Test ID:	1.3.6.1.4.1.25623.1.0.54308
Category:	Trustix Local Security Checks
Title:	Trustix Security Advisory TSLSA-2005-0001 (fcron, kernel)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory TSLSA-2005-0001. fcron: Security vulnerabilites have been found in fcronsighup, the program used by fcrontab to tell fcron it should reload its configuration. Fcron 2.9.5.1 fixes the reported bugs and improves fcronsighup's overall security. kernel: Paul Starzetz discovered an exploitable flaw in the page fault handler. This only affects SMP kernels. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0001 to this issue. Paul Starzetz discovered an exploitable flaw in the binary loaders for ELF and a.out. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-1235 and CVE-2004-1074 to this issue. Chris Wright fixed a user triggerable BUG() when a user created a large vma that overlapped with arg pages during exec. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0003 to this issue. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0001 Risk factor : High CVSS Score: 6.9
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0001 BugTraq ID: 12244 http://www.securityfocus.com/bid/12244 Bugtraq: 20050112 Linux kernel i386 SMP page fault handler privilege escalation (Google Search) http://marc.info/?l=bugtraq&m=110554694522719&w=2 Bugtraq: 20050114 [USN-60-0] Linux kernel vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110581146702951&w=2 Conectiva Linux advisory: CLA-2005:930 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 Debian Security Information: DSA-1067 (Google Search) http://www.debian.org/security/2006/dsa-1067 Debian Security Information: DSA-1069 (Google Search) http://www.debian.org/security/2006/dsa-1069 Debian Security Information: DSA-1070 (Google Search) http://www.debian.org/security/2006/dsa-1070 Debian Security Information: DSA-1082 (Google Search) http://www.debian.org/security/2006/dsa-1082 https://bugzilla.fedora.us/show_bug.cgi?id=2336 http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html http://www.mandriva.com/security/advisories?name=MDKSA-2005:022 http://isec.pl/vulnerabilities/isec-0022-pagefault.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10322 http://www.redhat.com/support/errata/RHSA-2005-016.html http://www.redhat.com/support/errata/RHSA-2005-017.html http://www.redhat.com/support/errata/RHSA-2005-043.html http://www.redhat.com/support/errata/RHSA-2005-092.html http://securitytracker.com/id?1012862 http://secunia.com/advisories/13822 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 http://www.trustix.org/errata/2005/0001/ XForce ISS Database: linux-fault-handler-gain-privileges(18849) https://exchange.xforce.ibmcloud.com/vulnerabilities/18849 Common Vulnerability Exposure (CVE) ID: CVE-2004-1235 BugTraq ID: 12190 http://www.securityfocus.com/bid/12190 Bugtraq: 20050107 Linux kernel sys_uselib local root vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110512575901427&w=2 http://www.securityfocus.com/advisories/7806 http://www.securityfocus.com/advisories/7805 http://isec.pl/vulnerabilities/isec-0021-uselib.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9567 http://secunia.com/advisories/20162 SuSE Security Announcement: SUSE-SR:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_sr.html XForce ISS Database: linux-uselib-gain-privileges(18800) https://exchange.xforce.ibmcloud.com/vulnerabilities/18800 Common Vulnerability Exposure (CVE) ID: CVE-2004-1074 BugTraq ID: 11754 http://www.securityfocus.com/bid/11754 Bugtraq: 20041216 [USN-39-1] Linux amd64 kernel vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110322596918807&w=2 http://marc.info/?l=linux-kernel&m=110021173607372&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9751 XForce ISS Database: linux-aout-binary-dos(18290) https://exchange.xforce.ibmcloud.com/vulnerabilities/18290 Common Vulnerability Exposure (CVE) ID: CVE-2005-0003 BugTraq ID: 12261 http://www.securityfocus.com/bid/12261 http://linux.bkbits.net:8080/linux-2.6/cset@41a6721cce-LoPqkzKXudYby_3TUmg https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9512 http://securitytracker.com/id?1012885 SuSE Security Announcement: SUSE-SA:2005:018 (Google Search) http://www.novell.com/linux/security/advisories/2005_18_kernel.html XForce ISS Database: linux-vma-gain-privileges(18886) https://exchange.xforce.ibmcloud.com/vulnerabilities/18886
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.