Test ID:	1.3.6.1.4.1.25623.1.0.54283
Category:	Trustix Local Security Checks
Title:	Trustix Security Advisory TSLSA-2004-0020 (kernel)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory TSLSA-2004-0020. CVE-2004-0109: zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this. CVE-2004-0133: Usage of not properly initialized memory in the XFS code was discovered. This lead to an information leakage where some blocks in the file system would contain old data from the system memory. CVE-2004-0177: Usage of not properly initialized memory in the ext3 code was discovered by Solar Designer of the Openwall project. This lead to an information leakage where some blocks in the file system would contain old data from the system memory. This was the first such vulnerability discovered, and directly lead to XFS and JFS being checked for this. CVE-2004-0181: Usage of not properly initialized memory in the JFS code was discovered. This lead to an information leakage where some blocks in the file system would contain old data from the system memory. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2004-0020 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0109 BugTraq ID: 10141 http://www.securityfocus.com/bid/10141 Computer Incident Advisory Center Bulletin: O-121 http://www.ciac.org/ciac/bulletins/o-121.shtml Computer Incident Advisory Center Bulletin: O-127 http://www.ciac.org/ciac/bulletins/o-127.shtml Conectiva Linux advisory: CLA-2004:846 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 Debian Security Information: DSA-479 (Google Search) http://www.debian.org/security/2004/dsa-479 Debian Security Information: DSA-480 (Google Search) http://www.debian.org/security/2004/dsa-480 Debian Security Information: DSA-481 (Google Search) http://www.debian.org/security/2004/dsa-481 Debian Security Information: DSA-482 (Google Search) http://www.debian.org/security/2004/dsa-482 Debian Security Information: DSA-489 (Google Search) http://www.debian.org/security/2004/dsa-489 Debian Security Information: DSA-491 (Google Search) http://www.debian.org/security/2004/dsa-491 Debian Security Information: DSA-495 (Google Search) http://www.debian.org/security/2004/dsa-495 En Garde Linux Advisory: ESA-20040428-004 http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html http://security.gentoo.org/glsa/glsa-200407-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:029 http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10733 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A940 http://www.redhat.com/support/errata/RHSA-2004-105.html http://www.redhat.com/support/errata/RHSA-2004-106.html RedHat Security Advisories: RHSA-2004:166 http://rhn.redhat.com/errata/RHSA-2004-166.html http://www.redhat.com/support/errata/RHSA-2004-183.html http://secunia.com/advisories/11361 http://secunia.com/advisories/11362 http://secunia.com/advisories/11373 http://secunia.com/advisories/11429 http://secunia.com/advisories/11464 http://secunia.com/advisories/11469 http://secunia.com/advisories/11470 http://secunia.com/advisories/11486 http://secunia.com/advisories/11494 http://secunia.com/advisories/11518 http://secunia.com/advisories/11626 http://secunia.com/advisories/11861 http://secunia.com/advisories/11891 http://secunia.com/advisories/11986 http://secunia.com/advisories/12003 SGI Security Advisory: 20040405-01-U ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc SGI Security Advisory: 20040504-01-U ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc SuSE Security Announcement: SuSE-SA:2004:009 (Google Search) http://www.novell.com/linux/security/advisories/2004_09_kernel.html http://marc.info/?l=bugtraq&m=108213675028441&w=2 TurboLinux Advisory: TLSA-2004-14 http://www.turbolinux.com/security/2004/TLSA-2004-14.txt XForce ISS Database: linux-iso9660-bo(15866) https://exchange.xforce.ibmcloud.com/vulnerabilities/15866 Common Vulnerability Exposure (CVE) ID: CVE-2004-0133 BugTraq ID: 10151 http://www.securityfocus.com/bid/10151 XForce ISS Database: linux-xfs-info-disclosure(15901) https://exchange.xforce.ibmcloud.com/vulnerabilities/15901 Common Vulnerability Exposure (CVE) ID: CVE-2004-0177 BugTraq ID: 10152 http://www.securityfocus.com/bid/10152 Computer Incident Advisory Center Bulletin: O-126 http://www.ciac.org/ciac/bulletins/o-126.shtml https://bugzilla.fedora.us/show_bug.cgi?id=2336 http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556 http://www.redhat.com/support/errata/RHSA-2004-504.html http://www.redhat.com/support/errata/RHSA-2004-505.html http://www.redhat.com/support/errata/RHSA-2005-293.html XForce ISS Database: linux-ext3-info-disclosure(15867) https://exchange.xforce.ibmcloud.com/vulnerabilities/15867 Common Vulnerability Exposure (CVE) ID: CVE-2004-0181 BugTraq ID: 10143 http://www.securityfocus.com/bid/10143 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10329 http://www.redhat.com/support/errata/RHSA-2005-663.html http://secunia.com/advisories/17002 http://www.vupen.com/english/advisories/2005/1878 XForce ISS Database: linux-jfs-info-disclosure(15902) https://exchange.xforce.ibmcloud.com/vulnerabilities/15902
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.