Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-332
HistoryJun 27, 2003 - 12:00 a.m.

linux-kernel-2.4.17 - several vulnerabilities

2003-06-2700:00:00
Google
osv.dev
85

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

A number of vulnerabilities have been discovered in the Linux kernel.

  • CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for
    Linux kernels 2.4.18 and earlier on x86 systems allow local users to
    kill arbitrary processes via a binary compatibility interface
    (lcall)
  • CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device
    drivers do not pad frames with null bytes, which allows remote
    attackers to obtain information from previous packets or kernel
    memory by using malformed packets
  • CAN-2003-0127: The kernel module loader allows local users to gain
    root privileges by using ptrace to attach to a child process that is
    spawned by the kernel
  • CAN-2003-0244: The route cache implementation in Linux 2.4, and the
    Netfilter IP conntrack module, allows remote attackers to cause a
    denial of service (CPU consumption) via packets with forged source
    addresses that cause a large number of hash table collisions related
    to the PREROUTING chain
  • CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and
    earlier does not properly restrict privileges, which allows local
    users to gain read or write access to certain I/O ports.
  • CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel
    2.4 allows attackers to cause a denial of service (“kernel oops”)
  • CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers
    to modify CPU state registers via a malformed address.
  • CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux
    kernel 2.4 allows remote attackers to cause a denial of service (CPU
    consumption) via certain packets that cause a large number of hash
    table collisions

This advisory provides corrected source code for Linux 2.4.17, and
corrected binary kernel images for the mips and mipsel architectures.
Other versions and architectures will be covered by separate
advisories.

For the stable distribution (woody), these problems have been fixed in
kernel-source-2.4.17 version 2.4.17-1woody1 and
kernel-patch-2.4.17-mips version 2.4.17-0.020226.2.woody2.

For the unstable distribution (sid) these problems are fixed in
kernel-source-2.4.20 version 2.4.20-8.

We recommend that you update your kernel packages.

NOTE: A system reboot will be required immediately after the upgrade
in order to replace the running kernel. Remember to read carefully
and follow the instructions given during the kernel upgrade process.

Related

openvas 22
debian 15
nessus 29
osv 8
securityvulns 8
redhat 5
f5 2
cert 2
cve 12
ubuntucve 5
suse 1
saint 4
slackware 1
exploitpack 3
seebug 4
packetstorm 2
exploitdb 3
prion 4
paloalto 1
oracle 1
openvas
openvas
Debian Security Advisory DSA 311-1 (kernel)
2008-01-17 00:00:00
Debian Security Advisory DSA 311-1 (kernel)
2008-01-17 00:00:00
Debian Security Advisory DSA 332-1 (kernel-source-2.4.17, kernel-patch-2.4.17-mips)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA-312-1] New powerpc kernel fixes several vulnerabilities
2003-06-10 03:42:32
[SECURITY] [DSA-332-1] New Linux 2.4.17 source code and MIPS kernel images fix several vulnerabilities
2003-06-29 01:44:01
[SECURITY] [DSA-311-1] New kernel packages fix several vulnerabilities
2003-06-09 01:26:02
nessus
nessus
Debian DSA-332-1 : linux-kernel-2.4.17 - several vulnerabilities
2004-09-29 00:00:00
Debian DSA-311-1 : linux-kernel-2.4.18 - several vulnerabilities
2004-09-29 00:00:00
Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities
2004-09-29 00:00:00
osv
osv
linux-kernel-2.4.18 - several vulnerabilities
2003-06-08 00:00:00
kernel-patch-2.4.18-powerpc - several vulnerabilities
2003-06-09 00:00:00
linux-kernel-2.2.20 - several vulnerabilities
2003-06-29 00:00:00
securityvulns
securityvulns
MDKSA-2003:066 - Updated kernel packages fix multiple vulnerabilities
2003-06-21 00:00:00
[RHSA-2003:172-00] Updated 2.4 kernel fixes security vulnerabilities and various bugs
2003-05-15 00:00:00
[ESA-20030318-009] Several 'kernel' vulnerabilities
2003-03-19 00:00:00
redhat
redhat
(RHSA-2003:195) kernel security update
2003-06-19 00:00:00
(RHSA-2003:147) kernel security update
2003-05-29 00:00:00
(RHSA-2003:145) Updated kernel fixes security vulnerabilities and updates drivers
2003-05-27 00:00:00
f5
f5
SOL2591 - Linux kernel vulnerabilities - CAN-2003-0244, CAN-2003-0246
2007-05-16 00:00:00
Linux kernel vulnerabilities CAN-2003-0244 and CAN-2003-0246
2007-05-17 04:00:00
cert
cert
ptrace contains vulnerability allowing for local root compromise
2004-04-16 00:00:00
Network device drivers reuse old frame buffer data to pad packets
2003-01-06 00:00:00
cve
cve
CVE-2003-0246
2003-06-16 04:00:00
CVE-2003-0364
2003-06-16 04:00:00
CVE-2003-0248
2003-06-16 04:00:00
ubuntucve
ubuntucve
CVE-2003-0246
2003-06-16 00:00:00
CVE-2003-0127
2003-03-31 00:00:00
CVE-2003-0244
2003-05-27 00:00:00
suse
suse
local privilege escalation in kernel
2003-03-25 17:27:05
saint
saint
Linux kernel ptrace privilege elevation vulnerability
2007-06-27 00:00:00
Linux kernel ptrace privilege elevation vulnerability
2007-06-27 00:00:00
Linux kernel ptrace privilege elevation vulnerability
2007-06-27 00:00:00
slackware
slackware
2.4.21 kernels available
2003-06-17 22:01:21
exploitpack
exploitpack
Cisco ASA 8.4.4.6 8.2.5.32 - Ethernet Information Leak
2013-06-10 00:00:00
Ethernet Device Drivers Frame Padding - Etherleak Infomation Leakage
2007-03-23 00:00:00
Linux Kernel 2.0.x2.2.x2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
2007-03-23 00:00:00
seebug
seebug
Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure
2014-07-01 00:00:00
Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak
2014-07-01 00:00:00
Ethernet Device Drivers Frame Padding - Info Leakage Exploit (Etherleak)
2014-07-01 00:00:00
packetstorm
packetstorm
Cisco ASA Ethernet Information Leak
2013-06-10 00:00:00
etherleak.txt
2007-03-24 00:00:00
exploitdb
exploitdb
Cisco ASA &lt; 8.4.4.6 &lt; 8.2.5.32 - Ethernet Information Leak
2013-06-10 00:00:00
Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
2007-03-23 00:00:00
Ethernet Device Drivers Frame Padding - &#039;Etherleak&#039; Infomation Leakage
2007-03-23 00:00:00
prion
prion
Sql injection
2013-07-11 14:55:00
Design/Logic Flaw
2018-01-10 22:29:00
Information disclosure
2021-01-13 18:15:00
paloalto
paloalto
PAN-OS: Information exposure in Ethernet data frame construction (Etherleak)
2021-01-13 17:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for OSV:DSA-332
openvas22debian15nessus29osv8securityvulns8redhat5f52cert2cve12ubuntucve5suse1saint4slackware1exploitpack3seebug4packetstorm2exploitdb3prion4paloalto1oracle1