Detections
Analytics

Fedora 2005-014 Security Check

high Log Correlation Engine Plugin ID 801564

Synopsis

The remote host is missing a security update.

Description

This update rebases the kernel to match the upstream 2.6.10 release,
and adds a number of security fixes by means of adding the latest -ac
patch.

CVE-2004-1235 Paul Starzetz from isec.pl found a problem in the binary
format loaders uselib() function that could lead to potential
priveledge escalation.
http://isec.pl/vulnerabilities/isec-0021-uselib.txt

NO-CAN-ASSIGNED Brad Spengler found several problems.

 - An integer overflow in the random poolsize sysctl
 handler.

 - SCSI ioctl integer overflow and information leak.

 - RLIMIT_MEMLOCK bypass and unprivileged user DoS.

NO-CAN-ASSIGNED Coverity Inc. found a number of bugs with their
automated source checker in coda, xfs, network bridging, rose network
protocol, and the sdla wan driver. http://linuxbugs.coverity.com

Solution

Update the affected package(s).

See Also

http://linuxbugs.coverity.com

http://isec.pl/vulnerabilities/isec-0021-uselib.txt

http://www.nessus.org/u?64785c4c

Plugin Details

Severity: High

ID: 801564

Family: Generic

Reference Information

CVE: CVE-2004-1235