Detections
Analytics
Debian DSA-454-1 : linux-kernel-2.2.22-alpha - failing function and TLB flush
high Nessus Plugin ID 15291
Synopsis
The remote Debian host is missing a security-related update.Description
Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to flushing the TLB (Translation Lookaside Buffer, an address cache) too early it is possible for an attacker to trigger a local root exploit.The attack vectors for 2.4.x and 2.2.x kernels are exclusive for the respective kernel series, though. We formerly believed that the exploitable vulnerability in 2.4.x does not exist in 2.2.x which is still true. However, it turned out that a second (sort of) vulnerability is indeed exploitable in 2.2.x, but not in 2.4.x, with a different exploit, of course.
Solution
Upgrade the Linux kernel package.For the stable distribution (woody) this problem has been fixed in the following versions and architectures :
package arch version kernel-source-2.2.22 source 2.2.22-1woody1 kernel-image-2.2.22-alpha alpha 2.2.22-2 Vulnerability matrix for CAN-2004-0077
See Also
Plugin Details
Severity: High
ID: 15291
File Name: debian_DSA-454.nasl
Version: 1.27
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 9/29/2004
Updated: 1/4/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 6.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:kernel-image-2.2.22-alpha, p-cpe:/a:debian:debian_linux:kernel-source-2.2.22, cpe:/o:debian:debian_linux:3.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/2/2004
Reference Information
CVE: CVE-2004-0077
BID: 9686
CERT: 981222
DSA: 454