Executive Summary

Summary
Title Updated Itanium kernel packages resolve security issues
Informations
Name RHSA-2004:327 First vendor Publication 2004-08-18
Vendor RedHat Last vendor Modification 2004-08-18
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated Itanium kernel packages that fix a number of security issues are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - ia64 Red Hat Linux Advanced Workstation 2.1 - ia64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This kernel updates several important drivers and fixes a number of bugs including potential security vulnerabilities.

Paul Starzetz discovered flaws in the Linux kernel when handling file offset pointers. These consist of invalid conversions of 64 to 32-bit file offset pointers and possible race conditions. A local unprivileged user could make use of these flaws to access large portions of kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0415 to this issue.

A flaw was discovered in an error path supporting the clone() system call that allowed local users to cause a denial of service (memory leak) by passing invalid arguments to clone() running in an infinite loop of a user's program (CAN-2004-0427).

Enhancements were committed to the 2.6 kernel by Al Viro which enabled the Sparse source code checking tool to check for a certain class of kernel bugs. A subset of these fixes also applies to various drivers in the 2.4 kernel. Although the majority of these resides in drivers unsupported in Red Hat Enterprise Linux 3, the flaws could lead to privilege escalation or access to kernel memory (CAN-2004-0495).

During an audit of the Linux kernel, SUSE discovered a flaw that allowed a user to make unauthorized changes to the group ID of files in certain circumstances. In the 2.4 kernel, as shipped with Red Hat Enterprise Linux, the only way this could happen is through the kernel NFS server. A user on a system that mounted a remote file system from a vulnerable machine may be able to make unauthorized changes to the group ID of exported files (CAN-2004-0497).

A bug in the e1000 network driver has been addressed. This bug could be used by local users to leak small amounts of kernel memory (CAN-2004-0535).

Inappropriate permissions on /proc/scsi/qla2300/HbaApiNode (CAN-2004-0587).

The following drivers have also been updated:

fusion to 2.05.16 ips to 7.00.15 cciss to 2.4.52 e1000 to v. 5.2.52-k1 e100 to v. 2.3.43-k1

All users are advised to upgrade to these errata packages, which contain backported security patches that correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

113603 - CAN-2004-0003 r128 DRI ipf 125171 - CAN-2004-0535 e1000 kernel memory leak (ia64) 126401 - CAN-2004-0587 Bad permissions on qla* drivers (ipf) 126404 - CAN-2004-0427 do_fork DoS (ipf) 126410 - CAN-2004-0495 Sparse security fixes backported for 2.4 kernel (ipf) 126416 - CAN-2004-0415 file offset pointer signedness issues (ipf) 126718 - CAN-2004-0497 inode_change_ok missing checks allows GID changes (ipf)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2004-327.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10155
 
Oval ID: oval:org.mitre.oval:def:10155
Title: Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
Description: Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0495
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1017
 
Oval ID: oval:org.mitre.oval:def:1017
Title: Red Hat Enterprise 3 Kernel R128 DRI Limits Checking Vulnerability
Description: Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
Family: unix Class: vulnerability
Reference(s): CVE-2004-0003
Version: 2
Platform(s): Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10297
 
Oval ID: oval:org.mitre.oval:def:10297
Title: The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.
Description: The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0427
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11136
 
Oval ID: oval:org.mitre.oval:def:11136
Title: The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
Description: The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0535
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:2819
 
Oval ID: oval:org.mitre.oval:def:2819
Title: Denial of Service Vulnerability in Linux Kernel do_fork Function via CLONE_VM
Description: The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0427
Version: 1
Platform(s): Red Hat Enterprise Linux 3
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:2961
 
Oval ID: oval:org.mitre.oval:def:2961
Title: Multiple Privilege Escalation Vulnerabilities in Linux Kernel
Description: Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0495
Version: 1
Platform(s): Red Hat Enterprise Linux 3
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:834
 
Oval ID: oval:org.mitre.oval:def:834
Title: Red Hat Kernel R128 DRI Limits Checking Vulnerability
Description: Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
Family: unix Class: vulnerability
Reference(s): CVE-2004-0003
Version: 2
Platform(s): Red Hat Linux 9
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9204
 
Oval ID: oval:org.mitre.oval:def:9204
Title: Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
Description: Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
Family: unix Class: vulnerability
Reference(s): CVE-2004-0003
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9398
 
Oval ID: oval:org.mitre.oval:def:9398
Title: Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.
Description: Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0587
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9867
 
Oval ID: oval:org.mitre.oval:def:9867
Title: Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
Description: Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0497
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9965
 
Oval ID: oval:org.mitre.oval:def:9965
Title: Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
Description: Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0415
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 1
Application 2
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Hardware 1
Hardware 2
Hardware 2
Hardware 2
Os 1
Os 3
Os 1
Os 1
Os 2
Os 584
Os 6
Os 2
Os 8
Os 1
Os 9
Os 3

ExploitDB Exploits

id Description
2004-12-24 Linux Kernel 2.6.x chown() Group Ownership Alteration Exploit
2004-08-04 Linux Kernel File Offset Pointer Handling Memory Disclosure Exploit

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200407-02 (Kernel)
File : nvt/glsa_200407_02.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200407-16 (Kernel)
File : nvt/glsa_200407_16.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200408-24 (Kernel)
File : nvt/glsa_200408_24.nasl
2008-01-17 Name : Debian Security Advisory DSA 1067-1 (kernel 2.4.16)
File : nvt/deb_1067_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-...
File : nvt/deb_1070_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1082-1 (kernel-2.4.17)
File : nvt/deb_1082_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 479-1 (kernel)
File : nvt/deb_479_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 479-2 (kernel-image-2.4.18-1-i386)
File : nvt/deb_479_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 480-1 (kernel-image-2.4.17-hppa kernel-image-2.4...
File : nvt/deb_480_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 481-1 (kernel-image-2.4.17-ia64)
File : nvt/deb_481_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 482-1 (kernel)
File : nvt/deb_482_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 489-1 (kernel-source-2.4.17 kernel-patch-2.4.17-...
File : nvt/deb_489_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 491-1 (kernel-source-2.4.19 kernel-patch-2.4.19-...
File : nvt/deb_491_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 495-1 (kernel)
File : nvt/deb_495_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
8302 Linux Kernel File Offset Pointer Handling Memory

The Linux Kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when invalid conversion from 64 bit file offsets to 32 bit file offsets occur, which may disclose kernel memory information resulting in a loss of confidentiality.
7357 Linux Kernel File Group ID Manipulation

The Linux Kernel contain a flaw within the chown system call that may allow a malicious user to gain access to unauthorized privileges. This flaw may lead to a loss of Integrity and/or Availability.
7288 Multiple Linux Vendor HbaApiNode Permission Weakness DoS

7241 Linux Kernel e1000 Driver Memory Disclosure

The e1000 driver in linux Kernel versions 2.4 through 2.4.26 does not properly reset memory or restrict the maximum length of a data structure, which can allow a local user to read portions of kernel memory and potentially corrupt user memory space. This may disclose sensitive information or cause a loss of availability for the system.
7219 Linux Kernel do_fork Memory Leak Information Disclosure

The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an error in the error path of the do_fork function; if an error exists after the allocation of the mm_struct for a child process, the do_fork function fails to free the process. This memory leak will disclose sensitive information, resulting in a loss of confidentiality, and consume system memory, resulting in a loss of availability through resource exhaustion.
7218 Linux Kernel Unspecified Memory Disclosure

3807 Linux Kernel R128 DRI Limits Checking Privilege Escalation

Linux contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is unspecified, but related to "R128 DRI limits checking." This flaw may lead to a loss of confidentiality, integrity and/or availability.

Nessus® Vulnerability Scanner

Date Description
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1069.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1070.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1082.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1067.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-479.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-480.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-481.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-482.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-489.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-491.nasl - Type : ACT_GATHER_INFO
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-495.nasl - Type : ACT_GATHER_INFO
2004-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200407-16.nasl - Type : ACT_GATHER_INFO
2004-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200408-24.nasl - Type : ACT_GATHER_INFO
2004-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200407-02.nasl - Type : ACT_GATHER_INFO
2004-08-27 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2004-087.nasl - Type : ACT_GATHER_INFO
2004-08-10 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-251.nasl - Type : ACT_GATHER_INFO
2004-08-09 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2004_024.nasl - Type : ACT_GATHER_INFO
2004-08-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-418.nasl - Type : ACT_GATHER_INFO
2004-08-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-413.nasl - Type : ACT_GATHER_INFO
2004-07-31 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2004-015.nasl - Type : ACT_GATHER_INFO
2004-07-31 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2004-029.nasl - Type : ACT_GATHER_INFO
2004-07-31 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2004-037.nasl - Type : ACT_GATHER_INFO
2004-07-31 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2004-062.nasl - Type : ACT_GATHER_INFO
2004-07-31 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2004-066.nasl - Type : ACT_GATHER_INFO
2004-07-25 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2004_020.nasl - Type : ACT_GATHER_INFO
2004-07-25 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2004_010.nasl - Type : ACT_GATHER_INFO
2004-07-25 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2004_005.nasl - Type : ACT_GATHER_INFO
2004-07-23 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-063.nasl - Type : ACT_GATHER_INFO
2004-07-23 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-186.nasl - Type : ACT_GATHER_INFO
2004-07-23 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-205.nasl - Type : ACT_GATHER_INFO
2004-07-23 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-206.nasl - Type : ACT_GATHER_INFO
2004-07-23 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-111.nasl - Type : ACT_GATHER_INFO
2004-07-23 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-101.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-354.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-360.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-260.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-255.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-188.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-044.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-05-11 12:22:33
  • Multiple Updates