rhsa-2004_504
Vulnerability from csaf_redhat
Published
2004-12-13 20:17
Modified
2024-11-21 23:15
Summary
Red Hat Security Advisory: Updated Itanium kernel packages resolve security issues

Notes

Topic
Updated Itanium kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1. This is the sixth regular update.
Details
The Linux kernel handles the basic functions of the operating system. This is the sixth regular Itanium kernel update to Red Hat Enterprise Linux version 2.1. This kernel updates several important drivers and fixes a number of bugs. This update includes fixes for several security issues: Paul Starzetz of iSEC discovered various flaws in the ELF binary loader affecting kernels prior to 2.4.28. A local user could use these flaws to gain read access to executable-only binaries or possibly gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, and CAN-2004-1073 to these issues. A missing serialization flaw in unix_dgram_recvmsg was discovered that affects kernels prior to 2.4.28. A local user could potentially make use of a race condition in order to gain privileges. (CAN-2004-1068) SGI discovered a bug in the elf loader that affects kernels before 2.4.25 which could be triggered by a malformed binary. On architectures other than x86, a local user could create a malicious binary which could cause a denial of service (crash). (CAN-2004-0136) Stefan Esser discovered various flaws including buffer overflows in the smbfs driver affecting kernels before 2.4.28. A local user may be able to cause a denial of service (crash) or possibly gain privileges. In order to exploit these flaws the user would need to have control of a connected smb server. (CAN-2004-0883, CAN-2004-0949) A floating point information leak was discovered in the ia64 architecture context switch code in kernels before 2.4.27. A local user could use this flaw to read register values of other processes by setting the MFH bit. (CAN-2004-0565) Conectiva discovered flaws in certain USB drivers affecting kernels before 2.4.27 which used the copy_to_user function on uninitialized structures. These flaws could allow local users to read small amounts of kernel memory. (CAN-2004-0685) The ext3 and jfs code in kernels before 2.4.26 did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory. (CAN-2004-0177, CAN-2004-0181) The following drivers have been updated: * fusion to 2.05.16.16.02 * e1000 to 5.3.19-k2 * e100 to 3.0.27-k2 All Red Hat Enterprise Linux 2.1 users running Itanium are advised to upgrade their kernels to the packages listed in this erratum.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Itanium kernel packages are now available as part of ongoing\nsupport and maintenance of Red Hat Enterprise Linux version 2.1. This is\nthe sixth regular update.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Linux kernel handles the basic functions of the operating system.\n\nThis is the sixth regular Itanium kernel update to Red Hat Enterprise Linux\nversion 2.1. This kernel updates several important drivers and fixes a\nnumber of bugs.\n\nThis update includes fixes for several security issues:\n\nPaul Starzetz of iSEC discovered various flaws in the ELF binary\nloader affecting kernels prior to 2.4.28. A local user could use these\nflaws to gain read access to executable-only binaries or possibly gain\nprivileges.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CAN-2004-1070, CAN-2004-1071,\nCAN-2004-1072, and CAN-2004-1073 to these issues.\n\nA missing serialization flaw in unix_dgram_recvmsg was discovered that\naffects kernels prior to 2.4.28. A local user could potentially make\nuse of a race condition in order to gain privileges. (CAN-2004-1068)\n\nSGI discovered a bug in the elf loader that affects kernels before\n2.4.25 which could be triggered by a malformed binary. On\narchitectures other than x86, a local user could create a malicious\nbinary which could cause a denial of service (crash). (CAN-2004-0136)\n\nStefan Esser discovered various flaws including buffer overflows in\nthe smbfs driver affecting kernels before 2.4.28. A local user may be\nable to cause a denial of service (crash) or possibly gain privileges.\nIn order to exploit these flaws the user would need to have control of\na connected smb server. (CAN-2004-0883, CAN-2004-0949)\n\nA floating point information leak was discovered in the ia64 architecture\ncontext switch code in kernels before 2.4.27.  A local user could use this\nflaw to read register values of other processes by setting the MFH bit.\n(CAN-2004-0565)\n\nConectiva discovered flaws in certain USB drivers affecting kernels\nbefore 2.4.27 which used the copy_to_user function on uninitialized\nstructures.  These flaws could allow local users to read small amounts of\nkernel memory. (CAN-2004-0685)\n\nThe ext3 and jfs code in kernels before 2.4.26 did not properly initialize\njournal descriptor blocks.  A privileged local user could read portions of\nkernel memory.  (CAN-2004-0177, CAN-2004-0181)\n\nThe following drivers have been updated:\n\n* fusion to 2.05.16.16.02\n* e1000 to 5.3.19-k2\n* e100 to 3.0.27-k2\n\nAll Red Hat Enterprise Linux 2.1 users running Itanium are advised to\nupgrade their kernels to the packages listed in this erratum.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:504",
        "url": "https://access.redhat.com/errata/RHSA-2004:504"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "121034",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=121034"
      },
      {
        "category": "external",
        "summary": "121040",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=121040"
      },
      {
        "category": "external",
        "summary": "124832",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=124832"
      },
      {
        "category": "external",
        "summary": "126127",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=126127"
      },
      {
        "category": "external",
        "summary": "127385",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=127385"
      },
      {
        "category": "external",
        "summary": "127916",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=127916"
      },
      {
        "category": "external",
        "summary": "127920",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=127920"
      },
      {
        "category": "external",
        "summary": "131493",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=131493"
      },
      {
        "category": "external",
        "summary": "134722",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=134722"
      },
      {
        "category": "external",
        "summary": "134802",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=134802"
      },
      {
        "category": "external",
        "summary": "134876",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=134876"
      },
      {
        "category": "external",
        "summary": "137446",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=137446"
      },
      {
        "category": "external",
        "summary": "138443",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138443"
      },
      {
        "category": "external",
        "summary": "140712",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=140712"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_504.json"
      }
    ],
    "title": "Red Hat Security Advisory: Updated Itanium kernel packages resolve security issues",
    "tracking": {
      "current_release_date": "2024-11-21T23:15:04+00:00",
      "generator": {
        "date": "2024-11-21T23:15:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2004:504",
      "initial_release_date": "2004-12-13T20:17:00+00:00",
      "revision_history": [
        {
          "date": "2004-12-13T20:17:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-12-13T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:15:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-0138",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617159"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted ELF file with an interpreter with an invalid arch (architecture), which triggers a BUG() when an invalid VMA is unmapped.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0138"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617159",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617159"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0138",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0138"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0138",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0138"
        }
      ],
      "release_date": "2004-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-13T20:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:504"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0177",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617168"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0177"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617168",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617168"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0177",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0177"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0177",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0177"
        }
      ],
      "release_date": "2004-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-13T20:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:504"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0181",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617172"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0181"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617172",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617172"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0181",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0181"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0181",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0181"
        }
      ],
      "release_date": "2004-02-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-13T20:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:504"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0565",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617231"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0565"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617231",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617231"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0565"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0565",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0565"
        }
      ],
      "release_date": "2004-05-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-13T20:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:504"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0685",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617249"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0685"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617249",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617249"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0685",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0685"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0685",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0685"
        }
      ],
      "release_date": "2003-10-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-13T20:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:504"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0883",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617312"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0883"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617312",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617312"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0883"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0883",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0883"
        }
      ],
      "release_date": "2004-11-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-13T20:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:504"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0949",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617329"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0949"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617329",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617329"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0949",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0949"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0949",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0949"
        }
      ],
      "release_date": "2004-11-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-13T20:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:504"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-1068",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617362"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A \"missing serialization\" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1068"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617362",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617362"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1068",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1068"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1068",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1068"
        }
      ],
      "release_date": "2004-11-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-13T20:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:504"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-1070",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617363"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1070"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617363",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617363"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1070"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1070",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1070"
        }
      ],
      "release_date": "2004-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-13T20:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:504"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-1071",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617364"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1071"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617364",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617364"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1071",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1071"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1071",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1071"
        }
      ],
      "release_date": "2004-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-13T20:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:504"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-1072",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617365"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1072"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617365",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617365"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1072"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1072",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1072"
        }
      ],
      "release_date": "2004-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-13T20:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:504"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-1073",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617366"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1073"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617366",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617366"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1073",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1073"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1073",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1073"
        }
      ],
      "release_date": "2004-11-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-12-13T20:17:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:504"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.