Detections
Analytics

Fedora 2004-581 Security Check

high Log Correlation Engine Plugin ID 801561

Synopsis

The remote host is missing a security update.

Description

A large change over previous kernels has been made. The 4G:4G memory
split patch has been dropped, and Fedora kernels now revert back to
the upstream 3G:1G kernel/userspace split.

A number of security fixes are present in this update.

CVE-2004-1016: Paul Starzetz discovered a buffer overflow
vulnerability in the '__scm_send' function which handles the sending
of UDP network packets. A wrong validity check of the cmsghdr
structure allowed a local attacker to modify kernel memory, thus
causing an endless loop (Denial of Service) or possibly even root
privilege escalation.

CVE-2004-1017: Alan Cox reported two potential buffer overflows with
the io_edgeport driver.

CVE-2004-1068: A race condition was discovered in the handling of
AF_UNIX network packets. This reportedly allowed local users to modify
arbitrary kernel memory, facilitating privilege escalation, or
possibly allowing code execution in the context of the kernel.

CVE-2004-1137: Paul Starzetz discovered several flaws in the IGMP
handling code. This allowed users to provoke a Denial of Service, read
kernel memory, and execute arbitrary code with root privileges. This
flaw is also exploitable remotely if an application has bound a
multicast socket.

CVE-2004-1151: Jeremy Fitzhardinge discovered two buffer overflows in
the sys32_ni_syscall() and sys32_vm86_warning() functions. This could
possibly be exploited to overwrite kernel memory with
attacker-supplied code and cause root privilege escalation.

NO-CAN-ASSIGNED :

 - Fix memory leak in ip_conntrack_ftp (local DoS)

 - Do not leak IP options. (local DoS)

 - fix missing security_*() check in net/compat.c

 - ia64/x86_64/s390 overlapping vma fix

 - Fix bugs with SOCK_SEQPACKET AF_UNIX sockets

 - Make sure VC resizing fits in s16. Georgi Guninski
 reported a buffer overflow with vc_resize().

 - Clear ebp on sysenter return. A small information leak
 was found by Brad Spengler.

Solution

Update the affected package(s).

See Also

http://www.nessus.org/u?4dda1cac

Plugin Details

Severity: High

ID: 801561

Family: Generic