icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Red Hat 2003-389 Security Check

High

Synopsis

The remote host is missing a security update.

Description

Updated kernel packages are now available that fix a security vulnerability allowing local users to gain root privileges.

The Linux kernel handles the basic functions of the operating system.

A flaw in bounds checking in the do_brk() function in the Linux kernel versions 2.4.22 and previous can allow a local attacker to gain root privileges. This issue is known to be exploitable; an exploit has been seen in the wild that takes advantage of this vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0961 to this issue.

All users of Red Hat Enterprise Linux 2.1 are advised to upgrade to these errata packages, which contain a backported security patch that corrects this vulnerability.

Users of Red Hat Enterprise Linux 3 should upgrade to the kernel packages provided by RHBA-2003:308 (released on 30 October 2003), which already contained a patch correcting this issue.

Solution

Update the affected package(s).