Fedora 2004-581 Security Check

High Log Correlation Engine Plugin ID 801561


The remote host is missing a security update.


A large change over previous kernels has been made. The 4G:4G memory
split patch has been dropped, and Fedora kernels now revert back to
the upstream 3G:1G kernel/userspace split.

A number of security fixes are present in this update.

CVE-2004-1016: Paul Starzetz discovered a buffer overflow
vulnerability in the '__scm_send' function which handles the sending
of UDP network packets. A wrong validity check of the cmsghdr
structure allowed a local attacker to modify kernel memory, thus
causing an endless loop (Denial of Service) or possibly even root
privilege escalation.

CVE-2004-1017: Alan Cox reported two potential buffer overflows with
the io_edgeport driver.

CVE-2004-1068: A race condition was discovered in the handling of
AF_UNIX network packets. This reportedly allowed local users to modify
arbitrary kernel memory, facilitating privilege escalation, or
possibly allowing code execution in the context of the kernel.

CVE-2004-1137: Paul Starzetz discovered several flaws in the IGMP
handling code. This allowed users to provoke a Denial of Service, read
kernel memory, and execute arbitrary code with root privileges. This
flaw is also exploitable remotely if an application has bound a
multicast socket.

CVE-2004-1151: Jeremy Fitzhardinge discovered two buffer overflows in
the sys32_ni_syscall() and sys32_vm86_warning() functions. This could
possibly be exploited to overwrite kernel memory with
attacker-supplied code and cause root privilege escalation.


- Fix memory leak in ip_conntrack_ftp (local DoS)

- Do not leak IP options. (local DoS)

- fix missing security_*() check in net/compat.c

- ia64/x86_64/s390 overlapping vma fix

- Fix bugs with SOCK_SEQPACKET AF_UNIX sockets

- Make sure VC resizing fits in s16. Georgi Guninski
reported a buffer overflow with vc_resize().

- Clear ebp on sysenter return. A small information leak
was found by Brad Spengler.


Update the affected package(s).

See Also


Plugin Details

Severity: High

ID: 801561

File Name: 801561.prm

Family: Generic

Risk Information

Risk Factor: High