Fedora 2004-251 Security Check

High Log Correlation Engine Plugin ID 801558

Synopsis

The remote host is missing a security update.

Description

Paul Starzetz discovered flaws in the Linux kernel when handling file
offset pointers. These consist of invalid conversions of 64 to 32-bit
file offset pointers and possible race conditions. A local
unprivileged user could make use of these flaws to access large
portions of kernel memory. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0415 to this
issue.

These packages contain a patch written by Al Viro to correct these
flaws. Red Hat would like to thank iSEC Security Research for
disclosing this issue and a number of vendor-sec participants for
reviewing and working on the patch to this issue.

Additionally, a number of issues were fixed in the USB serial code.

Solution

Update the affected package(s).

See Also

http://www.isec.pl/vulnerabilities/isec-0016-procleaks.txt

http://www.nessus.org/u?6d40062f

Plugin Details

Severity: High

ID: 801558

File Name: 801558.prm

Family: Generic

Risk Information

Risk Factor: High

Temporal Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Reference Information

CVE: CVE-2004-0415