Gentoo: Critical Security Vulnerabilities in Network Services - 202309-02
gentoo
August 14, 2003
There are multiple vulnerabilities in Gentoo Linux source tree.
Summary
GENTOO LINUX SECURITY ANNOUNCEMENT 200308-01
- - quotes from CVE:
"The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions."
"The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports."
"A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash)."
SOLUTION
It is recommended that all Gentoo Linux users who are running sys-kernel/gentoo-sources upgrade to gentoo-sources-2.4.20-r6 as follows
emerge sync emerge gentoo-sources emerge clean
After that, compile, install and reboot your computer to complete the upgrade.
...Read the Full Advisory
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : gentoo-sources
SUMMARY : multiple vulnerabilities
DATE : 2003-08-14 12:16 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =gentoo-sources-2.4.20-r6
CVE : CAN-2003-0244 CAN-2003-0246 CAN-2003-0462
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!