|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> SuSE Local Security Checks >> SUSE-SA:2005:003: kernel Vulnerability Assessment Details
|
SUSE-SA:2005:003: kernel |
||
Check for the version of the kernel package Detailed Explanation for this Vulnerability Assessment The remote host is missing the patch for the advisory SUSE-SA:2005:003 (kernel). Several exploitable security problems were identified and fixed in the Linux kernel, the core of every SUSE Linux product. - Due to missing locking in the sys_uselib system call a local attacker can gain root access. This was found by Paul Starzetz and is tracked by the Mitre CVE ID CVE-2004-1235. - Paul Starzetz also found a race condition in SMP page table handling which could lead to a local attacker gaining root access on SMP machines. This is tracked by the Mitre CVE ID CVE-2005-0001. - A local denial of service was found in the auditing subsystem which have lead a local attacker crashing the machine. This was reported and fixed by Redhat. - The sendmsg / cmsg fix from the previous kernel update was faulty on 64bit systems with 32bit compatibility layer and could lead to 32bit applications not working correctly on those 64bit systems. - The smbfs security fixes from a before-previous kernel update were faulty for some file write cases. - A local denial of service with Direct I/O access to NFS file systems could lead a local attacker to crash a machine with NFS mounts. - grsecurity reported a signed integer problem in the SCSI ioctl handling which had a missing boundary check. Due to C language specifics, this evaluation was not correct and there actually is no problem in this code. The signed / unsigned mismatch was fixed nevertheless. - Several more small non security problems were fixed. NOTE: Two days ago we released the Service Pack 1 for the SUSE Linux Enterprise Server 9. This kernel update contains fixes for the SUSE Linux Enterprise Server 9 GA version kernel line. A fix for the Service Pack 1 version line will be available shortly. Solution : http://www.suse.de/security/advisories/2005_03_kernel.html Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security |
||
Cables, Connectors |
Supermicro 1U Server H11DSU-iN 2x Epyc 7351 2.4ghz 32GB S3108L 2x 800W Rails
$704.99
HPE ProLiant MicroServer Gen10 Plus v2 Ultra Micro Tower Server - 1 x Intel Pent
$589.10
HP ProLiant MicroServer Gen8 Server Pentium G20202T 16GB RAM No Hdd No OS
$150.00
HP ProLiant MicroServer Gen8 Server Xeon E3-1220L 8GB RAM No HDD's
$229.00
HP ProLiant MicroServer Gen10 Plus Xeon E-2224 3.4GHz 16GB RAM No HDD NO OS
$499.99
SuperMicro Server 505-2 Intel Atom 2.4GHz 8GB RAM SYS-5018A-FTN4 1U Rackmount
$202.49
HP Proliant MicroServer (Model: HSTNS-5151) NO HARD DRIVES-Power Tested, Read
$115.00
SUPERMICRO 813M-3 Intel Xeon E3-1225 V3 3.20GHz Server w/16GB RAM ,No HHD
$114.99
1U Supermicro Firewall Router Jumpbox 6x 10GB Ethernet E3-1270 V3 32GB RAM 2x PS
$200.00
2U 12 Bay SAS3 SuperMicro Server 6028U-TR4T+ W/ X10DRU-i+ Barebone 12 Caddy RAIL
$269.00
|
||
No Discussions have been posted on this vulnerability. |