Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.

New kernel packages are available for Slackware 9.1 and -current to fix security issues. Also available are new kernel modules packages (including alsa-driver), and a new version of the hotplug package for Slackware 9.1 containing some fixes for using 2.4.26 (and 2.6.x) kernel modules. The most serious of the fixed issues is an overflow in ip_setsockopt(), which could allow a local attacker to gain root access, or to crash or reboot the machine. This bug affects 2.4 kernels from 2.4.22 - 2.4.25. Any sites running one of those kernel versions should upgrade right away. After installing the new kernel, be sure to run 'lilo'.

A vulnerability was found in the framebuffer driver of the 2.6 kernel.
This is due to incorrect use of the fb_copy_cmap function.
(CVE-2004-0229)

A vulnerability has been found in the Linux kernel in the ip_setsockopt() function code. There is an exploitable integer overflow inside the code handling the MCAST_MSFILTER socket option in the IP_MSFILTER_SIZE macro calculation. This issue is present in both 2.4 (2.4.25) and 2.6 kernels. (CVE-2004-0424)

There is a minor issue with the static buffer in 2.4 kernel's panic() function. Although it's a possibly buffer overflow, it most like not exploitable due to the nature of panic(). (CVE-2004-0394)

In do_fork(), if an error occurs after the mm_struct for the child has been allocated, it is never freed. The exit_mm() meant to free it increments the mm_count and this count is never decremented. (For a running process that is exitting, schedule() takes care this; however, the child process being cleaned up is not running.) In the CLONE_VM case, the parent's mm_struct will get an extra mm_count and so it will never be freed. This issue is present in both 2.4 and 2.6 kernels.
(CVE-2004-0427)

The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels.

To update your kernel, please follow the directions located at :

http://www.mandrakesecure.net/en/kernelupdate.php

The remote host is missing the patch for the advisory SuSE-SA:2004:010 (Linux Kernel).


Various vulnerabilities have been fixed in the newly available kernel updates. The updates consist of fixes for the following vulnerabilities:

- The do_fork() memory leak, which could lead to a local DoS attack.
All kernels except for SLES7 are affected.
- The setsockopt() MCAST buffer overflow which allows local attackers to execute arbitrary code with root privileges. Only SLES8 based products and SL 8.1 and SL 9.0 kernels are affected by this bug.
- The misuse of the fb_copy_cmap() function which could also allow local attackers to execute arbitrary code with root privileges.
Only the SL 9.1 kernel is affected.
- The integer overflow in the cpufreq_procctl() function.
Only the SL 9.1 kernel is affected.
- The wrong permissions on /proc/scsi/qla2300/HbaApiNode which allow local attackers to start DoS attacks. SLES8 kernels and SL 8.1 and 9.0 kernels are affected.
- A buffer overflow in panic(). Although there seems no way to trigger this bug, it has been fixed.

If you use a maintained product or SuSE Linux 8.1 or 9.0, we recommend an update. If you offer shell access to users we recommend an update in any case.

Updated kernel packages that fix two privilege escalation vulnerabilities are now available.

The Linux kernel handles the basic functions of the operating system.

iSEC Security Research discovered a flaw in the ip_setsockopt() function code of the Linux kernel versions 2.4.22 to 2.4.25 inclusive.
This flaw also affects the 2.4.21 kernel in Red Hat Enterprise Linux 3 which contained a backported version of the affected code. A local user could use this flaw to gain root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0424 to this issue.

iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that root privileges may be obtained if the filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0109 to this issue.

All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.

Updated kernel packages that fix two privilege escalation
vulnerabilities are now available.

The Linux kernel handles the basic functions of the operating system.

iSEC Security Research discovered a flaw in the ip_setsockopt()
function code of the Linux kernel versions 2.4.22 to 2.4.25 inclusive.
This flaw also affects the 2.4.21 kernel in Red Hat Enterprise Linux 3
which contained a backported version of the affected code. A local
user could use this flaw to gain root privileges. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0424 to this issue.

iDefense reported a buffer overflow flaw in the ISO9660 filesystem
code. An attacker could create a malicious filesystem in such a way
that root privileges may be obtained if the filesystem is mounted. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0109 to this issue.

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.

ID	Name	Product	Family	Severity
18792	Slackware 9.1 / current : kernel security updates (SSA:2004-119-01)	Nessus	Slackware Local Security Checks	high
14136	Mandrake Linux Security Advisory : kernel (MDKSA-2004:037)	Nessus	Mandriva Local Security Checks	high
13828	SuSE-SA:2004:010: Linux Kernel	Nessus	SuSE Local Security Checks	high
12493	RHEL 3 : kernel (RHSA-2004:183)	Nessus	Red Hat Local Security Checks	high
801592	Red Hat 2004-183 Security Check	Log Correlation Engine	Generic	high

Detections

Analytics

CVE-2004-0424

high

Tenable Plugins

high

high

high

high

high