Fedora Core 2 : kernel-2.6.9-1.11_FC2 (2004-581)

high Nessus Plugin ID 16097

Synopsis

The remote Fedora Core host is missing a security update.

Description

A large change over previous kernels has been made. The 4G:4G memory split patch has been dropped, and Fedora kernels now revert back to the upstream 3G:1G kernel/userspace split.

A number of security fixes are present in this update.

CVE-2004-1016: Paul Starzetz discovered a buffer overflow vulnerability in the '__scm_send' function which handles the sending of UDP network packets. A wrong validity check of the cmsghdr structure allowed a local attacker to modify kernel memory, thus causing an endless loop (Denial of Service) or possibly even root privilege escalation.

CVE-2004-1017: Alan Cox reported two potential buffer overflows with the io_edgeport driver.

CVE-2004-1068: A race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel.

CVE-2004-1137: Paul Starzetz discovered several flaws in the IGMP handling code. This allowed users to provoke a Denial of Service, read kernel memory, and execute arbitrary code with root privileges. This flaw is also exploitable remotely if an application has bound a multicast socket.

CVE-2004-1151: Jeremy Fitzhardinge discovered two buffer overflows in the sys32_ni_syscall() and sys32_vm86_warning() functions. This could possibly be exploited to overwrite kernel memory with attacker-supplied code and cause root privilege escalation.

NO-CAN-ASSIGNED :

- Fix memory leak in ip_conntrack_ftp (local DoS)

- Do not leak IP options. (local DoS)

- fix missing security_*() check in net/compat.c

- ia64/x86_64/s390 overlapping vma fix

- Fix bugs with SOCK_SEQPACKET AF_UNIX sockets

- Make sure VC resizing fits in s16. Georgi Guninski reported a buffer overflow with vc_resize().

- Clear ebp on sysenter return. A small information leak was found by Brad Spengler.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?4d453a69

Plugin Details

Severity: High

ID: 16097

File Name: fedora_2004-581.nasl

Version: 1.15

Type: local

Agent: unix

Published: 1/4/2005

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:kernel, p-cpe:/a:fedoraproject:fedora:kernel-debuginfo, p-cpe:/a:fedoraproject:fedora:kernel-doc, p-cpe:/a:fedoraproject:fedora:kernel-smp, p-cpe:/a:fedoraproject:fedora:kernel-sourcecode, cpe:/o:fedoraproject:fedora_core:2

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 1/3/2005

Reference Information

FEDORA: 2004-581