Nessus Plugin #15287
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[DSA450] DSA-450-1 linux-kernel-2.4.19-mips
- Family:
- Debian Local Security Checks
- Category:
- infos
- Copyright:
- This script is (C) 2004 Michel Arboi
- Summary:
- DSA-450-1 linux-kernel-2.4.19-mips
- Version:
- $Revision: 1.4 $
- Cve_id:
- CAN-2003-0961, CAN-2003-0985, CAN-2004-0077
- Bugtraq_id:
- 9138, 9356, 9686
- Xrefs:
- DSA:450, CERT:981222
- Description:
Several local root exploits have been discovered recently in the Linux
kernel. This security advisory updates the mips kernel 2.4.19 for
Debian GNU/Linux. The Common Vulnerabilities and Exposures project
identifies the following problems that are fixed with this update:
An integer overflow in brk() system call (do_brk() function) for
Linux allows a local attacker to gain root privileges. Fixed
upstream in Linux 2.4.23.
Paul Starzetz <a
href="http://isec.pl/vulnerabilities/isec-0013-mremap.txt">discovered</a>
a flaw in bounds checking in mremap() in
the Linux kernel (present in version 2.4.x and 2.6.x) which may
allow a local attacker to gain root privileges. Version 2.2 is not
affected by this bug. Fixed upstream in Linux 2.4.24.
Paul Starzetz and Wojciech Purczynski of isec.pl <a
href="http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt">discovered</a> a
critical security vulnerability in the memory management code of
Linux inside the mremap(2) system call. Due to missing function
return value check of internal functions a local attacker can gain
root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.
For the stable distribution (woody) these problems have been fixed in
version 2.4.19-0.020911.1.woody3 of mips images and version
2.4.19-4.woody1 of kernel source.
For the unstable distribution (sid) this problem will be fixed soon
with the next upload of a 2.4.19 kernel image and in version
2.4.22-0.030928.3 for 2.4.22.
We recommend that you upgrade your Linux kernel packages immediately.
Vulnerability matrix for CAN-2004-0077
Solution : http://www.debian.org/security/2004/dsa-450
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.