 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.53757 |
| Category: | Debian Local Security Checks |
| Title: | Debian Security Advisory DSA 270-1 (kernel-patch-2.4.17-mips, kernel-patch-2.4.19-mips) |
| Summary: | The remote host is missing an update to kernel-patch-2.4.17-mips, kernel-patch-2.4.19-mips;announced via advisory DSA 270-1. |
| Description: | Summary: The remote host is missing an update to kernel-patch-2.4.17-mips, kernel-patch-2.4.19-mips announced via advisory DSA 270-1. Vulnerability Insight: The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible. This advisory only covers kernel packages for the big and little endian MIPS architectures. Other architectures will be covered by separate advisories. For the stable distribution (woody) this problem has been fixed in version 2.4.17-0.020226.2.woody1 of kernel-patch-2.4.17-mips (mips+mipsel) and in version 2.4.19-0.020911.1.woody1 of kernel-patch-2.4.19-mips (mips only). The old stable distribution (potato) is not affected by this problem for these architectures since mips and mipsel were first released with Debian GNU/Linux 3.0 (woody). For the unstable distribution (sid) this problem has been fixed in version 2.4.19-0.020911.6 of kernel-patch-2.4.19-mips (mips+mipsel). Solution: We recommend that you upgrade your kernel-images packages immediately. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2003-0127 Caldera Security Advisory: CSSA-2003-020.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt CERT/CC vulnerability note: VU#628849 http://www.kb.cert.org/vuls/id/628849 Debian Security Information: DSA-270 (Google Search) http://www.debian.org/security/2003/dsa-270 Debian Security Information: DSA-276 (Google Search) http://www.debian.org/security/2003/dsa-276 Debian Security Information: DSA-311 (Google Search) http://www.debian.org/security/2003/dsa-311 Debian Security Information: DSA-312 (Google Search) http://www.debian.org/security/2003/dsa-312 Debian Security Information: DSA-332 (Google Search) http://www.debian.org/security/2003/dsa-332 Debian Security Information: DSA-336 (Google Search) http://www.debian.org/security/2003/dsa-336 Debian Security Information: DSA-423 (Google Search) http://www.debian.org/security/2004/dsa-423 Debian Security Information: DSA-495 (Google Search) http://www.debian.org/security/2004/dsa-495 En Garde Linux Advisory: ESA-20030318-009 En Garde Linux Advisory: ESA-20030515-017 http://marc.info/?l=bugtraq&m=105301461726555&w=2 http://security.gentoo.org/glsa/glsa-200303-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2003:038 http://www.mandriva.com/security/advisories?name=MDKSA-2003:039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A254 RedHat Security Advisories: RHSA-2003:088 http://rhn.redhat.com/errata/RHSA-2003-088.html RedHat Security Advisories: RHSA-2003:098 http://rhn.redhat.com/errata/RHSA-2003-098.html http://www.redhat.com/support/errata/RHSA-2003-103.html http://www.redhat.com/support/errata/RHSA-2003-145.html SuSE Security Announcement: SuSE-SA:2003:021 (Google Search) http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |