English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 94899 Descripciones CVE y
51984 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.53167
Categoría:Debian Local Security Checks
Título:Debian Security Advisory DSA 470-1 (kernel-image-2.4.17-hppa)
Resumen:Debian Security Advisory DSA 470-1 (kernel-image-2.4.17-hppa)
Descripción:Description:
The remote host is missing an update to kernel-image-2.4.17-hppa
announced via advisory DSA 470-1.

Several local root exploits have been discovered recently in the Linux
kernel. This security advisory updates the mips kernel 2.4.19 for
Debian GNU/Linux. The Common Vulnerabilities and Exposures project
identifies the following problems that are fixed with this update:

CVE-2003-0961:

An integer overflow in brk() system call (do_brk() function) for
Linux allows a local attacker to gain root privileges. Fixed
upstream in Linux 2.4.23.

CVE-2003-0985:

Paul Starzetz discovered a flaw in bounds checking in mremap() in
the Linux kernel (present in version 2.4.x and 2.6.x) which may
allow a local attacker to gain root privileges. Version 2.2 is not
affected by this bug. Fixed upstream in Linux 2.4.24.

CVE-2004-0077:

Paul Starzetz and Wojciech Purczynski of isec.pl discovered a
critical security vulnerability in the memory management code of
Linux inside the mremap(2) system call. Due to missing function
return value check of internal functions a local attacker can gain
root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.

For the stable distribution (woody) these problems have been fixed in
version 32.3 of kernel-image-2.4.17-hppa.

For the unstable distribution (sid) these problems have been fixed in
version 2.4.25-1 of kernel-image-2.4.25-hppa.

We recommend that you upgrade your Linux kernel packages immediately.


Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20470-1

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0961
Bugtraq: 20031204 [iSEC] Linux kernel do_brk() vulnerability details (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107064798706473&w=2
http://isec.pl/papers/linux_kernel_do_brk.pdf
http://www.redhat.com/support/errata/RHSA-2003-368.html
http://www.redhat.com/support/errata/RHSA-2003-389.html
Debian Security Information: DSA-403 (Google Search)
http://www.debian.org/security/2003/dsa-403
Debian Security Information: DSA-417 (Google Search)
http://www.debian.org/security/2004/dsa-417
Debian Security Information: DSA-423 (Google Search)
http://www.debian.org/security/2004/dsa-423
Debian Security Information: DSA-433 (Google Search)
http://www.debian.org/security/2004/dsa-433
Debian Security Information: DSA-439 (Google Search)
http://www.debian.org/security/2004/dsa-439
Debian Security Information: DSA-440 (Google Search)
http://www.debian.org/security/2004/dsa-440
Debian Security Information: DSA-442 (Google Search)
http://www.debian.org/security/2004/dsa-442
Debian Security Information: DSA-450 (Google Search)
http://www.debian.org/security/2004/dsa-450
Debian Security Information: DSA-470 (Google Search)
http://www.debian.org/security/2004/dsa-470
Debian Security Information: DSA-475 (Google Search)
http://www.debian.org/security/2004/dsa-475
http://www.mandriva.com/security/advisories?name=MDKSA-2003:110
Conectiva Linux advisory: CLA-2003:796
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796
SuSE Security Announcement: SuSE-SA:2003:049 (Google Search)
http://www.novell.com/linux/security/advisories/2003_049_kernel.html
Bugtraq: 20031204 Hot fix for do_brk bug (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107064830206816&w=2
Bugtraq: 20040112 SmoothWall Project Security Advisory SWP-2004:001 (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107394143105081&w=2
CERT/CC vulnerability note: VU#301156
http://www.kb.cert.org/vuls/id/301156
http://secunia.com/advisories/10328
http://secunia.com/advisories/10329
http://secunia.com/advisories/10330
http://secunia.com/advisories/10333
http://secunia.com/advisories/10338
Common Vulnerability Exposure (CVE) ID: CVE-2003-0985
Bugtraq: 20040105 Linux kernel mremap vulnerability (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107332782121916&w=2
http://isec.pl/vulnerabilities/isec-0013-mremap.txt
Bugtraq: 20040105 Linux kernel do_mremap() proof-of-concept exploit code (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107340358402129&w=2
Bugtraq: 20040106 Linux mremap bug correction (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107340814409017&w=2
Debian Security Information: DSA-1070 (Google Search)
http://www.debian.org/security/2006/dsa-1070
Debian Security Information: DSA-1067 (Google Search)
http://www.debian.org/security/2006/dsa-1067
Debian Security Information: DSA-1069 (Google Search)
http://www.debian.org/security/2006/dsa-1069
Debian Security Information: DSA-1082 (Google Search)
http://www.debian.org/security/2006/dsa-1082
Debian Security Information: DSA-413 (Google Search)
http://www.debian.org/security/2004/dsa-413
Debian Security Information: DSA-427 (Google Search)
http://www.debian.org/security/2004/dsa-427
SuSE Security Announcement: SuSE-SA:2004:001 (Google Search)
SuSE Security Announcement: SuSE-SA:2004:003 (Google Search)
http://www.novell.com/linux/security/advisories/2004_03_linux_kernel.html
Conectiva Linux advisory: CLA-2004:799
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
En Garde Linux Advisory: ESA-20040105-001
http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
http://www.redhat.com/support/errata/RHSA-2003-416.html
http://www.redhat.com/support/errata/RHSA-2003-417.html
http://www.redhat.com/support/errata/RHSA-2003-418.html
http://www.redhat.com/support/errata/RHSA-2003-419.html
Immunix Linux Advisory: IMNX-2004-73-001-01
http://download.immunix.org/ImmunixOS/7.3/updates/IMNX-2004-73-001-01
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001
SGI Security Advisory: 20040102-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U
http://marc.theaimsgroup.com/?l=bugtraq&m=107332754521495&w=2
Bugtraq: 20040107 [slackware-security] Kernel security update (SSA:2004-006-01) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107350348418373&w=2
Bugtraq: 20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01) (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2004-01/0070.html
CERT/CC vulnerability note: VU#490620
http://www.kb.cert.org/vuls/id/490620
Computer Incident Advisory Center Bulletin: O-045
http://www.ciac.org/ciac/bulletins/o-045.shtml
BugTraq ID: 9356
http://www.securityfocus.com/bid/9356
http://www.osvdb.org/3315
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:860
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:867
http://secunia.com/advisories/10532
http://secunia.com/advisories/20163
http://secunia.com/advisories/20202
http://secunia.com/advisories/20338
XForce ISS Database: linux-domremap-gain-privileges(14135)
http://xforce.iss.net/xforce/xfdb/14135
Common Vulnerability Exposure (CVE) ID: CVE-2004-0077
Bugtraq: 20040218 Second critical mremap() bug found in all Linux kernels (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107711762014175&w=2
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html
http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
Conectiva Linux advisory: CLA-2004:820
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
Debian Security Information: DSA-438 (Google Search)
http://www.debian.org/security/2004/dsa-438
Debian Security Information: DSA-441 (Google Search)
http://www.debian.org/security/2004/dsa-441
Debian Security Information: DSA-444 (Google Search)
http://www.debian.org/security/2004/dsa-444
Debian Security Information: DSA-453 (Google Search)
http://www.debian.org/security/2004/dsa-453
Debian Security Information: DSA-454 (Google Search)
http://www.debian.org/security/2004/dsa-454
Debian Security Information: DSA-456 (Google Search)
http://www.debian.org/security/2004/dsa-456
Debian Security Information: DSA-466 (Google Search)
http://www.debian.org/security/2004/dsa-466
Debian Security Information: DSA-514 (Google Search)
http://www.debian.org/security/2004/dsa-514
http://fedoranews.org/updates/FEDORA-2004-079.shtml
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015
http://www.redhat.com/support/errata/RHSA-2004-065.html
http://www.redhat.com/support/errata/RHSA-2004-066.html
http://www.redhat.com/support/errata/RHSA-2004-069.html
http://www.redhat.com/support/errata/RHSA-2004-106.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734
SuSE Security Announcement: SuSE-SA:2004:005 (Google Search)
http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
http://marc.theaimsgroup.com/?l=bugtraq&m=107712137732553&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=107755871932680&w=2
TurboLinux Advisory: TLSA-2004-7
http://security.gentoo.org/glsa/glsa-200403-02.xml
CERT/CC vulnerability note: VU#981222
http://www.kb.cert.org/vuls/id/981222
Computer Incident Advisory Center Bulletin: O-082
http://www.ciac.org/ciac/bulletins/o-082.shtml
BugTraq ID: 9686
http://www.securityfocus.com/bid/9686
http://www.osvdb.org/3986
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:825
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:837
XForce ISS Database: linux-mremap-gain-privileges(15244)
http://xforce.iss.net/xforce/xfdb/15244
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 51984 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2016 E-Soft Inc. Todos los derechos reservados.