SUSE-SA:2004:024: kernel

This script is Copyright (C) 2004-2010 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory
SUSE-SA:2004:024 (kernel).

This kernel is vulnerable to a race condition in the 64-bit
file offset handling code.

The file offset pointer (f_pos) is changed during reading, writing, and
seeking through a file to point to the current position in a file.
The Linux kernel offers a 32bit and a 64bit API. Unfortunately the
value conversion between this two APIs as well as the access to the f_pos
pointer is defective.

An attacker, exploiting this flaw, would need local access to the
machine. Upon successful exploitation, an attacker would be able
to read potentially confidential kernel memory.

Additionally a bug in the implementation of chown(2) for updating inode
times, and a denial-of-service condition that can occur while handling
signals was fixed.

Solution :

http://www.suse.de/security/2004_24_kernel.html

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 14231 ()

Bugtraq ID: 10852

CVE ID: CVE-2004-0415

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now