RedHatRHSA-2004:549(RHSA-2004:549) kernel security update
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.106 Low
EPSS
Percentile
94.5%
The Linux kernel handles the basic functions of the operating system.
This update includes fixes for several security issues:
A missing serialization flaw in unix_dgram_recvmsg was discovered that
affects kernels prior to 2.4.28. A local user could potentially make
use of a race condition in order to gain privileges. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-1068 to this issue.
Paul Starzetz of iSEC discovered various flaws in the ELF binary
loader affecting kernels prior to 2.4.28. A local user could use thse
flaws to gain read access to executable-only binaries or possibly gain
privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073)
A flaw when setting up TSS limits was discovered that affects AMD AMD64
and Intel EM64T architecture kernels prior to 2.4.23. A local user could
use this flaw to cause a denial of service (crash) or possibly gain
privileges. (CAN-2004-0812)
An integer overflow flaw was discovered in the ubsec_keysetup function
in the Broadcom 5820 cryptonet driver. On systems using this driver,
a local user could cause a denial of service (crash) or possibly gain
elevated privileges. (CAN-2004-0619)
Stefan Esser discovered various flaws including buffer overflows in
the smbfs driver affecting kernels prior to 2.4.28. A local user may be
able to cause a denial of service (crash) or possibly gain privileges.
In order to exploit these flaws the user would require control of
a connected Samba server. (CAN-2004-0883, CAN-2004-0949)
SGI discovered a bug in the elf loader that affects kernels prior to
2.4.25 which could be triggered by a malformed binary. On
architectures other than x86, a local user could create a malicious
binary which could cause a denial of service (crash). (CAN-2004-0136)
Conectiva discovered flaws in certain USB drivers affecting kernels
prior to 2.4.27 which used the copy_to_user function on uninitialized
structures. These flaws could allow local users to read small amounts
of kernel memory. (CAN-2004-0685)
All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | ia64 | kernel-unsupported | < 2.4.21-20.0.1.EL | kernel-unsupported-2.4.21-20.0.1.EL.ia64.rpm |
| RedHat | any | ia64 | kernel-source | < 2.4.21-20.0.1.EL | kernel-source-2.4.21-20.0.1.EL.ia64.rpm |
| RedHat | any | ia64 | kernel | < 2.4.21-20.0.1.EL | kernel-2.4.21-20.0.1.EL.ia64.rpm |
| RedHat | any | ia64 | kernel-doc | < 2.4.21-20.0.1.EL | kernel-doc-2.4.21-20.0.1.EL.ia64.rpm |
Related
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.106 Low
EPSS
Percentile
94.5%