Rapid7 Vulnerability & Exploit Database

RHSA-2003:088: New kernel 2.2 packages fix vulnerabilities

Back to Search

RHSA-2003:088: New kernel 2.2 packages fix vulnerabilities

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
03/31/2003
Created
07/25/2018
Added
10/28/2005
Modified
06/21/2018

Description

Updated kernel packages for Red Hat Linux 6.2 and 7.0 are now available that fix several security vulnerabilities.

The Linux kernel handles the basic functions of the operating system. A bug in the kernel module loader code allows a local user to gain root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0127 to this issue. Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0001 to this issue. The Linux 2.2 kernel allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-1380 to this issue. All users of Red Hat Linux 6.2 and 7 should upgrade to these errata packages, which contain version 2.2.24 of the Linux kernel with patches and are not vulnerable to these issues.

Solution(s)

  • redhat-upgrade-kernel
  • redhat-upgrade-kernel-boot
  • redhat-upgrade-kernel-doc
  • redhat-upgrade-kernel-enterprise
  • redhat-upgrade-kernel-headers
  • redhat-upgrade-kernel-ibcs
  • redhat-upgrade-kernel-pcmcia-cs
  • redhat-upgrade-kernel-smp
  • redhat-upgrade-kernel-source
  • redhat-upgrade-kernel-utils

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;