Fedora Core 2 : kernel-2.6.9-1.11_FC2 (2004-581)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora Core host is missing a security update.

Description :

A large change over previous kernels has been made. The 4G:4G memory
split patch has been dropped, and Fedora kernels now revert back to
the upstream 3G:1G kernel/userspace split.

A number of security fixes are present in this update.

CVE-2004-1016: Paul Starzetz discovered a buffer overflow
vulnerability in the '__scm_send' function which handles the sending
of UDP network packets. A wrong validity check of the cmsghdr
structure allowed a local attacker to modify kernel memory, thus
causing an endless loop (Denial of Service) or possibly even root
privilege escalation.

CVE-2004-1017: Alan Cox reported two potential buffer overflows with
the io_edgeport driver.

CVE-2004-1068: A race condition was discovered in the handling of
AF_UNIX network packets. This reportedly allowed local users to modify
arbitrary kernel memory, facilitating privilege escalation, or
possibly allowing code execution in the context of the kernel.

CVE-2004-1137: Paul Starzetz discovered several flaws in the IGMP
handling code. This allowed users to provoke a Denial of Service, read
kernel memory, and execute arbitrary code with root privileges. This
flaw is also exploitable remotely if an application has bound a
multicast socket.

CVE-2004-1151: Jeremy Fitzhardinge discovered two buffer overflows in
the sys32_ni_syscall() and sys32_vm86_warning() functions. This could
possibly be exploited to overwrite kernel memory with
attacker-supplied code and cause root privilege escalation.

NO-CAN-ASSIGNED :

- Fix memory leak in ip_conntrack_ftp (local DoS)

- Do not leak IP options. (local DoS)

- fix missing security_*() check in net/compat.c

- ia64/x86_64/s390 overlapping vma fix

- Fix bugs with SOCK_SEQPACKET AF_UNIX sockets

- Make sure VC resizing fits in s16. Georgi Guninski
reported a buffer overflow with vc_resize().

- Clear ebp on sysenter return. A small information leak
was found by Brad Spengler.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?4d453a69

Solution :

Update the affected packages.

Risk factor :

High

Family: Fedora Local Security Checks

Nessus Plugin ID: 16097 (fedora_2004-581.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now