Fedora 2004-581 Security Check
High Log Correlation Engine Plugin ID 801561
SynopsisThe remote host is missing a security update.
DescriptionA large change over previous kernels has been made. The 4G:4G memory
split patch has been dropped, and Fedora kernels now revert back to
the upstream 3G:1G kernel/userspace split.
A number of security fixes are present in this update.
CVE-2004-1016: Paul Starzetz discovered a buffer overflow
vulnerability in the '__scm_send' function which handles the sending
of UDP network packets. A wrong validity check of the cmsghdr
structure allowed a local attacker to modify kernel memory, thus
causing an endless loop (Denial of Service) or possibly even root
CVE-2004-1017: Alan Cox reported two potential buffer overflows with
the io_edgeport driver.
CVE-2004-1068: A race condition was discovered in the handling of
AF_UNIX network packets. This reportedly allowed local users to modify
arbitrary kernel memory, facilitating privilege escalation, or
possibly allowing code execution in the context of the kernel.
CVE-2004-1137: Paul Starzetz discovered several flaws in the IGMP
handling code. This allowed users to provoke a Denial of Service, read
kernel memory, and execute arbitrary code with root privileges. This
flaw is also exploitable remotely if an application has bound a
CVE-2004-1151: Jeremy Fitzhardinge discovered two buffer overflows in
the sys32_ni_syscall() and sys32_vm86_warning() functions. This could
possibly be exploited to overwrite kernel memory with
attacker-supplied code and cause root privilege escalation.
- Fix memory leak in ip_conntrack_ftp (local DoS)
- Do not leak IP options. (local DoS)
- fix missing security_*() check in net/compat.c
- ia64/x86_64/s390 overlapping vma fix
- Fix bugs with SOCK_SEQPACKET AF_UNIX sockets
- Make sure VC resizing fits in s16. Georgi Guninski
reported a buffer overflow with vc_resize().
- Clear ebp on sysenter return. A small information leak
was found by Brad Spengler.
SolutionUpdate the affected package(s).