Rapid7 Vulnerability & Exploit Database

RHSA-2003:172: Updated 2.4 kernel fixes security vulnerabilities and various bugs

Back to Search

RHSA-2003:172: Updated 2.4 kernel fixes security vulnerabilities and various bugs

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
08/27/2003
Created
07/25/2018
Added
10/28/2005
Modified
06/21/2018

Description

Updated kernel packages that fix a remote denial of service vulnerability in the TCP/IP stack, and a local privilege vulnerability, are now available. [Updated 28 August 2003] Added CAN-2003-0187 and CAN-2003-0619 to the list of security issues that were fixed by this advisory (there are no changes to the packages themselves).

The Linux kernel handles the basic functions of the operating system. The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled (or the ip_conntrack module loaded), allows remote attackers to cause a denial of service (resource consumption). This causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0187 to this issue. A flaw has been found in several hash table implementations in the kernel networking code. A remote attacker could send packets with carefully chosen, forged source addresses in such a way as to make every routing cache entry get hashed into the same hash chain. The result would be that the kernel would use a disproportionate amount of processor time to deal with new packets, resulting in a remote denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0244 to this issue. A flaw has been found in the "ioperm" system call, which fails to properly restrict privileges. This flaw can allow an unprivileged local user to gain read and write access to I/O ports on the system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0246 to this issue. An integer signedness error in the Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0619 to this issue. All users should upgrade to these updated packages, which are not vulnerable to these issues.

Solution(s)

  • redhat-upgrade-kernel
  • redhat-upgrade-kernel-bigmem
  • redhat-upgrade-kernel-boot
  • redhat-upgrade-kernel-doc
  • redhat-upgrade-kernel-smp
  • redhat-upgrade-kernel-source
  • redhat-upgrade-oprofile

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;