| Description: | Summary:
The remote host is missing an update for the 'kernel' package(s) announced via the SSA:2004-008-01 advisory.
Vulnerability Insight:
New kernels are available for Slackware 8.1 containing a
backported fix from a bounds-checking problem in the kernel's
mremap() call which could be used by a local attacker to gain
root privileges. This fix was previously issued for Slackware
9.0, 9.1, and -current (SSA:2004-006-01).
Sites running Slackware 8.1 should upgrade to the new kernel.
After installing the new kernel, be sure to run 'lilo'.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
[link moved to references]
Here are the details from the Slackware 8.1 ChangeLog:
+--------------------------+
Thu Jan 8 18:21:27 PST 2004
patches/kernels/*: These are 2.4.18 kernels containing a backported
fix for a security problem with the kernel's mremap() function.
A local user could exploit this hole to gain root privileges.
For more details, see:
[link moved to references]
After installing the new kernel, be sure to run 'lilo'.
(* Security fix *)
patches/packages/kernel-ide-2.4.18-i386-5.tgz: Patched mremap().
(* Security fix *)
patches/packages/kernel-source-2.4.18-noarch-6.tgz: This is
the source code from kernel-source-2.4.18-noarch-5 with the fix
for mremap().
(* Security fix *)
+--------------------------+
Affected Software/OS:
'kernel' package(s) on Slackware 8.1.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
