English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 92797 CVE descriptions
and 51507 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.53625
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 336-1 (kernel-source-2.2.20, kernel-image-2.2.20-i386)
Summary:Debian Security Advisory DSA 336-1 (kernel-source-2.2.20, kernel-image-2.2.20-i386)
Description:Description:
The remote host is missing an update to kernel-source-2.2.20, kernel-image-2.2.20-i386
announced via advisory DSA 336-1.

A number of vulnerabilities have been discovered in the Linux kernel.

- - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for
Linux kernels 2.4.18 and earlier on x86 systems allow local users to
kill arbitrary processes via a a binary compatibility interface
(lcall)

- - CVE-2003-0001: Multiple ethernet Network Interface Card (NIC) device
drivers do not pad frames with null bytes, which allows remote
attackers to obtain information from previous packets or kernel
memory by using malformed packets

- - CVE-2003-0127: The kernel module loader allows local users to gain
root privileges by using ptrace to attach to a child process that is
spawned by the kernel

- - CVE-2003-0244: The route cache implementation in Linux 2.4, and the
Netfilter IP conntrack module, allows remote attackers to cause a
denial of service (CPU consumption) via packets with forged source
addresses that cause a large number of hash table collisions related
to the PREROUTING chain

- - CVE-2003-0246: The ioperm system call in Linux kernel 2.4.20 and
earlier does not properly restrict privileges, which allows local
users to gain read or write access to certain I/O ports.

- - CVE-2003-0247: vulnerability in the TTY layer of the Linux kernel
2.4 allows attackers to cause a denial of service ('kernel oops')

- - CVE-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers
to modify CPU state registers via a malformed address.

- - CVE-2003-0364: The TCP/IP fragment reassembly handling in the Linux
kernel 2.4 allows remote attackers to cause a denial of service (CPU
consumption) via certain packets that cause a large number of hash
table collisions

This advisory provides updated 2.2.20 kernel source, and binary kernel
images for the i386 architecture. Other architectures and kernel
versions will be covered by separate advisories.

For the stable distribution (woody) on the powerpc architecture, these
problems have been fixed in kernel-source-2.2.20 version
2.2.20-5woody2 and kernel-image-i386 version 2.2.20-5woody3.

For the unstable distribution (sid) these problems are fixed in
kernel-source-2.2.25 and kernel-image-2.2.25-i386 version 2.2.25-2.

We recommend that you update your kernel packages.

NOTE: A system reboot will be required immediately after the upgrade
in order to replace the running kernel. Remember to read carefully
and follow the instructions given during the kernel upgrade process.

NOTE: These kernels are not binary-compatible with the previous
version. Any loadable modules will need to be recompiled in order to
work with the new kernel.



Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20336-1

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2002-0429
Bugtraq: 20020308 linux <=2.4.18 x86 traps.c problem (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=101561298818888&w=2
Debian Security Information: DSA-311 (Google Search)
http://www.debian.org/security/2003/dsa-311
Debian Security Information: DSA-312 (Google Search)
http://www.debian.org/security/2003/dsa-312
Debian Security Information: DSA-332 (Google Search)
http://www.debian.org/security/2003/dsa-332
Debian Security Information: DSA-336 (Google Search)
http://www.debian.org/security/2003/dsa-336
Debian Security Information: DSA-442 (Google Search)
http://www.debian.org/security/2004/dsa-442
http://www.redhat.com/support/errata/RHSA-2002-158.html
BugTraq ID: 4259
http://www.securityfocus.com/bid/4259
http://www.iss.net/security_center/static/8420.php
Common Vulnerability Exposure (CVE) ID: CVE-2003-0001
@stake Security Advisory: A010603-1
http://www.atstake.com/research/advisories/2003/a010603-1.txt
Bugtraq: 20030110 More information regarding Etherleak (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2
Bugtraq: 20030106 Etherleak: Ethernet frame padding information leakage (A010603-1) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/305335/30/26420/threaded
Bugtraq: 20030117 Re: More information regarding Etherleak (Google Search)
http://www.securityfocus.com/archive/1/archive/1/307564/30/26270/threaded
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
RedHat Security Advisories: RHSA-2003:088
CERT/CC vulnerability note: VU#412115
http://www.kb.cert.org/vuls/id/412115
http://www.redhat.com/support/errata/RHSA-2003-025.html
http://www.osvdb.org/9962
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2665
http://secunia.com/advisories/7996
Common Vulnerability Exposure (CVE) ID: CVE-2003-0127
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html
RedHat Security Advisories: RHSA-2003:098
http://rhn.redhat.com/errata/RHSA-2003-098.html
http://rhn.redhat.com/errata/RHSA-2003-088.html
http://www.redhat.com/support/errata/RHSA-2003-103.html
SuSE Security Announcement: SuSE-SA:2003:021 (Google Search)
En Garde Linux Advisory: ESA-20030318-009
Debian Security Information: DSA-270 (Google Search)
http://www.debian.org/security/2003/dsa-270
Debian Security Information: DSA-276 (Google Search)
http://www.debian.org/security/2003/dsa-276
Debian Security Information: DSA-423 (Google Search)
http://www.debian.org/security/2004/dsa-423
Debian Security Information: DSA-495 (Google Search)
http://www.debian.org/security/2004/dsa-495
http://www.mandriva.com/security/advisories?name=MDKSA-2003:038
http://www.mandriva.com/security/advisories?name=MDKSA-2003:039
Caldera Security Advisory: CSSA-2003-020.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt
En Garde Linux Advisory: ESA-20030515-017
http://marc.theaimsgroup.com/?l=bugtraq&m=105301461726555&w=2
http://www.redhat.com/support/errata/RHSA-2003-145.html
http://security.gentoo.org/glsa/glsa-200303-17.xml
CERT/CC vulnerability note: VU#628849
http://www.kb.cert.org/vuls/id/628849
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:254
Common Vulnerability Exposure (CVE) ID: CVE-2003-0244
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0073.html
http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html
http://marc.theaimsgroup.com/?l=linux-kernel&m=104956079213417
http://www.redhat.com/support/errata/RHSA-2003-147.html
http://www.redhat.com/support/errata/RHSA-2003-172.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:066
http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
Bugtraq: 20030618 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=105595901923063&w=2
BugTraq ID: 7601
http://www.securityfocus.com/bid/7601
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:261
http://www.secunia.com/advisories/8786/
XForce ISS Database: data-algorithmic-complexity-dos(15382)
http://xforce.iss.net/xforce/xfdb/15382
Common Vulnerability Exposure (CVE) ID: CVE-2003-0246
TurboLinux Advisory: TLSA-2003-41
http://www.turbolinux.com/security/TLSA-2003-41.txt
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:278
Common Vulnerability Exposure (CVE) ID: CVE-2003-0247
http://www.redhat.com/support/errata/RHSA-2003-187.html
http://www.redhat.com/support/errata/RHSA-2003-195.html
http://www.redhat.com/support/errata/RHSA-2003-198.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:284
Common Vulnerability Exposure (CVE) ID: CVE-2003-0248
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:292
Common Vulnerability Exposure (CVE) ID: CVE-2003-0364
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:295
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 51507 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.