Summary
The remote host is missing an update as announced
via advisory SSA:2004-119-01.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-119-01
Insight
New kernel packages are available for Slackware 9.1 and -current to fix security issues. Also available are new kernel modules packages (including alsa-driver), and a new version of the hotplug package for Slackware 9.1 containing some fixes for using 2.4.26 (and 2.6.x) kernel modules.
The most serious of the fixed issues is an overflow in ip_setsockopt(), which could allow a local attacker to gain root access, or to crash or reboot the machine. This bug affects 2.4 kernels from 2.4.22 - 2.4.25.
Any sites running one of those kernel versions should upgrade right away. After installing the new kernel, be sure to run 'lilo'.
More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0424
Severity
Classification
-
CVE CVE-2004-0394, CVE-2004-0424 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities