|
Family: Debian Local Security Checks --> Category: infos
[DSA440] DSA-440-1 linux-kernel-2.4.17-powerpc-apus Vulnerability Scan
Vulnerability Scan Summary DSA-440-1 linux-kernel-2.4.17-powerpc-apus
Detailed Explanation for this Vulnerability Test
Several local root exploits have been discovered recently in the Linux
kernel. This security advisory updates the PowerPC/Apus kernel for
Debian GNU/Linux. The Common Vulnerabilities and Exposures project
identifies the following problems that are fixed with this update:
An integer overflow in brk() system call (do_brk() function) for
Linux allows a local attacker to gain root rights. Fixed
upstream in Linux 2.4.23.
Paul Starzetz discovered
a flaw in bounds checking in mremap() in
the Linux kernel (present in version 2.4.x and 2.6.x) which may
allow a local attacker to gain root rights. Version 2.2 is not
affected by this bug. Fixed upstream in Linux 2.4.24.
Paul Starzetz and Wojciech Purczynski of isec.pl
href="http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt">discovered a
critical security vulnerability in the memory management code of
Linux inside the mremap(2) system call. Due to missing function
return value check of internal functions a local attacker can gain
root rights. Fixed upstream in Linux 2.4.25 and 2.6.3.
For the stable distribution (woody) these problems have been fixed in
version 2.4.17-4 of powerpc/apus images.
Other architectures will probably be mentioned in a separate advisory or
are not affected (m68k).
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your Linux kernel packages immediately.
Solution : http://www.debian.org/security/2004/dsa-440
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|