Executive Summary
Summary | |
---|---|
Title | Updated kernel packages fix security vulnerabilities |
Informations | |||
---|---|---|---|
Name | RHSA-2004:549 | First vendor Publication | 2004-12-02 |
Vendor | RedHat | Last vendor Modification | 2004-12-02 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64 Red Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64 Red Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. This update includes fixes for several security issues: A missing serialization flaw in unix_dgram_recvmsg was discovered that affects kernels prior to 2.4.28. A local user could potentially make use of a race condition in order to gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1068 to this issue. Paul Starzetz of iSEC discovered various flaws in the ELF binary loader affecting kernels prior to 2.4.28. A local user could use thse flaws to gain read access to executable-only binaries or possibly gain privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073) A flaw when setting up TSS limits was discovered that affects AMD AMD64 and Intel EM64T architecture kernels prior to 2.4.23. A local user could use this flaw to cause a denial of service (crash) or possibly gain privileges. (CAN-2004-0812) An integer overflow flaw was discovered in the ubsec_keysetup function in the Broadcom 5820 cryptonet driver. On systems using this driver, a local user could cause a denial of service (crash) or possibly gain elevated privileges. (CAN-2004-0619) Stefan Esser discovered various flaws including buffer overflows in the smbfs driver affecting kernels prior to 2.4.28. A local user may be able to cause a denial of service (crash) or possibly gain privileges. In order to exploit these flaws the user would require control of a connected Samba server. (CAN-2004-0883, CAN-2004-0949) SGI discovered a bug in the elf loader that affects kernels prior to 2.4.25 which could be triggered by a malformed binary. On architectures other than x86, a local user could create a malicious binary which could cause a denial of service (crash). (CAN-2004-0136) Conectiva discovered flaws in certain USB drivers affecting kernels prior to 2.4.27 which used the copy_to_user function on uninitialized structures. These flaws could allow local users to read small amounts of kernel memory. (CAN-2004-0685) All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 127258 - CAN-2004-0619 Broadcom 5820 integer overflow 127915 - CAN-2004-0136 Verify interpreter arch 127918 - CAN-2004-0685 usb sparse fixes in 2.4 133003 - CAN-2004-0812 User application with "out" instruction can crash the system 134720 - CAN-2004-0883 smbfs potential DOS (CAN-2004-0949) 134874 - CAN-2004-1070 binfmt_elf loader vulnerabilities (CAN-2004-1071 CAN-2004-1072 CAN-2004-1073) 134981 - CAN-2004-0136 Program crashes the kernel 140710 - CAN-2004-1068 Missing serialisation in unix_dgram_recvmsg |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2004-549.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10123 | |||
Oval ID: | oval:org.mitre.oval:def:10123 | ||
Title: | The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted ELF file with an interpreter with an invalid arch (architecture), which triggers a BUG() when an invalid VMA is unmapped. | ||
Description: | The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted ELF file with an interpreter with an invalid arch (architecture), which triggers a BUG() when an invalid VMA is unmapped. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0138 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10330 | |||
Oval ID: | oval:org.mitre.oval:def:10330 | ||
Title: | Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function. | ||
Description: | Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0883 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10360 | |||
Oval ID: | oval:org.mitre.oval:def:10360 | ||
Title: | The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times. | ||
Description: | The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0949 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10665 | |||
Oval ID: | oval:org.mitre.oval:def:10665 | ||
Title: | Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage. | ||
Description: | Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0685 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11195 | |||
Oval ID: | oval:org.mitre.oval:def:11195 | ||
Title: | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code. | ||
Description: | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-1072 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11375 | |||
Oval ID: | oval:org.mitre.oval:def:11375 | ||
Title: | Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code. | ||
Description: | Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0812 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11384 | |||
Oval ID: | oval:org.mitre.oval:def:11384 | ||
Title: | A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition. | ||
Description: | A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-1068 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11503 | |||
Oval ID: | oval:org.mitre.oval:def:11503 | ||
Title: | The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. | ||
Description: | The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-1073 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18892 | |||
Oval ID: | oval:org.mitre.oval:def:18892 | ||
Title: | DSA-1286-1 linux-2.6 | ||
Description: | Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1286-1 CVE-2007-0005 CVE-2007-0958 CVE-2007-1357 CVE-2007-1592 CVE-2004-1073 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9450 | |||
Oval ID: | oval:org.mitre.oval:def:9450 | ||
Title: | The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. | ||
Description: | The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-1070 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9773 | |||
Oval ID: | oval:org.mitre.oval:def:9773 | ||
Title: | Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow. | ||
Description: | Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0619 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9917 | |||
Oval ID: | oval:org.mitre.oval:def:9917 | ||
Title: | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code. | ||
Description: | The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-1071 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5010817.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5019053.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:060 (kernel) File : nvt/gb_mandriva_MDKSA_2007_060.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDKSA-2007:078 (kernel) File : nvt/gb_mandriva_MDKSA_2007_078.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200408-24 (Kernel) File : nvt/glsa_200408_24.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1067-1 (kernel 2.4.16) File : nvt/deb_1067_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-... File : nvt/deb_1070_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1082-1 (kernel-2.4.17) File : nvt/deb_1082_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1286-1 (linux-2.6) File : nvt/deb_1286_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1304-1 (kernel-source-2.6.8) File : nvt/deb_1304_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
45183 | Linux Kernel ELF Loader VMA Unmapping Local DoS |
12272 | Linux Kernel AMD/EM64T TSS Limit DoS |
11996 | Linux Kernel unix_dgram_recvmsg() Local Privilege Escalation |
11985 | Linux Kernel smb Filesystem smb_receive_trans2 Arbitrary Memory Disclosure |
11984 | Linux Kernel smb Filesystem smb_proc_readX_data DoS |
11983 | Linux Kernel smb Filesystem smb_receive_trans2 Overflow |
11982 | Linux Kernel smb Filesystem smb_proc_readX Arbitrary Memory Disclosure |
11981 | Linux Kernel smb Filesystem smb_proc_read(X) Overflow |
11600 | Linux Kernel ELF Binary Loader open_exec() Binary Read Permission Error |
11599 | Linux Kernel ELF Binary Loader Interpreter Name String Parsing Issue |
11598 | Linux Kernel ELF Binary Loader mmap() Failure Handling Issue The ELF binary loader in the Linux kernel contains a flaw that may allow a malicious user to manipulate the system into loading a binary into memory incorrectly. The issue is triggered when the mmap() function fails. It is possible that the flaw may allow the attacker to supply an arbitrary memory layout for the binary, resulting in a loss of integrity. |
11597 | Linux Kernel ELF Binary Loader Bad Return Value Issue The ELF binary loader in the Linux kernel contains a flaw that may allow a malicious user to manipulate the system into returning a smaller value than requested when filling kernel buffers. The issue is triggered when the kernel_read() function returns a positive but smaller value than requested. It is possible that the flaw may allow the attacker to supply an arbitrary memory layout for the binary, resulting in a loss of integrity. |
9273 | Linux Kernel USB Structure Kernel Memory Disclosure |
7249 | Red Hat Linux Broadcom 5820 Cryptonet Driver Overflow A local overflow exists in the Broadcom 5820 Cryptonet driver. The driver uses an arbitrary value for the size of a buffer resulting in an integer overflow. With a specially crafted request, an attacker can cause system instability or, in some circumstances, arbitrary code execution resulting in a loss of availability or integrity. The Broadcom 5820 Cryptonet driver is not included in the official Linux kernel source tree. |
7123 | IRIX mapelf32exec Function Local DoS IRIX contains a flaw that may allow a local denial of service. The issue is triggered when a mapelf32exec() call is made on a malicious binary, and will result in loss of availability for the platform. |
7122 | IRIX syssgi Privilege Escalation IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local attacker reads and writes kernel memory via "SGI_IOPROBE" requests in the "syssgi()" system call. This flaw may allow a local attacker to gain root privileges, resulting in a loss of confidentiality and integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | SMB client TRANS response ring0 remote code execution attempt RuleID : 16531 - Revision : 11 - Type : NETBIOS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-06-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1304.nasl - Type : ACT_GATHER_INFO |
2007-05-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1286.nasl - Type : ACT_GATHER_INFO |
2007-04-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-078.nasl - Type : ACT_GATHER_INFO |
2007-03-12 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-060.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1067.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1070.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1082.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1069.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-293.nasl - Type : ACT_GATHER_INFO |
2006-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0191.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-60-0.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-38-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-30-1.nasl - Type : ACT_GATHER_INFO |
2005-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-283.nasl - Type : ACT_GATHER_INFO |
2005-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-293.nasl - Type : ACT_GATHER_INFO |
2005-02-03 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_044.nasl - Type : ACT_GATHER_INFO |
2005-01-26 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-022.nasl - Type : ACT_GATHER_INFO |
2005-01-04 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-582.nasl - Type : ACT_GATHER_INFO |
2005-01-04 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-581.nasl - Type : ACT_GATHER_INFO |
2004-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-505.nasl - Type : ACT_GATHER_INFO |
2004-12-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-537.nasl - Type : ACT_GATHER_INFO |
2004-12-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-549.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200408-24.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:48:43 |
|
2013-05-11 12:22:39 |
|