Summary
The remote host is missing an update to kernel-image-2.4.17-hppa announced via advisory DSA 470-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20470-1
Insight
Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the mips kernel 2.4.19 for Debian GNU/Linux. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update:
CVE-2003-0961:
An integer overflow in brk() system call (do_brk() function) for Linux allows a local attacker to gain root privileges. Fixed upstream in Linux 2.4.23.
CVE-2003-0985:
Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Version 2.2 is not affected by this bug. Fixed upstream in Linux 2.4.24.
CVE-2004-0077:
Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.
For the stable distribution (woody) these problems have been fixed in version 32.3 of kernel-image-2.4.17-hppa.
For the unstable distribution (sid) these problems have been fixed in version 2.4.25-1 of kernel-image-2.4.25-hppa.
We recommend that you upgrade your Linux kernel packages immediately.
Severity
Classification
-
CVE CVE-2003-0961, CVE-2003-0985, CVE-2004-0077 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities