Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA466] DSA-466-1 linux-kernel-2.2.10-powerpc-apus

Vulnerability Assessment Details

[DSA466] DSA-466-1 linux-kernel-2.2.10-powerpc-apus
Vulnerability Assessment Summary
DSA-466-1 linux-kernel-2.2.10-powerpc-apus

Detailed Explanation for this Vulnerability Assessment

Paul Starzetz and Wojciech Purczynski of isec.pl
discovered a critical
security vulnerability in the memory management code of Linux inside
the mremap(2) system call. Due to flushing the TLB (Translation
Lookaside Buffer, an address cache) too early it is possible for an
attacker to trigger a local root exploit.
The attack vectors for 2.4.x and 2.2.x kernels are exclusive for the
respective kernel series, though. We formerly believed that the
exploitable vulnerability in 2.4.x does not exist in 2.2.x which is
still true. However, it turned out that a second (sort of)
vulnerability is indeed exploitable in 2.2.x, but not in 2.4.x, with a
different exploit, of course.
For the stable distribution (woody) this problem has been fixed in
version 2.2.10-13woody1 of 2.2 kernel images for the powerpc/apus
architecture and in version 2.2.10-2 of Linux 2.2.10 source.
For the unstable distribution (sid) this problem will be fixed soon
with the 2.4.20 kernel-image package for powerpc/apus. The old 2.2.10
kernel image will be removed from Debian unstable.
You are strongly advised to switch to the fixed 2.4.17 kernel-image
package for powerpc/apus from woody until the 2.4.20 kernel-image
package is fixed in the unstable distribution.
We recommend that you upgrade your Linux kernel package.
Vulnerability matrix for CVE-2004-0077


Solution : http://www.debian.org/security/2004/dsa-466
Network Security Threat Level: High

Networks Security ID: 9686

Vulnerability Assessment Copyright: This script is (C) 2005 Michel Arboi
Cables, Connectors


AMD EPYC 7282 CPU Processor 16 Cores 32 Threads 2.8GHZ up to 3.2GHZ 120W no lock picture

AMD EPYC 7282 CPU Processor 16 Cores 32 Threads 2.8GHZ up to 3.2GHZ 120W no lock

$75.00


Intel - Core i7-12700K Desktop Processor 12 (8P+4E) Cores up to 5.0 GHz Unloc... picture

Intel - Core i7-12700K Desktop Processor 12 (8P+4E) Cores up to 5.0 GHz Unloc...

$419.99


Intel - Core i9-12900K Desktop Processor 16 (8P+8E) Cores up to 5.2 GHz Unloc... picture

Intel - Core i9-12900K Desktop Processor 16 (8P+8E) Cores up to 5.2 GHz Unloc...

$619.99


Intel Xeon E5-2697A V4 2.6GHz CPU Processor 16-Core Socket LGA2011 SR2K1 picture

Intel Xeon E5-2697A V4 2.6GHz CPU Processor 16-Core Socket LGA2011 SR2K1

$39.99


Intel Quad Core i3-12100 3.3GHz 12MB LGA1700 12th Gen. CPU Processor SRL62 picture

Intel Quad Core i3-12100 3.3GHz 12MB LGA1700 12th Gen. CPU Processor SRL62

$45.96


AMD Ryzen 5 4500 6-Core 3.6GHz Socket AM4 65W CPU Desktop Processor picture

AMD Ryzen 5 4500 6-Core 3.6GHz Socket AM4 65W CPU Desktop Processor

$79.00


Intel Core i9-13900KF Unlocked Desktop Processor - 24 Cores (8P+16E) & 32 Thread picture

Intel Core i9-13900KF Unlocked Desktop Processor - 24 Cores (8P+16E) & 32 Thread

$539.99


Intel Core i9-14900KF Unlocked Desktop Processor picture

Intel Core i9-14900KF Unlocked Desktop Processor

$579.99


AMD Ryzen 7 5800X Processor (4.7GHz, 8 Cores, Socket AM4) Box - 100-100000063WOF picture

AMD Ryzen 7 5800X Processor (4.7GHz, 8 Cores, Socket AM4) Box - 100-100000063WOF

$159.99


AMD Ryzen 7 7700 Processor (5.3 GHz, 8 Cores, Socket AM5) Boxed -... picture

AMD Ryzen 7 7700 Processor (5.3 GHz, 8 Cores, Socket AM5) Boxed -...

$259.99


Discussions

No Discussions have been posted on this vulnerability.