|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2003-147: kernel Vulnerability Assessment Details
|
RHSA-2003-147: kernel |
||
|
Check for the version of the kernel packages Detailed Explanation for this Vulnerability Assessment These updated kernel packages address security vulnerabilites, including two possible data corruption scenarios. In addition, a number of drivers have been updated, improvements made to system performance, and various issues have been resolved. A flaw was found in several hash table implementations in the kernel networking code. A remote attacker sending packets with carefully chosen, forged source addresses could potentially cause every routing cache entry to be hashed into the same hash chain. As a result, the kernel would use a disproportionate amount of processor time to deal with the new packets, leading to a remote denial-of-service (DoS) attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0244 to this issue. A flaw was also found in the "ioperm" system call, which fails to properly restrict rights. This flaw can permit an unprivileged local user to gain read and write access to I/O ports on the system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0246 to this issue. All users should upgrade to these errata packages, which address these issues. Solution : http://rhn.redhat.com/errata/RHSA-2003-147.html Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security |
||
|
Servers |
|
||
|
No Discussions have been posted on this vulnerability. |