Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Fedora 2004-581 Security Check

High

Synopsis

The remote host is missing a security update.

Description

A large change over previous kernels has been made. The 4G:4G memory split patch has been dropped, and Fedora kernels now revert back to the upstream 3G:1G kernel/userspace split.

A number of security fixes are present in this update.

CVE-2004-1016: Paul Starzetz discovered a buffer overflow vulnerability in the '__scm_send' function which handles the sending of UDP network packets. A wrong validity check of the cmsghdr structure allowed a local attacker to modify kernel memory, thus causing an endless loop (Denial of Service) or possibly even root privilege escalation.

CVE-2004-1017: Alan Cox reported two potential buffer overflows with the io_edgeport driver.

CVE-2004-1068: A race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel.

CVE-2004-1137: Paul Starzetz discovered several flaws in the IGMP handling code. This allowed users to provoke a Denial of Service, read kernel memory, and execute arbitrary code with root privileges. This flaw is also exploitable remotely if an application has bound a multicast socket.

CVE-2004-1151: Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions. This could possibly be exploited to overwrite kernel memory with attacker-supplied code and cause root privilege escalation.

NO-CAN-ASSIGNED :

- Fix memory leak in ip_conntrack_ftp (local DoS)

- Do not leak IP options. (local DoS)

- fix missing security_*() check in net/compat.c

- ia64/x86_64/s390 overlapping vma fix

- Fix bugs with SOCK_SEQPACKET AF_UNIX sockets

- Make sure VC resizing fits in s16. Georgi Guninski reported a buffer overflow with vc_resize().

- Clear ebp on sysenter return. A small information leak was found by Brad Spengler.

Solution

Update the affected package(s).