RHEL 3 : kernel (RHSA-2004:183)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel packages that fix two privilege escalation
vulnerabilities are now available.

The Linux kernel handles the basic functions of the operating system.

iSEC Security Research discovered a flaw in the ip_setsockopt()
function code of the Linux kernel versions 2.4.22 to 2.4.25 inclusive.
This flaw also affects the 2.4.21 kernel in Red Hat Enterprise Linux 3
which contained a backported version of the affected code. A local
user could use this flaw to gain root privileges. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0424 to this issue.

iDefense reported a buffer overflow flaw in the ISO9660 filesystem
code. An attacker could create a malicious filesystem in such a way
that root privileges may be obtained if the filesystem is mounted. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0109 to this issue.

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.

See also :


Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12493 ()

Bugtraq ID:

CVE ID: CVE-2004-0109