
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Debian Security Information: DSA-563 (Google Search)
http://www.debian.org/security/2004/dsa-563
Debian Security Information: DSA-568 (Google Search)
http://www.debian.org/security/2004/dsa-568
https://bugzilla.fedora.us/show_bug.cgi?id=2137
http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:106
RedHat Security Advisories: RHSA-2004:546
http://rhn.redhat.com/errata/RHSA-2004-546.html
http://www.trustix.net/errata/2004/0053/
Bugtraq: 20050128 [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl) (Google Search)
http://marc.info/?l=bugtraq&m=110693126007214&w=2
Computer Incident Advisory Center Bulletin: P-003
http://www.ciac.org/ciac/bulletins/p-003.shtml
BugTraq ID: 11347
http://www.securityfocus.com/bid/11347
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11678
XForce ISS Database: cyrus-sasl-saslpath(17643)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17643
Common Vulnerability Exposure (CVE) ID: CVE-2004-0954
Common Vulnerability Exposure (CVE) ID: CVE-2004-0955
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2018 E-Soft Inc. All rights reserved.