{"result": {"osvdb": [{"id": "OSVDB:4456", "type": "osvdb", "title": "Linux Kernel mxcsr CPU State Register Modification", "description": "## Vulnerability Description\nLinux kernel contains a flaw that may allow a local denial of service. The issue is triggered when the Linux kernel function \"set_fpxregs\" doesn't consider the \"__copy_from_user\" failed condition. This could cause the contents of the MXCSR register to be corrupted, and potentially cause a reserved bit within the register to be unexpectedly set, resulting in loss of availability for the platform.\n## Technical Description\nFrom the vulnerable source code in the kernel:\n\n475 int set_fpxregs( struct task_struct *tsk, struct user_fxsr_struct *buf )\n476 {\n477 if ( cpu_has_fxsr ) {\n478 __copy_from_user( &tsk->thread.i387.fxsave, (void *)buf,\n479 sizeof(struct user_fxsr_struct) );\n480 /* mxcsr bit 6 and 31-16 must be zero for security reasons */\n481 tsk->thread.i387.fxsave.mxcsr &= 0xffbf;\n482 return 0;\n483 } else {\n484 return -EIO;\n485 }\n486 }\n\nIf the __copy_from_user in line 478 fails, it will jump over line 481. This could leave a sizeable amount of garbage in the MXCSR register and trigger a general protection fault within the kernel.\n## Solution Description\nUpgrade the linux kernel to version 2.4.23 or higher, as it has been reported to fix this vulnerability. This can be done through various Linux vendor patches or manually installing a newer kernel. An upgrade is required as there are no known workarounds.\n## Short Description\nLinux kernel contains a flaw that may allow a local denial of service. The issue is triggered when the Linux kernel function \"set_fpxregs\" doesn't consider the \"__copy_from_user\" failed condition. This could cause the contents of the MXCSR register to be corrupted, and potentially cause a reserved bit within the register to be unexpectedly set, resulting in loss of availability for the platform.\n## References:\n[Vendor Specific Advisory URL](http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000701)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2003/dsa-332)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2003/dsa-336)\n[Vendor Specific Advisory URL](https://rhn.redhat.com/errata/RHSA-2003-187.html)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2003/dsa-311)\n[Vendor Specific Advisory URL](http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0946.1)\n[Vendor Specific Advisory URL](http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000796)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2003/dsa-312)\n[Vendor Specific Advisory URL](https://rhn.redhat.com/errata/RHSA-2003-195.html)\n[Vendor Specific Advisory URL](http://cc.turbolinux.com/security/TLSA-2003-41.txt)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-442)\nOther Advisory URL: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:066-2\nISS X-Force ID: 12159\n[CVE-2003-0248](https://vulners.com/cve/CVE-2003-0248)\nBugtraq ID: 7793\n", "published": "2003-06-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:4456", "cvelist": ["CVE-2003-0248"], "lastseen": "2017-04-28T13:19:59"}], "nessus": [{"id": "REDHAT-RHSA-2003-195.NASL", "type": "nessus", "title": "RHEL 2.1 : kernel (RHSA-2003:195)", "description": "Updated kernel packages for Red Hat Enterprise Linux are now available which address several security vulnerabilities.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nSeveral security issues have been found that affect the Linux kernel :\n\nAl Viro found a security issue in the tty layer whereby any user could cause a kernel oops. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0247 to this issue.\n\nAndrea Arcangeli found an issue in the low-level mxcsr code in which a malformed address would leave garbage in cpu state registers. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0248 to this issue.\n\nThe TCP/IP fragment reassembly handling allows remote attackers to cause a denial of service (CPU consumption) via packets that cause a large number of hash table collisions, a vulnerability similar to CVE-2003-0244. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0364 to this issue.\n\nThese kernels also contain updated fixes for the ioperm security issue, as well as fixes for a number of bugs.\n\nIt is recommended that users upgrade to these erratum kernels, which contain patches to correct these vulnerabilities.", "published": "2004-07-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=12401", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2003-0364", "CVE-2001-1572"], "lastseen": "2017-10-29T13:35:29"}, {"id": "MANDRAKE_MDKSA-2003-066.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : kernel (MDKSA-2003:066-2)", "description": "Multiple vulnerabilities were discovered and fixed in the Linux kernel.\n\n - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets.\n\n - CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.\n\n - CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\n - CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS.\n\n - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address.\n\n - CVE-2003-0462: A file read race existed in the execve() system call.\n\nAs well, a number of bug fixes were made in the 9.1 kernel including :\n\n - Support for more machines that did not work with APIC\n\n - Audigy2 support\n\n - New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394, orinoco, via-rhine,\n\n - Fixed SiS IOAPIC\n\n - IRQ balancing has been fixed for SMP\n\n - Updates to ext3\n\n - The previous ptrace fix has been redone to work better\n\n - Bugs with compiling kernels using xconfig have been fixed\n\n - Problems with ipsec have been corrected\n\n - XFS ACLs are now present\n\n - gdb not working on XFS root filesystems has been fixed\n\nMandrakeSoft encourages all users to upgrade to these new kernels.\nUpdated kernels will be available shortly for other supported platforms and architectures.\n\nFor full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php.\n\nUpdate :\n\nThe kernels provided in MDKSA-2003:066-1 (2.4.21-0.24mdk) had a problem where all files created on any filesystem other than XFS, and using any kernel other than kernel-secure, would be created with mode 0666, or world writeable. The 0.24mdk kernels have been removed from the mirrors and users are encouraged to upgrade and remove those kernels from their systems to prevent accidentally booting into them.\n\nThat issue has been addressed and fixed with these new kernels.", "published": "2004-07-31T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14049", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244", "CVE-2003-0462"], "lastseen": "2017-10-29T13:35:30"}, {"id": "DEBIAN_DSA-336.NASL", "type": "nessus", "title": "Debian DSA-336-1 : linux-kernel-2.2.20 - several vulnerabilities", "description": "A number of vulnerabilities have been discovered in the Linux kernel.\n\n - CAN-2002-1380: Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.\n - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall)\n\n - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets\n\n - CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel\n\n - CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain\n\n - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\n - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops')\n\n - CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.\n\n - CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions\n\nThis advisory provides updated 2.2.20 kernel source, and binary kernel images for the i386 architecture. Other architectures and kernel versions will be covered by separate advisories.", "published": "2004-09-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15173", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244", "CVE-2002-1380"], "lastseen": "2018-07-12T18:05:20"}, {"id": "DEBIAN_DSA-312.NASL", "type": "nessus", "title": "Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities", "description": "A number of vulnerabilities have been discovered in the Linux kernel.\n\nCVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall).\n\nCAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets.\n\nCAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.\n\nCAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.\n\nCAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\nCAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops').\n\nCAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.\n\nCAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.\n\nThis advisory covers only the powerpc architecture. Other architectures will be covered by separate advisories.", "published": "2004-09-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15149", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "lastseen": "2018-07-10T05:30:00"}, {"id": "MANDRAKE_MDKSA-2003-074.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : kernel (MDKSA-2003:074)", "description": "Multiple vulnerabilities were discovered and fixed in the Linux kernel.\n\n - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets.\n\n - CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.\n\n - CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\n - CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS.\n\n - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address.\n\n - CVE-2003-0462: A file read race existed in the execve() system call.\n\nKernels for 9.1/x86 are also available (see MDKSA-2003:066).\n\nMandrakeSoft encourages all users to upgrade to these new kernels.\n\nFor full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php.", "published": "2004-07-31T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14057", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0476", "CVE-2003-0244", "CVE-2003-0462"], "lastseen": "2017-10-29T13:45:05"}, {"id": "DEBIAN_DSA-311.NASL", "type": "nessus", "title": "Debian DSA-311-1 : linux-kernel-2.4.18 - several vulnerabilities", "description": "A number of vulnerabilities have been discovered in the Linux kernel.\n\nCVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall).\n\nCAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets.\n\nCAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.\n\nCAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.\n\nCAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\nCAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops').\n\nCAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.\n\nCAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.\n\nThis advisory covers only the i386 (Intel IA32) architectures. Other architectures will be covered by separate advisories.", "published": "2004-09-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15148", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "lastseen": "2018-07-10T05:34:49"}, {"id": "DEBIAN_DSA-332.NASL", "type": "nessus", "title": "Debian DSA-332-1 : linux-kernel-2.4.17 - several vulnerabilities", "description": "A number of vulnerabilities have been discovered in the Linux kernel.\n\n - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall)\n - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets\n\n - CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel\n\n - CAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain\n\n - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\n - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops')\n\n - CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.\n\n - CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions\n\nThis advisory provides corrected source code for Linux 2.4.17, and corrected binary kernel images for the mips and mipsel architectures.\nOther versions and architectures will be covered by separate advisories.", "published": "2004-09-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15169", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "lastseen": "2018-07-12T17:41:34"}, {"id": "DEBIAN_DSA-442.NASL", "type": "nessus", "title": "Debian DSA-442-1 : linux-kernel-2.4.17-s390 - several vulnerabilities", "description": "Several security related problems have been fixed in the Linux kernel 2.4.17 used for the S/390 architecture, mostly by backporting fixes from 2.4.18 and incorporating recent security fixes. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project :\n\n - CVE-2002-0429 :\n The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall).\n\n - CAN-2003-0001 :\n\n Multiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.\n\n - CAN-2003-0244 :\n\n The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.\n\n - CAN-2003-0246 :\n\n The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\n - CAN-2003-0247 :\n\n A vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ('kernel oops').\n\n - CAN-2003-0248 :\n\n The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.\n\n - CAN-2003-0364 :\n\n The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.\n\n - CAN-2003-0961 :\n\n An integer overflow in brk() system call (do_brk() function) for Linux allows a local attacker to gain root privileges. Fixed upstream in Linux 2.4.23.\n\n - CAN-2003-0985 :\n\n Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Version 2.2 is not affected by this bug.\n Fixed upstream in Linux 2.4.24.\n\n - CAN-2004-0077 :\n\n Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.", "published": "2004-09-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15279", "cvelist": ["CVE-2003-0248", "CVE-2003-0961", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0985", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244", "CVE-2004-0077"], "lastseen": "2018-07-12T17:59:34"}], "redhat": [{"id": "RHSA-2003:195", "type": "redhat", "title": "(RHSA-2003:195) kernel security update", "description": "The Linux kernel handles the basic functions of the operating system. \n\nSeveral security issues have been found that affect the Linux kernel:\n\nAl Viro found a security issue in the tty layer whereby any user could\ncause a kernel oops. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0247 to this issue.\n\nAndrea Arcangeli found an issue in the low-level mxcsr code in which a\nmalformed address would leave garbage in cpu state registers. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CAN-2003-0248 to this issue.\n\nThe TCP/IP fragment reassembly handling allows remote attackers to cause a\ndenial of service (CPU consumption) via packets that cause a large number\nof hash table collisions, a vulnerability similar to CAN-2003-0244. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2003-0364 to this issue.\n\nThese kernels also contain updated fixes for the ioperm security issue, as\nwell as fixes for a number of bugs.\n\nIt is recommended that users upgrade to these erratum kernels, which\ncontain patches to correct these vulnerabilities.", "published": "2003-06-19T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2003:195", "cvelist": ["CVE-2001-1572", "CVE-2003-0244", "CVE-2003-0247", "CVE-2003-0248", "CVE-2003-0364"], "lastseen": "2018-03-28T01:01:23"}], "openvas": [{"id": "OPENVAS:53621", "type": "openvas", "title": "Debian Security Advisory DSA 332-1 (kernel-source-2.4.17, kernel-patch-2.4.17-mips)", "description": "The remote host is missing an update to kernel-source-2.4.17, kernel-patch-2.4.17-mips\nannounced via advisory DSA 332-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53621", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "lastseen": "2017-07-24T12:50:23"}, {"id": "OPENVAS:53694", "type": "openvas", "title": "Debian Security Advisory DSA 311-1 (kernel)", "description": "The remote host is missing an update to kernel\nannounced via advisory DSA 311-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53694", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "lastseen": "2017-07-24T12:49:55"}, {"id": "OPENVAS:53625", "type": "openvas", "title": "Debian Security Advisory DSA 336-1 (kernel-source-2.2.20, kernel-image-2.2.20-i386)", "description": "The remote host is missing an update to kernel-source-2.2.20, kernel-image-2.2.20-i386\nannounced via advisory DSA 336-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53625", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "lastseen": "2017-07-24T12:50:13"}, {"id": "OPENVAS:53601", "type": "openvas", "title": "Debian Security Advisory DSA 312-1 (kernel-patch-2.4.18-powerpc)", "description": "The remote host is missing an update to kernel-patch-2.4.18-powerpc\nannounced via advisory DSA 312-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53601", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "lastseen": "2017-07-24T12:50:03"}, {"id": "OPENVAS:53142", "type": "openvas", "title": "Debian Security Advisory DSA 442-1 (kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390)", "description": "The remote host is missing an update to kernel-patch-2.4.17-s390, kernel-image-2.4.17-s390\nannounced via advisory DSA 442-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53142", "cvelist": ["CVE-2003-0248", "CVE-2003-0961", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0985", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244", "CVE-2004-0077"], "lastseen": "2017-07-24T12:50:22"}], "debian": [{"id": "DSA-332", "type": "debian", "title": "linux-kernel-2.4.17 -- several vulnerabilities", "description": "A number of vulnerabilities have been discovered in the Linux kernel.\n\n * [CVE-2002-0429](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0429>): The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall) \n * [CAN-2003-0001](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001>): Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets \n * [CAN-2003-0127](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127>): The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel \n * [CAN-2003-0244](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244>): The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain \n * [CAN-2003-0246](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246>): The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. \n * [CAN-2003-0247](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247>): vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\") \n * [CAN-2003-0248](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248>): The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address. \n * [CAN-2003-0364](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0364>): The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions \n\nThis advisory provides corrected source code for Linux 2.4.17, and corrected binary kernel images for the mips and mipsel architectures. Other versions and architectures will be covered by separate advisories.\n\nFor the stable distribution (woody), these problems have been fixed in kernel-source-2.4.17 version 2.4.17-1woody1 and kernel-patch-2.4.17-mips version 2.4.17-0.020226.2.woody2.\n\nFor the unstable distribution (sid) these problems are fixed in kernel-source-2.4.20 version 2.4.20-8.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade in order to replace the running kernel. Remember to read carefully and follow the instructions given during the kernel upgrade process.", "published": "2003-06-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-332", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "lastseen": "2016-09-02T18:29:54"}, {"id": "DSA-336", "type": "debian", "title": "linux-kernel-2.2.20 -- several vulnerabilities", "description": "A number of vulnerabilities have been discovered in the Linux kernel.\n\n * [CAN-2002-1380](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1380>): Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.\n * [CVE-2002-0429](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0429>): The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall)\n * [CAN-2003-0001](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001>): Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets\n * [CAN-2003-0127](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127>): The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel\n * [CAN-2003-0244](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244>): The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain\n * [CAN-2003-0246](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246>): The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n * [CAN-2003-0247](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247>): vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\")\n * [CAN-2003-0248](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248>): The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.\n * [CAN-2003-0364](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0364>): The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions\n\nThis advisory provides updated 2.2.20 kernel source, and binary kernel images for the i386 architecture. Other architectures and kernel versions will be covered by separate advisories.\n\nFor the stable distribution (woody) on the i386 architecture, these problems have been fixed in kernel-source-2.2.20 version 2.2.20-5woody2 and kernel-image-i386 version 2.2.20-5woody3.\n\nFor the unstable distribution (sid) these problems are fixed in kernel-source-2.2.25 and kernel-image-2.2.25-i386 version 2.2.25-2.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade in order to replace the running kernel. Remember to read carefully and follow the instructions given during the kernel upgrade process.\n\nNOTE: These kernels are not binary-compatible with the previous version. Any loadable modules will need to be recompiled in order to work with the new kernel.", "published": "2003-06-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-336", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244", "CVE-2002-1380"], "lastseen": "2016-09-02T18:35:30"}, {"id": "DSA-312", "type": "debian", "title": "kernel-patch-2.4.18-powerpc -- several vulnerabilities", "description": "A number of vulnerabilities have been discovered in the Linux kernel.\n\nCVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall).\n\nCAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets.\n\nCAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.\n\nCAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.\n\nCAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\nCAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\").\n\nCAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.\n\nCAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.\n\nThis advisory covers only the powerpc architecture. Other architectures will be covered by separate advisories.\n\nFor the stable distribution (woody) on the powerpc architecture, these problems have been fixed in version 2.4.18-1woody1.\n\nFor the unstable distribution (sid) these problems are fixed in version 2.4.20-2.\n\nWe recommend that you update your kernel packages.\n\nNOTE: A system reboot will be required immediately after the upgrade in order to replace the running kernel. Remember to read carefully and follow the instructions given during the kernel upgrade process.", "published": "2003-06-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-312", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "lastseen": "2016-09-02T18:28:21"}, {"id": "DSA-311", "type": "debian", "title": "linux-kernel-2.4.18 -- several vulnerabilities", "description": "A number of vulnerabilities have been discovered in the Linux kernel.\n\nCVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall).\n\nCAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets.\n\nCAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.\n\nCAN-2003-0244: The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.\n\nCAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\nCAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\").\n\nCAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.\n\nCAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.\n\nThis advisory covers only the i386 (Intel IA32) architectures. Other architectures will be covered by separate advisories.\n\nFor the stable distribution (woody) on the i386 architecture, these problems have been fixed in kernel-source-2.4.18 version 2.4.18-9, kernel-image-2.4.18-1-i386 version 2.4.18-8, and kernel-image-2.4.18-i386bf version 2.4.18-5woody1.\n\nFor the unstable distribution (sid) these problems are fixed in the 2.4.20 series kernels based on Debian sources.\n\nWe recommend that you update your kernel packages.\n\nIf you are using the kernel installed by the installation system when the \"bf24\" option is selected (for a 2.4.x kernel), you should install the kernel-image-2.4.18-bf2.4 package. If you installed a different kernel-image package after installation, you should install the corresponding 2.4.18-1 kernel. You may use the table below as a guide.\n \n \n | If \"uname -r\" shows: | Install this package:\n | 2.4.18-bf2.4 | kernel-image-2.4.18-bf2.4\n | 2.4.18-386 | kernel-image-2.4.18-1-386\n | 2.4.18-586tsc | kernel-image-2.4.18-1-586tsc\n | 2.4.18-686 | kernel-image-2.4.18-1-686\n | 2.4.18-686-smp | kernel-image-2.4.18-1-686-smp\n | 2.4.18-k6 | kernel-image-2.4.18-1-k6\n | 2.4.18-k7 | kernel-image-2.4.18-1-k7\n \n\nNOTE: that this kernel is not binary compatible with the previous version. For this reason, the kernel has a different version number and will not be installed automatically as part of the normal upgrade process. Any custom modules will need to be rebuilt in order to work with the new kernel. New PCMCIA modules are provided for all of the above kernels.\n\nNOTE: A system reboot will be required immediately after the upgrade in order to replace the running kernel. Remember to read carefully and follow the instructions given during the kernel upgrade process.", "published": "2003-06-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-311", "cvelist": ["CVE-2003-0248", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0127", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244"], "lastseen": "2016-09-02T18:32:39"}, {"id": "DSA-442", "type": "debian", "title": "linux-kernel-2.4.17-s390 -- several vulnerabilities", "description": "Several security related problems have been fixed in the Linux kernel 2.4.17 used for the S/390 architecture, mostly by backporting fixes from 2.4.18 and incorporating recent security fixes. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project:\n\n * [CVE-2002-0429](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0429>): \n\nThe iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface (lcall).\n\n * [CAN-2003-0001](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001>): \n\nMultiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.\n\n * [CAN-2003-0244](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0244>): \n\nThe route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain.\n\n * [CAN-2003-0246](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0246>): \n\nThe ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.\n\n * [CAN-2003-0247](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0247>): \n\nA vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\").\n\n * [CAN-2003-0248](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0248>): \n\nThe mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.\n\n * [CAN-2003-0364](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0364>): \n\nThe TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.\n\n * [CAN-2003-0961](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961>): \n\nAn integer overflow in brk() system call (do_brk() function) for Linux allows a local attacker to gain root privileges. Fixed upstream in Linux 2.4.23.\n\n * [CAN-2003-0985](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985>): \n\nPaul Starzetz [discovered](<http://isec.pl/vulnerabilities/isec-0013-mremap.txt>) a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Version 2.2 is not affected by this bug. Fixed upstream in Linux 2.4.24.\n\n * [CAN-2004-0077](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0077>): \n\nPaul Starzetz and Wojciech Purczynski of isec.pl [discovered](<http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt>) a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.\n\nFor the stable distribution (woody) these problems have been fixed in version 2.4.17-2.woody.3 of s390 images and in version 0.0.20020816-0.woody.2 of the patch packages.\n\nFor the unstable distribution (sid) these problems will be fixed soon.\n\nWe recommend that you upgrade your Linux kernel packages immediately.\n\n[Vulnerability matrix](<CAN-2004-0077>) for CAN-2004-0077", "published": "2004-02-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-442", "cvelist": ["CVE-2003-0248", "CVE-2003-0961", "CVE-2003-0247", "CVE-2002-0429", "CVE-2003-0985", "CVE-2003-0364", "CVE-2003-0001", "CVE-2003-0246", "CVE-2003-0244", "CVE-2004-0077"], "lastseen": "2016-09-02T18:19:42"}]}}
