Executive Summary
Summary | |
---|---|
Title | Updated Itanium kernel packages resolve security issues |
Informations | |||
---|---|---|---|
Name | RHSA-2004:327 | First vendor Publication | 2004-08-18 |
Vendor | RedHat | Last vendor Modification | 2004-08-18 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated Itanium kernel packages that fix a number of security issues are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 3. Problem description: The Linux kernel handles the basic functions of the operating system. This kernel updates several important drivers and fixes a number of bugs including potential security vulnerabilities. Paul Starzetz discovered flaws in the Linux kernel when handling file offset pointers. These consist of invalid conversions of 64 to 32-bit file offset pointers and possible race conditions. A local unprivileged user could make use of these flaws to access large portions of kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0415 to this issue. A flaw was discovered in an error path supporting the clone() system call that allowed local users to cause a denial of service (memory leak) by passing invalid arguments to clone() running in an infinite loop of a user's program (CAN-2004-0427). Enhancements were committed to the 2.6 kernel by Al Viro which enabled the Sparse source code checking tool to check for a certain class of kernel bugs. A subset of these fixes also applies to various drivers in the 2.4 kernel. Although the majority of these resides in drivers unsupported in Red Hat Enterprise Linux 3, the flaws could lead to privilege escalation or access to kernel memory (CAN-2004-0495). During an audit of the Linux kernel, SUSE discovered a flaw that allowed a user to make unauthorized changes to the group ID of files in certain circumstances. In the 2.4 kernel, as shipped with Red Hat Enterprise Linux, the only way this could happen is through the kernel NFS server. A user on a system that mounted a remote file system from a vulnerable machine may be able to make unauthorized changes to the group ID of exported files (CAN-2004-0497). A bug in the e1000 network driver has been addressed. This bug could be used by local users to leak small amounts of kernel memory (CAN-2004-0535). Inappropriate permissions on /proc/scsi/qla2300/HbaApiNode (CAN-2004-0587). The following drivers have also been updated: fusion to 2.05.16 ips to 7.00.15 cciss to 2.4.52 e1000 to v. 5.2.52-k1 e100 to v. 2.3.43-k1 All users are advised to upgrade to these errata packages, which contain backported security patches that correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 113603 - CAN-2004-0003 r128 DRI ipf 125171 - CAN-2004-0535 e1000 kernel memory leak (ia64) 126401 - CAN-2004-0587 Bad permissions on qla* drivers (ipf) 126404 - CAN-2004-0427 do_fork DoS (ipf) 126410 - CAN-2004-0495 Sparse security fixes backported for 2.4 kernel (ipf) 126416 - CAN-2004-0415 file offset pointer signedness issues (ipf) 126718 - CAN-2004-0497 inode_change_ok missing checks allows GID changes (ipf) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2004-327.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10155 | |||
Oval ID: | oval:org.mitre.oval:def:10155 | ||
Title: | Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. | ||
Description: | Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0495 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1017 | |||
Oval ID: | oval:org.mitre.oval:def:1017 | ||
Title: | Red Hat Enterprise 3 Kernel R128 DRI Limits Checking Vulnerability | ||
Description: | Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0003 | Version: | 2 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:10297 | |||
Oval ID: | oval:org.mitre.oval:def:10297 | ||
Title: | The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call. | ||
Description: | The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0427 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11136 | |||
Oval ID: | oval:org.mitre.oval:def:11136 | ||
Title: | The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. | ||
Description: | The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0535 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2819 | |||
Oval ID: | oval:org.mitre.oval:def:2819 | ||
Title: | Denial of Service Vulnerability in Linux Kernel do_fork Function via CLONE_VM | ||
Description: | The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0427 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | Linux kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2961 | |||
Oval ID: | oval:org.mitre.oval:def:2961 | ||
Title: | Multiple Privilege Escalation Vulnerabilities in Linux Kernel | ||
Description: | Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0495 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | Linux kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:834 | |||
Oval ID: | oval:org.mitre.oval:def:834 | ||
Title: | Red Hat Kernel R128 DRI Limits Checking Vulnerability | ||
Description: | Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0003 | Version: | 2 |
Platform(s): | Red Hat Linux 9 | Product(s): | Linux kernel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9204 | |||
Oval ID: | oval:org.mitre.oval:def:9204 | ||
Title: | Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." | ||
Description: | Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0003 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9867 | |||
Oval ID: | oval:org.mitre.oval:def:9867 | ||
Title: | Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. | ||
Description: | Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0497 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9965 | |||
Oval ID: | oval:org.mitre.oval:def:9965 | ||
Title: | Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory. | ||
Description: | Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0415 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2004-12-24 | Linux Kernel 2.6.x chown() Group Ownership Alteration Exploit |
2004-08-04 | Linux Kernel File Offset Pointer Handling Memory Disclosure Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-02 (Kernel) File : nvt/glsa_200407_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-16 (Kernel) File : nvt/glsa_200407_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200408-24 (Kernel) File : nvt/glsa_200408_24.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1067-1 (kernel 2.4.16) File : nvt/deb_1067_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-... File : nvt/deb_1070_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1082-1 (kernel-2.4.17) File : nvt/deb_1082_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 479-1 (kernel) File : nvt/deb_479_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 479-2 (kernel-image-2.4.18-1-i386) File : nvt/deb_479_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 480-1 (kernel-image-2.4.17-hppa kernel-image-2.4... File : nvt/deb_480_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 481-1 (kernel-image-2.4.17-ia64) File : nvt/deb_481_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 482-1 (kernel) File : nvt/deb_482_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 489-1 (kernel-source-2.4.17 kernel-patch-2.4.17-... File : nvt/deb_489_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 491-1 (kernel-source-2.4.19 kernel-patch-2.4.19-... File : nvt/deb_491_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 495-1 (kernel) File : nvt/deb_495_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
8302 | Linux Kernel File Offset Pointer Handling Memory The Linux Kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when invalid conversion from 64 bit file offsets to 32 bit file offsets occur, which may disclose kernel memory information resulting in a loss of confidentiality. |
7357 | Linux Kernel File Group ID Manipulation The Linux Kernel contain a flaw within the chown system call that may allow a malicious user to gain access to unauthorized privileges. This flaw may lead to a loss of Integrity and/or Availability. |
7288 | Multiple Linux Vendor HbaApiNode Permission Weakness DoS |
7241 | Linux Kernel e1000 Driver Memory Disclosure The e1000 driver in linux Kernel versions 2.4 through 2.4.26 does not properly reset memory or restrict the maximum length of a data structure, which can allow a local user to read portions of kernel memory and potentially corrupt user memory space. This may disclose sensitive information or cause a loss of availability for the system. |
7219 | Linux Kernel do_fork Memory Leak Information Disclosure The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an error in the error path of the do_fork function; if an error exists after the allocation of the mm_struct for a child process, the do_fork function fails to free the process. This memory leak will disclose sensitive information, resulting in a loss of confidentiality, and consume system memory, resulting in a loss of availability through resource exhaustion. |
7218 | Linux Kernel Unspecified Memory Disclosure |
3807 | Linux Kernel R128 DRI Limits Checking Privilege Escalation Linux contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is unspecified, but related to "R128 DRI limits checking." This flaw may lead to a loss of confidentiality, integrity and/or availability. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1069.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1070.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1082.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1067.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-479.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-480.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-481.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-482.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-489.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-491.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-495.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200407-16.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200408-24.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200407-02.nasl - Type : ACT_GATHER_INFO |
2004-08-27 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-087.nasl - Type : ACT_GATHER_INFO |
2004-08-10 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-251.nasl - Type : ACT_GATHER_INFO |
2004-08-09 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_024.nasl - Type : ACT_GATHER_INFO |
2004-08-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-418.nasl - Type : ACT_GATHER_INFO |
2004-08-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-413.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-015.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-029.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-037.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-062.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-066.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_020.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_010.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_005.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-063.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-186.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-205.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-206.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-111.nasl - Type : ACT_GATHER_INFO |
2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-101.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-354.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-360.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-260.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-255.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-188.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-044.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 12:22:33 |
|