Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2004:029: kernel

Vulnerability Assessment Details

MDKSA-2004:029: kernel
Vulnerability Assessment Summary
Check for the version of the kernel package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory MDKSA-2004:029 (kernel).


A vulnerability was found in the R128 DRI driver by Alan Cox. This could permit
local privilege escalation. The previous fix, in MDKSA-2004:015 only partially
corrected the problem
the full fix is included (CVE-2004-0003).
A local root vulnerability was discovered in the isofs component of the Linux
kernel by iDefense. This vulnerability can be triggered by performing a
directory listing on a maliciously constructed ISO filesystem, or attempting to
access a file via a malformed symlink on such a filesystem (CVE-2004-0109).
An information leak was discovered in the ext3 filesystem code by Solar
Designer. It was discovered that when creating or writing to an ext3 filesystem,
some amount of other in-memory data gets written to the device. The data is not
the file's contents, not something on the same filesystem, or even anything that
was previously in a file at all. To obtain this data, a user needs to read the
raw device (CVE-2004-0177).
The same vulnerability was also found in the XFS filesystem code (CVE-2004-0133)
and the JFS filesystem code (CVE-2004-0181).
Finally, a vulnerability in the OSS code for SoundBlaster 16 devices was
discovered by Andreas Kies. It is possible for local users with access to the
sound system to crash the machine (CVE-2004-0178).
The provided packages are patched to fix these vulnerabilities. All users are
encouraged to upgrade to these updated kernels.
To update your kernel, please follow the directions located at:
http://www.mandrakesecure.net/en/kernelupdate.php


Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:029
Network Security Threat Level: High

Networks Security ID: 10152, 9570

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security
Cables, Connectors


Vintage Atari XE System Light Gun Controller picture

Vintage Atari XE System Light Gun Controller

$44.99


Atari 800XL Computer with Video, RAM, and OS Upgrades picture

Atari 800XL Computer with Video, RAM, and OS Upgrades

$175.00


Atari Power Cube 800XL, 600XL, 65XE, 130XE USB-C Power Supply PSU picture

Atari Power Cube 800XL, 600XL, 65XE, 130XE USB-C Power Supply PSU

$11.25


A8picoCart Atari 130 / 65 XE 800 / 1200 XL XEGS multicart UnoCart clone game picture

A8picoCart Atari 130 / 65 XE 800 / 1200 XL XEGS multicart UnoCart clone game

$31.95


Atari hardware and software lot - includes Games and Paperwork picture

Atari hardware and software lot - includes Games and Paperwork

$200.00


Atari 400/800/XL/XE Computer SIO2PC - PC/Mac Disk Drive Emulator Adapter/Device picture

Atari 400/800/XL/XE Computer SIO2PC - PC/Mac Disk Drive Emulator Adapter/Device

$15.25


Atari 520ST Early Model with Accelerator and Blitter for Parts picture

Atari 520ST Early Model with Accelerator and Blitter for Parts

$170.00


Vintage Atari XC12 Program Cassette Tape Player picture

Vintage Atari XC12 Program Cassette Tape Player

$69.90


Atari 1050 US Doubler upgrade kit picture

Atari 1050 US Doubler upgrade kit

$35.00


Vintage Atari 1025 Dot Matrix Printer - Untested - For Parts/Repair Only picture

Vintage Atari 1025 Dot Matrix Printer - Untested - For Parts/Repair Only

$59.95


Discussions

No Discussions have been posted on this vulnerability.