Executive Summary
| Summary | |
|---|---|
| Title | New Linux 2.4.18 packages fix local root exploit (i386) |
| Informations | |||
|---|---|---|---|
| Name | DSA-479 | First vendor Publication | 2004-04-14 |
| Vendor | Debian | Last vendor Modification | 2004-04-14 |
| Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.18 for the i386 architecture. This advisory replaces the i386 part of DSA 479-1 (except for the i386bf part). An unfortunate build error caused some of the kernel packages in DSA 479-1 to be broken. They are updated with this advisory. For completeness below is the original advisory text: The Common Vulnerabilities and Exposures project identifies the following problems that will be fixed with this update: CAN-2004-0003 A vulnerability has been discovered in the R128 drive in the Linux kernel which could potentially lead an attacker to gain unauthorised privileges. Alan Cox and Thomas Biege developed a correction for this CAN-2004-0010 Arjan van de Ven discovered a stack-based buffer overflow in the ncp_lookup function for ncpfs in the Linux kernel, which could lead an attacker to gain unauthorised privileges. Petr Vandrovec developed a correction for this. CAN-2004-0109 zen-parse discovered a buffer overflow vulnerability in the ISO9660 filesystem component of Linux kernel which could be abused by an attacker to gain unauthorised root access. Sebastian Krahmer and Ernie Petrides developed a correction for this. CAN-2004-0177 Solar Designer discovered an information leak in the ext3 code of Linux. In a worst case an attacker could read sensitive data such as cryptographic keys which would otherwise never hit disk media. Theodore Ts'o developed a correction for this. CAN-2004-0178 Andreas Kies discovered a denial of service condition in the Sound Blaster driver in Linux. He also developed a correction. These problems will also be fixed by upstream in Linux 2.4.26 and future versions of 2.6. The following security matrix explains which kernel versions for which architecture are already fixed. Kernel images in the unstable Debian distribution (sid) will be fixed soon. Architecture stable (woody) unstable (sid) removed in sid source 2.4.18-14.3 2.4.25-3 -- alpha 2.4.18-15 soon -- i386 2.4.18-13.1 soon -- i386bf 2.4.18-5woody8 soon -- powerpc 2.4.18-1woody5 2.4.25-8 2.4.22 We recommend that you upgrade your kernel packages immediately, either with a Debian provided kernel or with a self compiled one. |
Original Source
| Url : http://www.debian.org/security/2004/dsa-479 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:1017 | |||
| Oval ID: | oval:org.mitre.oval:def:1017 | ||
| Title: | Red Hat Enterprise 3 Kernel R128 DRI Limits Checking Vulnerability | ||
| Description: | Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0003 | Version: | 2 |
| Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:1035 | |||
| Oval ID: | oval:org.mitre.oval:def:1035 | ||
| Title: | Red Hat Enterprise 3 Kernel ncp_lookup Function BO | ||
| Description: | Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0010 | Version: | 2 |
| Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:10556 | |||
| Oval ID: | oval:org.mitre.oval:def:10556 | ||
| Title: | The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device. | ||
| Description: | The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0177 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10733 | |||
| Oval ID: | oval:org.mitre.oval:def:10733 | ||
| Title: | Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry. | ||
| Description: | Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0109 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11388 | |||
| Oval ID: | oval:org.mitre.oval:def:11388 | ||
| Title: | Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges. | ||
| Description: | Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0010 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:834 | |||
| Oval ID: | oval:org.mitre.oval:def:834 | ||
| Title: | Red Hat Kernel R128 DRI Limits Checking Vulnerability | ||
| Description: | Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0003 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Linux kernel |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:835 | |||
| Oval ID: | oval:org.mitre.oval:def:835 | ||
| Title: | Red Hat Kernel ncp_lookup Function BO | ||
| Description: | Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0010 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Linux kernel |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:9204 | |||
| Oval ID: | oval:org.mitre.oval:def:9204 | ||
| Title: | Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." | ||
| Description: | Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0003 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:940 | |||
| Oval ID: | oval:org.mitre.oval:def:940 | ||
| Title: | Linux Kernel ISO9660 File System Component BO | ||
| Description: | Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0109 | Version: | 2 |
| Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9427 | |||
| Oval ID: | oval:org.mitre.oval:def:9427 | ||
| Title: | The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes. | ||
| Description: | The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0178 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-02 (Kernel) File : nvt/glsa_200407_02.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 479-1 (kernel) File : nvt/deb_479_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 479-2 (kernel-image-2.4.18-1-i386) File : nvt/deb_479_2.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 480-1 (kernel-image-2.4.17-hppa kernel-image-2.4... File : nvt/deb_480_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 481-1 (kernel-image-2.4.17-ia64) File : nvt/deb_481_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 482-1 (kernel) File : nvt/deb_482_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 489-1 (kernel-source-2.4.17 kernel-patch-2.4.17-... File : nvt/deb_489_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 491-1 (kernel-source-2.4.19 kernel-patch-2.4.19-... File : nvt/deb_491_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 495-1 (kernel) File : nvt/deb_495_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 5364 | Linux Kernel SoundBlaster 16 Driver Sample Size Handling Local DoS The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when a program submits an odd number of output bytes to the soundcard in 16bit output mode, which will cause an endless loop, resulting in loss of availability for the driver. |
| 5363 | Linux Kernel ext3 File Systems Information Leak The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the kernel does not properly initialize the journal descriptor blocks, which will disclose information stored in kernel memory to the ext3 file system device, resulting in a loss of confidentiality. |
| 5362 | Linux Kernel ISO9660 Symbolic Link Overflow Privilege Escalation A local overflow exists in the Linux kernel. The kernel fails to validate symbolic links on ISO 9660 filesystems resulting in a buffer overflow. With a specially crafted symbolic link on a mounted ISO9660 filesystem, an attacker can cause execution of code with kernel privileges resulting in a loss of confidentiality, integrity, and/or availability. |
| 3992 | Linux kernel ncpfs Privilege Escalation |
| 3807 | Linux Kernel R128 DRI Limits Checking Privilege Escalation Linux contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is unspecified, but related to "R128 DRI limits checking." This flaw may lead to a loss of confidentiality, integrity and/or availability. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-293.nasl - Type : ACT_GATHER_INFO |
| 2005-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-293.nasl - Type : ACT_GATHER_INFO |
| 2004-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-505.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-479.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-480.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-481.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-482.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-489.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-491.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-495.nasl - Type : ACT_GATHER_INFO |
| 2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200407-02.nasl - Type : ACT_GATHER_INFO |
| 2004-08-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-437.nasl - Type : ACT_GATHER_INFO |
| 2004-08-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-413.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-015.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-029.nasl - Type : ACT_GATHER_INFO |
| 2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_005.nasl - Type : ACT_GATHER_INFO |
| 2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_009.nasl - Type : ACT_GATHER_INFO |
| 2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-111.nasl - Type : ACT_GATHER_INFO |
| 2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-101.nasl - Type : ACT_GATHER_INFO |
| 2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-079.nasl - Type : ACT_GATHER_INFO |
| 2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-063.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-044.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-069.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-105.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-183.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-188.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:33:13 |
|
