Red Hat 2004-549 Security Check

High Log Correlation Engine Plugin ID 801601

Synopsis

The remote host is missing a security update.

Description

Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 3 are now available.

The Linux kernel handles the basic functions of the operating system.

This update includes fixes for several security issues :

A missing serialization flaw in unix_dgram_recvmsg was discovered that
affects kernels prior to 2.4.28. A local user could potentially make
use of a race condition in order to gain privileges. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-1068 to this issue.

Paul Starzetz of iSEC discovered various flaws in the ELF binary
loader affecting kernels prior to 2.4.28. A local user could use thse
flaws to gain read access to executable-only binaries or possibly gain
privileges. (CVE-2004-1070, CVE-2004-1071, CVE-2004-1072,
CVE-2004-1073)

A flaw when setting up TSS limits was discovered that affects AMD
AMD64 and Intel EM64T architecture kernels prior to 2.4.23. A local
user could use this flaw to cause a denial of service (crash) or
possibly gain privileges. (CVE-2004-0812)

An integer overflow flaw was discovered in the ubsec_keysetup function
in the Broadcom 5820 cryptonet driver. On systems using this driver, a
local user could cause a denial of service (crash) or possibly gain
elevated privileges. (CVE-2004-0619)

Stefan Esser discovered various flaws including buffer overflows in
the smbfs driver affecting kernels prior to 2.4.28. A local user may
be able to cause a denial of service (crash) or possibly gain
privileges. In order to exploit these flaws the user would require
control of a connected Samba server. (CVE-2004-0883, CVE-2004-0949)

SGI discovered a bug in the elf loader that affects kernels prior to
2.4.25 which could be triggered by a malformed binary. On
architectures other than x86, a local user could create a malicious
binary which could cause a denial of service (crash). (CVE-2004-0136)

Conectiva discovered flaws in certain USB drivers affecting kernels
prior to 2.4.27 which used the copy_to_user function on uninitialized
structures. These flaws could allow local users to read small amounts
of kernel memory. (CVE-2004-0685)

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.

Solution

Update the affected package(s).

See Also

https://www.redhat.com/security/data/cve/CVE-2004-0138.html

https://www.redhat.com/security/data/cve/CVE-2004-0619.html

https://www.redhat.com/security/data/cve/CVE-2004-0685.html

https://www.redhat.com/security/data/cve/CVE-2004-0812.html

https://www.redhat.com/security/data/cve/CVE-2004-0883.html

https://www.redhat.com/security/data/cve/CVE-2004-0949.html

https://www.redhat.com/security/data/cve/CVE-2004-1068.html

https://www.redhat.com/security/data/cve/CVE-2004-1070.html

https://www.redhat.com/security/data/cve/CVE-2004-1071.html

https://www.redhat.com/security/data/cve/CVE-2004-1072.html

https://www.redhat.com/security/data/cve/CVE-2004-1073.html

http://rhn.redhat.com/errata/RHSA-2004-549.html

Plugin Details

Severity: High

ID: 801601

File Name: 801601.prm

Family: Generic

Risk Information

Risk Factor: High

Temporal Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Reference Information

CVE: CVE-2004-0136, CVE-2004-0138, CVE-2004-0619, CVE-2004-0685, CVE-2004-0812, CVE-2004-0883, CVE-2004-0949, CVE-2004-1068, CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073, CVE-2004-1191