Executive Summary

Summary
Title Updated kernel packages fix security vulnerabilities
Informations
Name RHSA-2004:689 First vendor Publication 2004-12-23
Vendor RedHat Last vendor Modification 2004-12-23
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64 Red Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64 Red Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This advisory includes fixes for several security issues:

Petr Vandrovec discovered a flaw in the 32bit emulation code affecting the Linux 2.4 kernel on the AMD64 architecture. A local attacker could use this flaw to gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1144 to this issue.

ISEC security research discovered multiple vulnerabilities in the IGMP functionality which was backported in the Red Hat Enterprise Linux 3 kernels. These flaws could allow a local user to cause a denial of service (crash) or potentially gain privileges. Where multicast applications are being used on a system, these flaws may also allow remote users to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1137 to this issue.

ISEC security research and Georgi Guninski independantly discovered a flaw in the scm_send function in the auxiliary message layer. A local user could create a carefully crafted auxiliary message which could cause a denial of service (system hang). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1016 to this issue.

A floating point information leak was discovered in the ia64 architecture context switch code. A local user could use this flaw to read register values of other processes by setting the MFH bit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0565 to this issue.

Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to 2.4.2

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2004-689.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10439
 
Oval ID: oval:org.mitre.oval:def:10439
Title: Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges.
Description: Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2004-1144
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10608
 
Oval ID: oval:org.mitre.oval:def:10608
Title: load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.
Description: load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.
Family: unix Class: vulnerability
Reference(s): CVE-2004-1234
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10714
 
Oval ID: oval:org.mitre.oval:def:10714
Title: Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
Description: Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
Family: unix Class: vulnerability
Reference(s): CVE-2004-0565
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11144
 
Oval ID: oval:org.mitre.oval:def:11144
Title: Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
Description: Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
Family: unix Class: vulnerability
Reference(s): CVE-2004-1137
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11816
 
Oval ID: oval:org.mitre.oval:def:11816
Title: The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.
Description: The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.
Family: unix Class: vulnerability
Reference(s): CVE-2004-1016
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9786
 
Oval ID: oval:org.mitre.oval:def:9786
Title: Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors.
Description: Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2004-1017
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Os 1
Os 413
Os 3
Os 1
Os 3
Os 2

ExploitDB Exploits

id Description
2005-04-11 KDE KMail 1.7.1 HTML EMail Remote Email Content Spoofing Vulnerability

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5019053.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200407-16 (Kernel)
File : nvt/glsa_200407_16.nasl
2008-01-17 Name : Debian Security Advisory DSA 1017-1 (kernel-source-2.6.8)
File : nvt/deb_1017_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1067-1 (kernel 2.4.16)
File : nvt/deb_1067_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-...
File : nvt/deb_1070_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1082-1 (kernel-2.4.17)
File : nvt/deb_1082_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
12590 Linux Kernel AMD64 32bit Emulation Code Privilege Escalation

Linux Kernel contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker exploits a boundary condition which exists in the handling of 32bit system call emulation on AM64 and/or Intel EM64T systems occurs. This flaw may lead to a loss of integrity.
12589 Linux Kernel load_elf_binary DoS

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered due to an undisclosed error within the memory management handling of ELF executed in "load_elf_binary." An attacker can create and load a specially crafted ELF binary which will result in loss of availability for the system.
12527 Linux Kernel scm_send() Function Local DoS
12388 Linux Kernel IGMP igmp_marksources() Function Remote DoS
12387 Linux Kernel IGMP ip_mc_msfget / ip_mc_gsfget Function Arbitrary Memory Read
12386 Linux Kernel IGMP ip_mc_source() Function Arbitrary Memory Overwrite
12349 Linux Kernel io_edgeport Driver Local Overflow

A local overflow exists in the edge_startup() function of the io_edgeport driver. The edge_startup() fails to check boundaries resulting in an overflow. With a USB dongle, an attacker can cause the kernel to crash or may be able to gain elevated privileges resulting in a loss of integrity and availability.
7585 Linux Kernel MFH Bit Information Disclosure

The ia64 Linux Kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a floating point leak occurs, which will disclose the registers of other process information resulting in a loss of confidentiality.

Nessus® Vulnerability Scanner

Date Description
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1067.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1069.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1070.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1082.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1017.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-47-1.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-38-1.nasl - Type : ACT_GATHER_INFO
2005-02-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-092.nasl - Type : ACT_GATHER_INFO
2005-02-03 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2004_044.nasl - Type : ACT_GATHER_INFO
2005-01-26 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2005-022.nasl - Type : ACT_GATHER_INFO
2005-01-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-016.nasl - Type : ACT_GATHER_INFO
2005-01-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-043.nasl - Type : ACT_GATHER_INFO
2005-01-04 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-582.nasl - Type : ACT_GATHER_INFO
2005-01-04 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-581.nasl - Type : ACT_GATHER_INFO
2004-12-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2004-689.nasl - Type : ACT_GATHER_INFO
2004-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200407-16.nasl - Type : ACT_GATHER_INFO
2004-07-31 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2004-066.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:48:50
  • Multiple Updates
2013-05-11 12:22:43
  • Multiple Updates