ID de Prueba:	1.3.6.1.4.1.25623.1.0.50548
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:066 (kernel)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to kernel announced via advisory MDKSA-2004:066. A number of vulnerabilities were discovered in the Linux kernel that are corrected with this update: Multiple vulnerabilities were found by the Sparse source checker that could allow local users to elevate privileges or gain access to kernel memory (CVE-2004-0495). Missing Discretionary Access Controls (DAC) checks in the chown(2) system call could allow an attacker with a local account to change the group ownership of arbitrary files, which could lead to root privileges on affected systems (CVE-2004-0497). An information leak vulnerability that affects only ia64 systems was fixed (CVE-2004-0565). Insecure permissions on /proc/scsi/qla2300/HbaApiNode could allow a local user to cause a DoS on the system this only affects Mandrakelinux 9.2 and below (CVE-2004-0587). A vulnerability that could crash the kernel has also been fixed. This crash, however, can only be exploited via root (in br_if.c). The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandrakesoft.com/security/kernelupdate Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0587 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0495 BugTraq ID: 10566 http://www.securityfocus.com/bid/10566 Conectiva Linux advisory: CLA-2004:845 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845 Conectiva Linux advisory: CLA-2004:846 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846 http://lwn.net/Articles/91155/ http://security.gentoo.org/glsa/glsa-200407-02.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2961 http://www.redhat.com/support/errata/RHSA-2004-255.html http://www.redhat.com/support/errata/RHSA-2004-260.html SuSE Security Announcement: SUSE-SA:2004:020 (Google Search) http://www.novell.com/linux/security/advisories/2004_20_kernel.html XForce ISS Database: linux-drivers-gain-privileges(16449) https://exchange.xforce.ibmcloud.com/vulnerabilities/16449 Common Vulnerability Exposure (CVE) ID: CVE-2004-0497 Conectiva Linux advisory: CLA-2004:852 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9867 http://www.redhat.com/support/errata/RHSA-2004-354.html http://www.redhat.com/support/errata/RHSA-2004-360.html XForce ISS Database: linux-fchown-groupid-modify(16599) https://exchange.xforce.ibmcloud.com/vulnerabilities/16599 Common Vulnerability Exposure (CVE) ID: CVE-2004-0565 BugTraq ID: 10687 http://www.securityfocus.com/bid/10687 Debian Security Information: DSA-1067 (Google Search) http://www.debian.org/security/2006/dsa-1067 Debian Security Information: DSA-1069 (Google Search) http://www.debian.org/security/2006/dsa-1069 Debian Security Information: DSA-1070 (Google Search) http://www.debian.org/security/2006/dsa-1070 Debian Security Information: DSA-1082 (Google Search) http://www.debian.org/security/2006/dsa-1082 http://www.mandriva.com/security/advisories?name=MDKSA-2004:066 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124734 http://archives.neohapsis.com/archives/linux/owl/2004-q2/0038.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10714 http://www.redhat.com/support/errata/RHSA-2004-504.html http://secunia.com/advisories/20162 http://secunia.com/advisories/20163 http://secunia.com/advisories/20202 http://secunia.com/advisories/20338 XForce ISS Database: linux-ia64-info-disclosure(16644) https://exchange.xforce.ibmcloud.com/vulnerabilities/16644 Common Vulnerability Exposure (CVE) ID: CVE-2004-0587 BugTraq ID: 10279 http://www.securityfocus.com/bid/10279 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9398 http://www.redhat.com/support/errata/RHSA-2004-413.html http://www.redhat.com/support/errata/RHSA-2004-418.html http://securitytracker.com/id?1010057 SGI Security Advisory: 20040804-01-U ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc SuSE Security Announcement: SuSE-SA:2004:010 (Google Search) http://www.novell.com/linux/security/advisories/2004_10_kernel.html XForce ISS Database: suse-hbaapinode-dos(16062) https://exchange.xforce.ibmcloud.com/vulnerabilities/16062
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.