Test ID:	1.3.6.1.4.1.25623.1.0.54623
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200407-16 (Kernel)
Summary:	The remote host is missing updates announced in;advisory GLSA 200407-16.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200407-16. Vulnerability Insight: Multiple permission vulnerabilities have been found in the Linux kernel, allowing an attacker to change the group IDs of files mounted on a remote filesystem (CVE-2004-0497), as well as an issue in 2.6 series kernels which allows /proc permissions to be bypassed. A context sharing vulnerability in vserver-sources is also handled by this advisory as well as CVE-2004-0447, CVE-2004-0496 and CVE-2004-0565. Patched, or updated versions of these kernels have been released and details are included along with this advisory. Solution: Users are encouraged to upgrade to the latest available sources for their system: # emerge sync # emerge -pv your-favorite-sources # emerge your-favorite-sources # # Follow usual procedure for compiling and installing a kernel. # # If you use genkernel, run genkernel as you would do normally. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0447 BugTraq ID: 10783 http://www.securityfocus.com/bid/10783 Computer Incident Advisory Center Bulletin: O-193 http://www.ciac.org/ciac/bulletins/o-193.shtml Debian Security Information: DSA-1067 (Google Search) http://www.debian.org/security/2006/dsa-1067 Debian Security Information: DSA-1069 (Google Search) http://www.debian.org/security/2006/dsa-1069 Debian Security Information: DSA-1070 (Google Search) http://www.debian.org/security/2006/dsa-1070 Debian Security Information: DSA-1082 (Google Search) http://www.debian.org/security/2006/dsa-1082 http://security.gentoo.org/glsa/glsa-200407-16.xml http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10918 http://www.redhat.com/support/errata/RHSA-2004-413.html http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 SGI Security Advisory: 20040804-01-U ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc XForce ISS Database: linux-ia64-dos(16661) https://exchange.xforce.ibmcloud.com/vulnerabilities/16661 Common Vulnerability Exposure (CVE) ID: CVE-2004-0496 SuSE Security Announcement: SUSE-SA:2004:020 (Google Search) http://www.novell.com/linux/security/advisories/2004_20_kernel.html XForce ISS Database: linux-gain-privileges(16625) https://exchange.xforce.ibmcloud.com/vulnerabilities/16625 Common Vulnerability Exposure (CVE) ID: CVE-2004-0497 Conectiva Linux advisory: CLA-2004:852 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9867 http://www.redhat.com/support/errata/RHSA-2004-354.html http://www.redhat.com/support/errata/RHSA-2004-360.html XForce ISS Database: linux-fchown-groupid-modify(16599) https://exchange.xforce.ibmcloud.com/vulnerabilities/16599 Common Vulnerability Exposure (CVE) ID: CVE-2004-0565 BugTraq ID: 10687 http://www.securityfocus.com/bid/10687 http://www.mandriva.com/security/advisories?name=MDKSA-2004:066 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10714 http://www.redhat.com/support/errata/RHSA-2004-504.html XForce ISS Database: linux-ia64-info-disclosure(16644) https://exchange.xforce.ibmcloud.com/vulnerabilities/16644
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.